Jump to content

Weird adware/malware

Zaij

By Zaij
in Resolved Logs

 Share

Recommended Posts

Zaij Newbie

Zaij

Posted
Posted

Alright, so whatever it is, it has a few nasty effects. First, whenever I click a link in a google search it doesnt go to it, it merely opens up a newtab in firefox and goes to some advertisement. Secondly, whenever I try and go to any of the really major online tech places it doesnt let me though. Here's a hijack this log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:21:36 AM, on 1/18/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\Winamp\winampa.exe

D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

D:\Program Files\Java\jre6\bin\jusched.exe

D:\Program Files\iTunes\iTunesHelper.exe

D:\Program Files\Windows Live\Messenger\msnmsgr.exe

D:\Program Files\DAEMON Tools Lite\daemon.exe

D:\Program Files\Curse\CurseClient.exe

D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

D:\Program Files\Skype\Phone\Skype.exe

D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

D:\Program Files\iPod\bin\iPodService.exe

D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

D:\Program Files\Skype\Plugin Manager\skypePM.exe

D:\Program Files\Windows Live\Messenger\usnsvc.exe

D:\WINDOWS\system32\ntvdm.exe

D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

D:\WINDOWS\system32\ntvdm.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\WINDOWS\system32\drivers\svchost.exe

D:\WINDOWS\system32\ntvdm.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [CurseClient] D:\Program Files\Curse\CurseClient.exe -silent

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sVCHOST.EXE] D:\WINDOWS\system32\drivers\svchost.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227374627256

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5653 bytes

I'm at my wits end here. Please help!

Sincerely,

Zaij.

Link to comment
Share on other sites
rridgely Contributor

 rridgely

Posted
Posted

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Link to comment
Share on other sites
Zaij Newbie

Zaij

Posted
  • Author
Posted

Unfortunately, just as this damn thing stops me going to other help websites, it's not allowing me to download SDfix. Is there any chance anyone can put it on rapidshare or something, perhaps under a different name to SDfix just in case?

Thanks again,

Zaij.

Link to comment
Share on other sites
rridgely Contributor

 rridgely

Posted
Posted

I like sdfix with these backdoor trojan/rootkit infections because it will reset a lot the stuff that they screw up. (network settings, ect.)

Combofix will do some of this as well.

http://downloads.andymanchesta.com/Removal...DFix_ReadMe.htm

You can see all of the stuff andy has programed it to remove on there.

Zaij shouldn't have to rename anything or have any redirects after running sdfix. Then it would be a good idea to run a scan with superantispyware and maybe kaspersky online as well.

I'm gone for the day, so here are the steps for those. Come back with all the logs and I'm sure you'll get some help. :P

Download Superantispyware

  1. Load Superantispyware and click the check for updates button.
  2. Once the update is finished click the scan your computer button.
  3. Check Perform Complete Scan and then next.
  4. Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  5. Make sure that they all have a check next to them and press next.
  6. Click finish and you will be taken back to the main interface.
  7. Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  8. Copy and paste the log onto the forum.

Run Kaspersky WebScanner

  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  • Paste kaspersky log onto forum.

Link to comment
Share on other sites
Zaij Newbie

Zaij

Posted
  • Author
Posted

Well, after running sdfix things seem to be running as normal. Here's the SDFIX log:

SDFix: Version 1.240

Run by Anna on Sun 01/18/2009 at 09:06 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: D:\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

D:\WINDOWS\system32\drivers\svchost.exe - Deleted

D:\WINDOWS\system32\drivers\TDSSmaxt.sys - Deleted

D:\WINDOWS\system32\TDSSoeqh.dll - Deleted

D:\WINDOWS\system32\TDSSnrsr.dll - Deleted

D:\WINDOWS\system32\TDSSriqp.dll - Deleted

D:\WINDOWS\system32\TDSScfub.dll - Deleted

D:\WINDOWS\system32\TDSSfpmp.dll - Deleted

D:\WINDOWS\system32\TDSSosvn.dat - Deleted

D:\WINDOWS\system32\TDSStkdv.log - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-18 09:09:56

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="D:\Program Files\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:e7,36,36,ca,1c,12,07,74,1e,6a,c8,53,92,1e,65,ac,6c,f2,a1,7b,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,dc,7c,ca,eb,ec,99,a8,98,34,29,e4,8d,00,77,55,f6,32,..

"khjeh"=hex:b3,72,52,09,19,44,ef,28,ce,88,82,33,2c,6a,08,42,ab,8c,87,5f,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:5c,47,5b,ed,14,2c,a8,30,a3,ed,96,9b,26,bf,0e,c4,17,ea,33,b8,ad,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="D:\Program Files\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:e7,36,36,ca,1c,12,07,74,1e,6a,c8,53,92,1e,65,ac,6c,f2,a1,7b,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,dc,7c,ca,eb,ec,99,a8,98,34,29,e4,8d,00,77,55,f6,32,..

"khjeh"=hex:b3,72,52,09,19,44,ef,28,ce,88,82,33,2c,6a,08,42,ab,8c,87,5f,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:5c,47,5b,ed,14,2c,a8,30,a3,ed,96,9b,26,bf,0e,c4,17,ea,33,b8,ad,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\\games\\Steam\\steamapps\\teasr61@hotmail.com\\counter-strike source\\hl2.exe"="C:\\games\\Steam\\steamapps\\teasr61@hotmail.com\\counter-strike source\\hl2.exe:*:Enabled:hl2"

"D:\\Program Files\\Curse\\CurseClient.exe"="D:\\Program Files\\Curse\\CurseClient.exe:*:Enabled:Curse Client"

"D:\\Program Files\\Ventrilo\\Ventrilo.exe"="D:\\Program Files\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo.exe"

"D:\\Program Files\\Ares\\Ares.exe"="D:\\Program Files\\Ares\\Ares.exe:*:Disabled:Ares p2p for windows"

"D:\\Program Files\\SoulseekNS\\slsk.exe"="D:\\Program Files\\SoulseekNS\\slsk.exe:*:Disabled:SoulSeek"

"D:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"%windir%\\system32\\drivers\\svchost.exe"="%windir%\\system32\\drivers\\svchost.exe:*:Enabled:svchost"

"D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"%windir%\\system32\\drivers\\svchost.exe"="%windir%\\system32\\drivers\\svchost.exe:*:Enabled:svchost"

Remaining Files :

File Backups: - D:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Finished!

AND THE HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:12:36 AM, on 1/18/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\system32\notepad.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\Winamp\winampa.exe

D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

D:\Program Files\Java\jre6\bin\jusched.exe

D:\Program Files\iTunes\iTunesHelper.exe

D:\Program Files\Windows Live\Messenger\msnmsgr.exe

D:\Program Files\DAEMON Tools Lite\daemon.exe

D:\Program Files\Curse\CurseClient.exe

D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

D:\Program Files\Skype\Phone\Skype.exe

D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

D:\Program Files\iPod\bin\iPodService.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\Skype\Plugin Manager\skypePM.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [CurseClient] D:\Program Files\Curse\CurseClient.exe -silent

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227374627256

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5238 bytes

As I said, everything seems to be running fine now, but I'll run kaspersky and so on anyway just to make double super duper safe :P

Thanks a lot guys, you've really taken a load off my mind.

Link to comment
Share on other sites
Zaij Newbie

Zaij

Posted
  • Author
Posted

Looks like my computer isn't as clean as I'd hoped :(

SUPERANTISPYWARE

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 01/18/2009 at 11:19 AM

Application Version : 4.24.1004

Core Rules Database Version : 3714

Trace Rules Database Version: 1689

Scan type : Complete Scan

Total Scan Time : 00:17:20

Memory items scanned : 534

Memory threats detected : 0

Registry items scanned : 6038

Registry threats detected : 7

File items scanned : 14581

File threats detected : 137

Adware.Tracking Cookie

D:\Documents and Settings\Anna\Cookies\anna@antiviruspremiumscanner[1].txt

D:\Documents and Settings\Anna\Cookies\anna@protectionfastscanner[1].txt

D:\Documents and Settings\Anna\Cookies\anna@antiviruspowerfulscanner[1].txt

D:\Documents and Settings\Anna\Cookies\anna@yieldmanager[1].txt

D:\Documents and Settings\Anna\Cookies\anna@at.atwola[2].txt

D:\Documents and Settings\Anna\Cookies\anna@media.sensis.com[2].txt

D:\Documents and Settings\Anna\Cookies\anna@ads.admaxasia[2].txt

D:\Documents and Settings\Anna\Cookies\anna@clicktorrent[1].txt

D:\Documents and Settings\Anna\Cookies\anna@ads.think-adz[1].txt

D:\Documents and Settings\Anna\Cookies\anna@adecn[2].txt

D:\Documents and Settings\Anna\Cookies\anna@ads.easy-forex[1].txt

D:\Documents and Settings\Anna\Cookies\anna@6077.65.clickshield[1].txt

D:\Documents and Settings\Anna\Cookies\anna@ads3.think-adz[1].txt

D:\Documents and Settings\Anna\Cookies\anna@antivirus-live-scanner[1].txt

D:\Documents and Settings\Anna\Cookies\anna@rotator.its.adjuggler[1].txt

D:\Documents and Settings\Anna\Cookies\anna@cgi-bin[2].txt

D:\Documents and Settings\Anna\Cookies\anna@5649.87.clickshield[1].txt

D:\Documents and Settings\Anna\Cookies\anna@sensismediasmart.com[1].txt

D:\Documents and Settings\Anna\Cookies\anna@mediaonenetwork[1].txt

D:\Documents and Settings\Anna\Cookies\anna@media6degrees[1].txt

D:\Documents and Settings\Anna\Cookies\anna@6027.3496.clickshield[1].txt

D:\Documents and Settings\Anna\Cookies\anna@atdmt[4].txt

D:\Documents and Settings\Anna\Cookies\anna@doubleclick[3].txt

D:\Documents and Settings\Anna\Cookies\anna@wmvmedialease[1].txt

D:\Documents and Settings\Anna\Cookies\anna@advancedscanner[2].txt

D:\Documents and Settings\Anna\Cookies\anna@www.checkmystats.com[2].txt

D:\Documents and Settings\Anna\Cookies\anna@ad.media-servers[1].txt

D:\Documents and Settings\Anna\Cookies\anna@casalemedia[1].txt

D:\Documents and Settings\Anna\Cookies\anna@adopt.euroclick[1].txt

D:\Documents and Settings\Anna\Cookies\anna@stats.paypal[1].txt

D:\Documents and Settings\Anna\Cookies\anna@tacoda[2].txt

D:\Documents and Settings\Anna\Cookies\anna@servedby.adxpower[2].txt

D:\Documents and Settings\Anna\Cookies\anna@tribalfusion[2].txt

D:\Documents and Settings\Anna\Cookies\anna@tribalfusion[3].txt

D:\Documents and Settings\Anna\Cookies\anna@www.incentaclick[2].txt

D:\Documents and Settings\Anna\Cookies\anna@serving-sys[3].txt

D:\Documents and Settings\Anna\Cookies\anna@a.websponsors[2].txt

D:\Documents and Settings\Anna\Cookies\anna@atdmt[3].txt

D:\Documents and Settings\Anna\Cookies\anna@advertising[1].txt

D:\Documents and Settings\Anna\Cookies\anna@ads3.think-adz[2].txt

D:\Documents and Settings\Anna\Cookies\anna@adtech[1].txt

D:\Documents and Settings\Anna\Cookies\anna@www.movableadnetwork[2].txt

D:\Documents and Settings\Anna\Cookies\anna@statse.webtrendslive[2].txt

D:\Documents and Settings\Anna\Cookies\anna@mansion.122.2o7[1].txt

D:\Documents and Settings\Anna\Cookies\anna@fastclick[1].txt

D:\Documents and Settings\Anna\Cookies\anna@ad.zanox[2].txt

D:\Documents and Settings\Anna\Cookies\anna@fastclick[2].txt

D:\Documents and Settings\Anna\Cookies\anna@ads.mediamayhemcorp[1].txt

D:\Documents and Settings\Anna\Cookies\anna@www.ticketsnow2[1].txt

D:\Documents and Settings\Anna\Cookies\anna@pro-market[2].txt

D:\Documents and Settings\Anna\Cookies\anna@bs.serving-sys[1].txt

D:\Documents and Settings\Anna\Cookies\anna@prosecurityclicks[1].txt

D:\Documents and Settings\Anna\Cookies\anna@2o7[1].txt

D:\Documents and Settings\Anna\Cookies\anna@ad.yieldmanager[1].txt

D:\Documents and Settings\Anna\Cookies\anna@adserver.easyad[1].txt

D:\Documents and Settings\Anna\Cookies\anna@atdmt[2].txt

D:\Documents and Settings\Anna\Cookies\anna@doubleclick[1].txt

D:\Documents and Settings\Anna\Cookies\anna@doubleclick[2].txt

D:\Documents and Settings\Anna\Cookies\anna@incentaclick[2].txt

D:\Documents and Settings\Anna\Cookies\anna@optimost[1].txt

D:\Documents and Settings\Anna\Cookies\anna@protected-clicks-system[2].txt

D:\Documents and Settings\Anna\Cookies\anna@serving-sys[1].txt

D:\Documents and Settings\Anna\Cookies\anna@xiti[1].txt

D:\Documents and Settings\Anna\Cookies\anna@zedo[1].txt

Rogue.Component/Trace

HKLM\Software\Microsoft\50889710

HKLM\Software\Microsoft\50889710#50889710

HKLM\Software\Microsoft\50889710#Version

HKLM\Software\Microsoft\50889710#50883a90

HKLM\Software\Microsoft\50889710#50885375

HKU\S-1-5-21-1085031214-1637723038-1801674531-1001\Software\Microsoft\CS41275

HKU\S-1-5-21-1085031214-1637723038-1801674531-1001\Software\Microsoft\FIAS4018

Adware.AdRotate/System

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP109\A0024034.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030177.DLL

Adware.SideSearch/SideBar

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP109\A0024035.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP114\A0031297.DLL

Adware.SpeedRunner

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030129.EXE

Trojan.Dropper/Gen-Packed

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030130.EXE

Trojan.Unclassified/TestCPV

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030133.DLL

Adware.Vundo/Variant-Greek

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030135.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030137.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030138.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030207.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030211.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030212.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030214.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030215.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP125\A0036414.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP128\A0038820.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041034.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041035.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041036.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041039.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041040.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041044.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041045.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041047.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041048.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041049.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041050.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041052.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041053.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041055.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041056.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041057.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041058.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041061.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041063.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041064.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041065.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041066.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041067.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041068.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041069.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041070.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041071.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041072.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041076.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041078.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041079.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041082.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041086.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041087.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041090.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041092.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041093.DLL

Browser Hijacker.MJCore

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030136.DLL

Adware.Vundo/Variant

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP110\A0030147.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030210.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP125\A0036413.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP131\A0039979.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP136\A0041283.DLL

Trojan.Unclassified/BrowserDriver

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030198.EXE

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030205.EXE

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP135\A0041177.EXE

Trojan.Dropper-NET/TMP

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP111\A0030203.EXE

Adware.Vundo/Variant-Checkers

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP126\A0036570.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041042.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041054.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041080.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041081.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041083.DLL

Adware.Vundo Variant

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041046.DLL

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP134\A0041062.DLL

Adware.ThinkAdz

D:\SYSTEM VOLUME INFORMATION\_RESTORE{9F4124D9-AA1D-4819-9A44-7C572A6CB980}\RP135\A0041179.EXE

KASPERSKY

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Sunday, January 18, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Saturday, January 17, 2009 22:33:49

Records in database: 1638606

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

H:\

Scan statistics:

Files scanned: 79342

Threat name: 42

Infected objects: 59

Suspicious objects: 0

Duration of the scan: 00:53:02

File name / Threat name / Threats count

C:\Downloads\Torrent\temp\TinyXP.Christmas.2008.Edition.eXPerience.iso Infected: not-a-virus:RiskTool.Win32.HideWindows 1

D:\Documents and Settings\Anna\Application Data\Google\mjkspc.dll Infected: Trojan.Win32.Inject.ner 1

D:\Qoobox\Quarantine\D\Documents and Settings\Anna\Application Data\gadcom\gadcom.exe.vir Infected: Trojan.Win32.Agent.asmf 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\ajahqbws.dll.vir Infected: Trojan.Win32.Monder.anch 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\bmvoconj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gca 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\diezil.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fxo 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\dnlnhahh.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fxo 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\dqnbafqg.dll.vir Infected: Trojan.Win32.Monder.aawl 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\dwwnw64r.exe.vir Infected: Trojan-Downloader.Win32.Agent.afzg 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\etwagghr.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gby 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\evp\peco85IV.exe.vir Infected: Trojan-Downloader.Win32.Agent.afzg 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\eyombxlj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gby 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\fetfhe.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqw 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\fjhvuafj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fze 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\fssbevik.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fyn 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\fwwffmlu.dll.vir Infected: Trojan.Win32.Monder.acfc 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\g44.exe.vir Infected: Trojan-Clicker.Win32.Agent.btf 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\geBRLdCV.dll.vir Infected: Trojan.Win32.Agent.asus 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\gside.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ymu 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\gvmaonvo.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fza 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\hbvpzsnmgdn.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.iaw 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\jhhkakls.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqi 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\jizahj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gby 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\jruggo.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gby 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\knegxahl.dll.vir Infected: Trojan.Win32.Monder.akun 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\ksmkunje.dll.vir Infected: Packed.Win32.PolyCrypt.d 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\kudzbr.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fyn 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\ljsecihl.dll.vir Infected: Trojan.Win32.Monder.aaxd 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\ltjxgemd.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqw 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\lxemkg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fze 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\mgbqpacs.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exz 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\mwyxlz.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exy 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\nhpgpx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gca 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\nnnmkKBR.dll.vir Infected: Trojan.Win32.Agent.atfd 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\npphjcsw.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gcb 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\opnmLbAQ.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.amwh 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\pepmppad.dll.vir Infected: Trojan.Win32.Monder.adsq 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\rqwnw64o.exe.vir Infected: Trojan-Downloader.Win32.Agent.afzg 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\scntssdl.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ca 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\spxglrbx.dll.vir Infected: Trojan.Win32.DieMast.n 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\taxbmm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gbb 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\tbpqacpe.dll.vir Infected: Trojan.Win32.Monder.aktu 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\tlacxm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqi 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\trakdwec.dll.vir Infected: Trojan-Dropper.Win32.Agent.abjb 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\txlhfnuy.dll.vir Infected: Trojan.Win32.Monder.afxn 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\uXPi02\uXPi022328.exe.vir Infected: Trojan-Downloader.Win32.VB.jci 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\vocfnd.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gcb 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\wlmurrbe.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gbb 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\xafndtdp.dll.vir Infected: Trojan.Win32.Monder.aaxd 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\xvnxvbda.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exy 1

D:\Qoobox\Quarantine\D\WINDOWS\system32\ybdsmm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fza 1

D:\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.Agent.bdfu 1

D:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.TDSS.bkw 1

D:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.TDSS.blh 1

D:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.TDSS.asz 1

D:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.TDSS.atb 1

D:\SDFix\backups\catchme.zip Infected: Rootkit.Win32.TDSS.dbg 1

D:\SDFix\backups\catchme.zip Infected: Trojan.Win32.Patched.dw 1

D:\WINDOWS\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

The selected area was scanned.

Link to comment
Share on other sites
  • Administrator
Tarun Grand Master

Tarun

Posted
  • Administrator
Posted

You can safely remove items in your System Restore.

Go to Start > All Programs > Accessories > System Tools > System Restore

Create a new Restore Point and title it accordingly, such as "Removed rookit".

Now go to My Computer > right click your hard drive > Properties

Click Disk Cleanup

Click More Options tab and then click Clean up under System Restore.

This will clean up all but your more recent restore point (which you just created)

Please download my Anti-Malware Toolkit and get the Professional package. (Since you have SUPERAntiSpyware you can uncheck it in the list) Then follow the directions in the PC Cleanup guide. After that, please post a HijackThis log.

Link to comment
Share on other sites
rridgely Contributor

 rridgely

Posted
Posted

Besides doing what tarun said, you should delete these folders:

D:\Qoobox <- folder

D:\SDFix <-folder

You don't have anymore active infections so after following tarun's steps to clean up your system restore and deleting the above your computer should come up clean in any additional scans.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...