Zaij Posted January 17, 2009 Posted January 17, 2009 Alright, so whatever it is, it has a few nasty effects. First, whenever I click a link in a google search it doesnt go to it, it merely opens up a newtab in firefox and goes to some advertisement. Secondly, whenever I try and go to any of the really major online tech places it doesnt let me though. Here's a hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:21:36 AM, on 1/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\Winamp\winampa.exe D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe D:\Program Files\Java\jre6\bin\jusched.exe D:\Program Files\iTunes\iTunesHelper.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\DAEMON Tools Lite\daemon.exe D:\Program Files\Curse\CurseClient.exe D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Program Files\Java\jre6\bin\jqs.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe D:\Program Files\Skype\Plugin Manager\skypePM.exe D:\Program Files\Windows Live\Messenger\usnsvc.exe D:\WINDOWS\system32\ntvdm.exe D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE D:\WINDOWS\system32\ntvdm.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\WINDOWS\system32\drivers\svchost.exe D:\WINDOWS\system32\ntvdm.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [CurseClient] D:\Program Files\Curse\CurseClient.exe -silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [sVCHOST.EXE] D:\WINDOWS\system32\drivers\svchost.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227374627256 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe -- End of file - 5653 bytes I'm at my wits end here. Please help! Sincerely, Zaij.
rridgely Posted January 17, 2009 Posted January 17, 2009 Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Zaij Posted January 17, 2009 Author Posted January 17, 2009 Unfortunately, just as this damn thing stops me going to other help websites, it's not allowing me to download SDfix. Is there any chance anyone can put it on rapidshare or something, perhaps under a different name to SDfix just in case? Thanks again, Zaij.
rridgely Posted January 17, 2009 Posted January 17, 2009 http://rapidshare.com/files/185070585/lunarsoft.exe.html
Administrator Tarun Posted January 17, 2009 Administrator Posted January 17, 2009 This sounds like the TDSS rootkit I've seen a lot of recently. It won't let Malwarebytes or SUPERAntiSpyware install. Renaming them usually does the trick.
rridgely Posted January 17, 2009 Posted January 17, 2009 I like sdfix with these backdoor trojan/rootkit infections because it will reset a lot the stuff that they screw up. (network settings, ect.) Combofix will do some of this as well. http://downloads.andymanchesta.com/Removal...DFix_ReadMe.htm You can see all of the stuff andy has programed it to remove on there. Zaij shouldn't have to rename anything or have any redirects after running sdfix. Then it would be a good idea to run a scan with superantispyware and maybe kaspersky online as well. I'm gone for the day, so here are the steps for those. Come back with all the logs and I'm sure you'll get some help. Download SuperantispywareLoad Superantispyware and click the check for updates button. Once the update is finished click the scan your computer button.Check Perform Complete Scan and then next.Superantispyware will now scan your computer and when its finished it will list all the infections it has found.Make sure that they all have a check next to them and press next.Click finish and you will be taken back to the main interface.Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear. Copy and paste the log onto the forum. Run Kaspersky WebScannerPlease go HERE and click Kaspersky Online ScannerRead and Accept the AgreementYou will be promted to install an ActiveX component from Kaspersky, Click Yes.If you see a Windows dialog asking if you want to install this software, click the Install button. The program will launch and then begin downloading the latest definition files,When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it. Click on the Scan Settings button, and in the next window select the Extended database, and click Ok. Under "Please select a target to scan:", click My Computer to start the scan.When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.Paste kaspersky log onto forum.
Zaij Posted January 17, 2009 Author Posted January 17, 2009 Well, after running sdfix things seem to be running as normal. Here's the SDFIX log: SDFix: Version 1.240 Run by Anna on Sun 01/18/2009 at 09:06 AM Microsoft Windows XP [Version 5.1.2600] Running From: D:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: D:\WINDOWS\system32\drivers\svchost.exe - Deleted D:\WINDOWS\system32\drivers\TDSSmaxt.sys - Deleted D:\WINDOWS\system32\TDSSoeqh.dll - Deleted D:\WINDOWS\system32\TDSSnrsr.dll - Deleted D:\WINDOWS\system32\TDSSriqp.dll - Deleted D:\WINDOWS\system32\TDSScfub.dll - Deleted D:\WINDOWS\system32\TDSSfpmp.dll - Deleted D:\WINDOWS\system32\TDSSosvn.dat - Deleted D:\WINDOWS\system32\TDSStkdv.log - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 09:09:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="D:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:e7,36,36,ca,1c,12,07,74,1e,6a,c8,53,92,1e,65,ac,6c,f2,a1,7b,5a,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,dc,7c,ca,eb,ec,99,a8,98,34,29,e4,8d,00,77,55,f6,32,.. "khjeh"=hex:b3,72,52,09,19,44,ef,28,ce,88,82,33,2c,6a,08,42,ab,8c,87,5f,ea,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:5c,47,5b,ed,14,2c,a8,30,a3,ed,96,9b,26,bf,0e,c4,17,ea,33,b8,ad,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="D:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:e7,36,36,ca,1c,12,07,74,1e,6a,c8,53,92,1e,65,ac,6c,f2,a1,7b,5a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,dc,7c,ca,eb,ec,99,a8,98,34,29,e4,8d,00,77,55,f6,32,.. "khjeh"=hex:b3,72,52,09,19,44,ef,28,ce,88,82,33,2c,6a,08,42,ab,8c,87,5f,ea,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:5c,47,5b,ed,14,2c,a8,30,a3,ed,96,9b,26,bf,0e,c4,17,ea,33,b8,ad,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\games\\Steam\\steamapps\\teasr61@hotmail.com\\counter-strike source\\hl2.exe"="C:\\games\\Steam\\steamapps\\teasr61@hotmail.com\\counter-strike source\\hl2.exe:*:Enabled:hl2" "D:\\Program Files\\Curse\\CurseClient.exe"="D:\\Program Files\\Curse\\CurseClient.exe:*:Enabled:Curse Client" "D:\\Program Files\\Ventrilo\\Ventrilo.exe"="D:\\Program Files\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo.exe" "D:\\Program Files\\Ares\\Ares.exe"="D:\\Program Files\\Ares\\Ares.exe:*:Disabled:Ares p2p for windows" "D:\\Program Files\\SoulseekNS\\slsk.exe"="D:\\Program Files\\SoulseekNS\\slsk.exe:*:Disabled:SoulSeek" "D:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "%windir%\\system32\\drivers\\svchost.exe"="%windir%\\system32\\drivers\\svchost.exe:*:Enabled:svchost" "D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\system32\\drivers\\svchost.exe"="%windir%\\system32\\drivers\\svchost.exe:*:Enabled:svchost" Remaining Files : File Backups: - D:\SDFix\backups\backups.zip Files with Hidden Attributes : Finished! AND THE HIJACK THIS LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:12:36 AM, on 1/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Program Files\Java\jre6\bin\jqs.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe D:\WINDOWS\system32\wuauclt.exe D:\WINDOWS\system32\notepad.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\Winamp\winampa.exe D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe D:\Program Files\Java\jre6\bin\jusched.exe D:\Program Files\iTunes\iTunesHelper.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\DAEMON Tools Lite\daemon.exe D:\Program Files\Curse\CurseClient.exe D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Skype\Plugin Manager\skypePM.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [CurseClient] D:\Program Files\Curse\CurseClient.exe -silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227374627256 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe -- End of file - 5238 bytes As I said, everything seems to be running fine now, but I'll run kaspersky and so on anyway just to make double super duper safe Thanks a lot guys, you've really taken a load off my mind.
Zaij Posted January 18, 2009 Author Posted January 18, 2009 Looks like my computer isn't as clean as I'd hoped :( SUPERANTISPYWARE SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/18/2009 at 11:19 AM Application Version : 4.24.1004 Core Rules Database Version : 3714 Trace Rules Database Version: 1689 Scan type : Complete Scan Total Scan Time : 00:17:20 Memory items scanned : 534 Memory threats detected : 0 Registry items scanned : 6038 Registry threats detected : 7 File items scanned : 14581 File threats detected : 137 Adware.Tracking Cookie D:\Documents and Settings\Anna\Cookies\anna@antiviruspremiumscanner[1].txt D:\Documents and Settings\Anna\Cookies\anna@protectionfastscanner[1].txt D:\Documents and Settings\Anna\Cookies\anna@antiviruspowerfulscanner[1].txt D:\Documents and Settings\Anna\Cookies\anna@yieldmanager[1].txt D:\Documents and Settings\Anna\Cookies\anna@at.atwola[2].txt D:\Documents and Settings\Anna\Cookies\anna@media.sensis.com[2].txt D:\Documents and Settings\Anna\Cookies\anna@ads.admaxasia[2].txt D:\Documents and Settings\Anna\Cookies\anna@clicktorrent[1].txt D:\Documents and Settings\Anna\Cookies\anna@ads.think-adz[1].txt D:\Documents and Settings\Anna\Cookies\anna@adecn[2].txt D:\Documents and Settings\Anna\Cookies\anna@ads.easy-forex[1].txt D:\Documents and Settings\Anna\Cookies\anna@6077.65.clickshield[1].txt D:\Documents and Settings\Anna\Cookies\anna@ads3.think-adz[1].txt D:\Documents and Settings\Anna\Cookies\anna@antivirus-live-scanner[1].txt D:\Documents and Settings\Anna\Cookies\anna@rotator.its.adjuggler[1].txt D:\Documents and Settings\Anna\Cookies\anna@cgi-bin[2].txt D:\Documents and Settings\Anna\Cookies\anna@5649.87.clickshield[1].txt D:\Documents and Settings\Anna\Cookies\anna@sensismediasmart.com[1].txt D:\Documents and Settings\Anna\Cookies\anna@mediaonenetwork[1].txt D:\Documents and Settings\Anna\Cookies\anna@media6degrees[1].txt D:\Documents and Settings\Anna\Cookies\anna@6027.3496.clickshield[1].txt D:\Documents and Settings\Anna\Cookies\anna@atdmt[4].txt D:\Documents and Settings\Anna\Cookies\anna@doubleclick[3].txt D:\Documents and Settings\Anna\Cookies\anna@wmvmedialease[1].txt D:\Documents and Settings\Anna\Cookies\anna@advancedscanner[2].txt D:\Documents and Settings\Anna\Cookies\anna@www.checkmystats.com[2].txt D:\Documents and Settings\Anna\Cookies\anna@ad.media-servers[1].txt D:\Documents and Settings\Anna\Cookies\anna@casalemedia[1].txt D:\Documents and Settings\Anna\Cookies\anna@adopt.euroclick[1].txt D:\Documents and Settings\Anna\Cookies\anna@stats.paypal[1].txt D:\Documents and Settings\Anna\Cookies\anna@tacoda[2].txt D:\Documents and Settings\Anna\Cookies\anna@servedby.adxpower[2].txt D:\Documents and Settings\Anna\Cookies\anna@tribalfusion[2].txt D:\Documents and Settings\Anna\Cookies\anna@tribalfusion[3].txt D:\Documents and Settings\Anna\Cookies\anna@www.incentaclick[2].txt D:\Documents and Settings\Anna\Cookies\anna@serving-sys[3].txt D:\Documents and Settings\Anna\Cookies\anna@a.websponsors[2].txt D:\Documents and Settings\Anna\Cookies\anna@atdmt[3].txt D:\Documents and Settings\Anna\Cookies\anna@advertising[1].txt D:\Documents and Settings\Anna\Cookies\anna@ads3.think-adz[2].txt D:\Documents and Settings\Anna\Cookies\anna@adtech[1].txt D:\Documents and Settings\Anna\Cookies\anna@www.movableadnetwork[2].txt D:\Documents and Settings\Anna\Cookies\anna@statse.webtrendslive[2].txt D:\Documents and Settings\Anna\Cookies\anna@mansion.122.2o7[1].txt D:\Documents and Settings\Anna\Cookies\anna@fastclick[1].txt D:\Documents and Settings\Anna\Cookies\anna@ad.zanox[2].txt D:\Documents and Settings\Anna\Cookies\anna@fastclick[2].txt D:\Documents and Settings\Anna\Cookies\anna@ads.mediamayhemcorp[1].txt D:\Documents and Settings\Anna\Cookies\anna@www.ticketsnow2[1].txt D:\Documents and Settings\Anna\Cookies\anna@pro-market[2].txt D:\Documents and Settings\Anna\Cookies\anna@bs.serving-sys[1].txt D:\Documents and Settings\Anna\Cookies\anna@prosecurityclicks[1].txt D:\Documents and Settings\Anna\Cookies\anna@2o7[1].txt D:\Documents and Settings\Anna\Cookies\anna@ad.yieldmanager[1].txt D:\Documents and Settings\Anna\Cookies\anna@adserver.easyad[1].txt D:\Documents and Settings\Anna\Cookies\anna@atdmt[2].txt D:\Documents and Settings\Anna\Cookies\anna@doubleclick[1].txt D:\Documents and Settings\Anna\Cookies\anna@doubleclick[2].txt D:\Documents and Settings\Anna\Cookies\anna@incentaclick[2].txt D:\Documents and Settings\Anna\Cookies\anna@optimost[1].txt D:\Documents and Settings\Anna\Cookies\anna@protected-clicks-system[2].txt D:\Documents and Settings\Anna\Cookies\anna@serving-sys[1].txt D:\Documents and Settings\Anna\Cookies\anna@xiti[1].txt D:\Documents and Settings\Anna\Cookies\anna@zedo[1].txt Rogue.Component/Trace HKLM\Software\Microsoft\50889710 HKLM\Software\Microsoft\50889710#50889710 HKLM\Software\Microsoft\50889710#Version HKLM\Software\Microsoft\50889710#50883a90 HKLM\Software\Microsoft\50889710#50885375 HKU\S-1-5-21-1085031214-1637723038-1801674531-1001\Software\Microsoft\CS41275 HKU\S-1-5-21-1085031214-1637723038-1801674531-1001\Software\Microsoft\FIAS4018 Adware.AdRotate/System D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP109\A0024034.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030177.DLL Adware.SideSearch/SideBar D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP109\A0024035.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP114\A0031297.DLL Adware.SpeedRunner D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030129.EXE Trojan.Dropper/Gen-Packed D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030130.EXE Trojan.Unclassified/TestCPV D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030133.DLL Adware.Vundo/Variant-Greek D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030135.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030137.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030138.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030207.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030211.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030212.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030214.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030215.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP125\A0036414.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP128\A0038820.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041034.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041035.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041036.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041039.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041040.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041044.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041045.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041047.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041048.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041049.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041050.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041052.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041053.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041055.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041056.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041057.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041058.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041061.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041063.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041064.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041065.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041066.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041067.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041068.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041069.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041070.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041071.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041072.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041076.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041078.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041079.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041082.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041086.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041087.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041090.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041092.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041093.DLL Browser Hijacker.MJCore D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030136.DLL Adware.Vundo/Variant D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030147.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030210.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP125\A0036413.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP131\A0039979.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP136\A0041283.DLL Trojan.Unclassified/BrowserDriver D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030198.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030205.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP135\A0041177.EXE Trojan.Dropper-NET/TMP D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030203.EXE Adware.Vundo/Variant-Checkers D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP126\A0036570.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041042.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041054.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041080.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041081.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041083.DLL Adware.Vundo Variant D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041046.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041062.DLL Adware.ThinkAdz D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP135\A0041179.EXE KASPERSKY -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, January 18, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, January 17, 2009 22:33:49 Records in database: 1638606 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ H:\ Scan statistics: Files scanned: 79342 Threat name: 42 Infected objects: 59 Suspicious objects: 0 Duration of the scan: 00:53:02 File name / Threat name / Threats count C:\Downloads\Torrent\temp\TinyXP.Christmas.2008.Edition.eXPerience.iso Infected: not-a-virus:RiskTool.Win32.HideWindows 1 D:\Documents and Settings\Anna\Application Data\Google\mjkspc.dll Infected: Trojan.Win32.Inject.ner 1 D:\Qoobox\Quarantine\D\Documents and Settings\Anna\Application Data\gadcom\gadcom.exe.vir Infected: Trojan.Win32.Agent.asmf 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\ajahqbws.dll.vir Infected: Trojan.Win32.Monder.anch 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\bmvoconj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gca 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\diezil.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fxo 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\dnlnhahh.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fxo 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\dqnbafqg.dll.vir Infected: Trojan.Win32.Monder.aawl 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\dwwnw64r.exe.vir Infected: Trojan-Downloader.Win32.Agent.afzg 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\etwagghr.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gby 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\evp\peco85IV.exe.vir Infected: Trojan-Downloader.Win32.Agent.afzg 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\eyombxlj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gby 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\fetfhe.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqw 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\fjhvuafj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fze 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\fssbevik.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fyn 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\fwwffmlu.dll.vir Infected: Trojan.Win32.Monder.acfc 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\g44.exe.vir Infected: Trojan-Clicker.Win32.Agent.btf 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\geBRLdCV.dll.vir Infected: Trojan.Win32.Agent.asus 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\gside.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ymu 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\gvmaonvo.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fza 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\hbvpzsnmgdn.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.iaw 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\jhhkakls.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqi 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\jizahj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gby 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\jruggo.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gby 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\knegxahl.dll.vir Infected: Trojan.Win32.Monder.akun 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\ksmkunje.dll.vir Infected: Packed.Win32.PolyCrypt.d 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\kudzbr.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fyn 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\ljsecihl.dll.vir Infected: Trojan.Win32.Monder.aaxd 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\ltjxgemd.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqw 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\lxemkg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fze 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\mgbqpacs.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exz 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\mwyxlz.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exy 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\nhpgpx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gca 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\nnnmkKBR.dll.vir Infected: Trojan.Win32.Agent.atfd 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\npphjcsw.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gcb 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\opnmLbAQ.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.amwh 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\pepmppad.dll.vir Infected: Trojan.Win32.Monder.adsq 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\rqwnw64o.exe.vir Infected: Trojan-Downloader.Win32.Agent.afzg 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\scntssdl.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ca 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\spxglrbx.dll.vir Infected: Trojan.Win32.DieMast.n 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\taxbmm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gbb 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\tbpqacpe.dll.vir Infected: Trojan.Win32.Monder.aktu 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\tlacxm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqi 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\trakdwec.dll.vir Infected: Trojan-Dropper.Win32.Agent.abjb 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\txlhfnuy.dll.vir Infected: Trojan.Win32.Monder.afxn 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\uXPi02\uXPi022328.exe.vir Infected: Trojan-Downloader.Win32.VB.jci 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\vocfnd.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gcb 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\wlmurrbe.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gbb 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\xafndtdp.dll.vir Infected: Trojan.Win32.Monder.aaxd 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\xvnxvbda.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exy 1 D:\Qoobox\Quarantine\D\WINDOWS\system32\ybdsmm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fza 1 D:\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.Agent.bdfu 1 D:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.TDSS.bkw 1 D:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.TDSS.blh 1 D:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.TDSS.asz 1 D:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.TDSS.atb 1 D:\SDFix\backups\catchme.zip Infected: Rootkit.Win32.TDSS.dbg 1 D:\SDFix\backups\catchme.zip Infected: Trojan.Win32.Patched.dw 1 D:\WINDOWS\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1 The selected area was scanned.
Administrator Tarun Posted January 18, 2009 Administrator Posted January 18, 2009 You can safely remove items in your System Restore. Go to Start > All Programs > Accessories > System Tools > System Restore Create a new Restore Point and title it accordingly, such as "Removed rookit". Now go to My Computer > right click your hard drive > Properties Click Disk Cleanup Click More Options tab and then click Clean up under System Restore. This will clean up all but your more recent restore point (which you just created) Please download my Anti-Malware Toolkit and get the Professional package. (Since you have SUPERAntiSpyware you can uncheck it in the list) Then follow the directions in the PC Cleanup guide. After that, please post a HijackThis log.
rridgely Posted January 18, 2009 Posted January 18, 2009 Besides doing what tarun said, you should delete these folders: D:\Qoobox <- folder D:\SDFix <-folder You don't have anymore active infections so after following tarun's steps to clean up your system restore and deleting the above your computer should come up clean in any additional scans.
Recommended Posts