|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
11-30-2007, 04:43 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2007
Location: Auckland
Posts: 25
OS: Windows XP Professional Version 2002 Service Pack 2
|
[SOLVED] constant popup ads Trojan.Vundo
Hello
I have constant popup ads on my computer. i have the google toolbar installed but it doesnt stop them. I have Norton installed and for some reason it doesnt seem to detect this. i have tried smitfarudfix and it hasnt changed anything the popups keep coming up. It has also made Microsoft Office applications really slow. I have followed the advice on one of the threads and done a hijackthis scan after going in safe mode as well as with all files and folders visible and system restore off. here is the log: Logfile of HijackThis v1.99.1 Scan saved at 11:32:58 a.m., on 1/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\DOCUME~1\KeZiAh\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [3099a31c] rundll32.exe "C:\WINDOWS\system32\lujelfjv.dll",b O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www4.snapfish.co.nz/SnapfishActivia.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe I dont know if this helps but my antivirus auto protect keeps coming up saying: auto protect has detected trojan.vundo and blocked it auto protect has detected Adware.Ezula and blocked it auto protect has detected Tracking cookie and blocked it auto protect has detected Downloader and blocked it auto protect has detected Adware.Max Search and blocked it auto protect has detected Spyware.Marketscore and blocked it auto protect has detected CFXFER and blocked it auto protect has detected SpyShredder and blocked it i am online constantly so if you need me to run anythig please advise thanks classyleo |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-30-2007, 06:22 PM
|
#2 (permalink) | |
|
Registered User
Join Date: Nov 2007
Location: Auckland
Posts: 25
OS: Windows XP Professional Version 2002 Service Pack 2
|
Re: constant popup ads Trojan.Vundo
Quote:
Deckard's System Scanner v20071014.68 Run by KeZiAh on 2007-12-01 14:09:57 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 2 Restore Point(s) -- 2: 2007-12-01 01:10:05 UTC - RP2 - Deckard's System Scanner Restore Point 1: 2007-11-30 22:45:01 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 502 MiB (512 MiB recommended). -- HijackThis (run as KeZiAh.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:13:29 p.m., on 1/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\KeZiAh\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\KeZiAh.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-1.dll (file missing) O2 - BHO: (no name) - {35189E19-6E87-4210-BDAE-E779829E34DF} - C:\WINDOWS\system32\pmkjk.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: {7d64903f-c332-8618-f994-91e838a60e8b} - {b8e06a83-8e19-499f-8168-233cf30946d7} - C:\WINDOWS\system32\nbqdomjh.dll O2 - BHO: 0 - {ED4AB95E-5E4E-4526-349A-F4A5766F6195} - C:\Program Files\Windows Media Player\zykiz.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [3099a31c] rundll32.exe "C:\WINDOWS\system32\lujelfjv.dll",b O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www4.snapfish.co.nz/SnapfishActivia.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 12194 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsushita Electric Industrial Co.,Ltd.; > R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver> R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0> R2 FdRedir - c:\program files\common files\protector suite ql\drivers\fdredir.sys <Not Verified; UPEK Inc.; Protector Suite QL> R2 FileDisk2 (FileDisk Protector Kernel Driver) - c:\program files\common files\protector suite ql\drivers\filedisk.sys <Not Verified; UPEK Inc.; Protector Suite QL> R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol> R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver> R2 smihlp (SMI helper driver) - c:\program files\protector suite ql\smihlp.sys <Not Verified; UPEK Inc.; Protector Suite QL> R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell> R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver> R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)> R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA> R3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver> R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA> R3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA> R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System> R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service> R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter> S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows> S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows> S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver> S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)> R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsushita Electric Industrial Co., Ltd.; > R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service> R2 TAPPSRV (TOSHIBA Application Service) - "c:\program files\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\D155448880DA0 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\D155448880DA0 Service: NIC1394 -- Scheduled Tasks ------------------------------------------------------------- 2007-11-27 11:11:26 558 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - KeZiAh.job -- Files created between 2007-11-01 and 2007-12-01 ----------------------------- 2007-12-01 14:12:42 0 d-------- C:\Program Files\Trend Micro 2007-12-01 13:54:30 0 d-------- C:\ie-spyad_zo 2007-12-01 13:48:06 0 d-------- C:\Program Files\SpywareBlaster 2007-12-01 11:57:59 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-01 11:57:56 0 d-------- C:\WINDOWS\LastGood 2007-12-01 00:08:28 84185 --a------ C:\WINDOWS\system32\lujelfjv.dll 2007-12-01 00:01:59 78912 --a------ C:\WINDOWS\system32\nbqdomjh.dll 2007-11-29 23:03:36 77888 --a------ C:\WINDOWS\system32\gfohijca.dll 2007-11-29 23:03:05 0 d-------- C:\Documents and Settings\KeZiAh\.housecall6.6 2007-11-29 23:00:49 82825 --a------ C:\WINDOWS\system32\fnfucbkd.dll 2007-11-27 21:35:01 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-27 20:47:00 5028 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-27 18:41:00 0 d-------- C:\Program Files\Yahoo! Games 2007-11-27 12:54:09 0 d-------- C:\Program Files\Norton Security Scan 2007-11-27 11:34:47 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer 2007-11-27 11:02:15 0 d-------- C:\Program Files\Norton AntiVirus 2007-11-27 11:00:08 0 d-------- C:\Program Files\Symantec 2007-11-27 00:45:10 0 d-------- C:\Program Files\WinAble 2007-11-27 00:37:34 123630 --ahs---- C:\WINDOWS\system32\kjkmp.ini2 2007-11-27 00:37:16 331360 --a------ C:\WINDOWS\system32\pmkjk.dll 2007-11-27 00:35:31 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ> 2007-11-27 00:35:25 0 d-------- C:\Program Files\Temporary 2007-11-27 00:32:13 120 --a------ C:\n.bat 2007-11-27 00:31:49 0 d-------- C:\WINDOWS\system32\z1 2007-11-27 00:31:49 0 d-------- C:\WINDOWS\system32\x4 2007-11-27 00:31:44 0 d-------- C:\WINDOWS\system32\rMa05yy 2007-11-27 00:30:28 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP -- Find3M Report --------------------------------------------------------------- 2007-12-01 13:26:10 0 d-------- C:\Program Files\Winamp 2007-12-01 13:24:46 0 d-------- C:\Program Files\Protector Suite QL 2007-12-01 13:22:44 0 d-------- C:\Program Files\iTunes 2007-12-01 13:21:50 0 d-------- C:\Program Files\Google 2007-12-01 13:20:49 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-11-27 21:34:52 0 d-------- C:\Documents and Settings\KeZiAh\Application Data\Mozilla 2007-11-27 18:39:13 0 d-------- C:\Program Files\Common Files 2007-11-27 01:25:58 0 d-------- C:\Program Files\QuickTime 2007-10-26 22:38:32 0 d-------- C:\Program Files\Picasa2 2007-09-10 21:02:38 73216 --a------ C:\WINDOWS\cadkasdeinst01e.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}] C:\Program Files\ContextTool\ContextTool-1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35189E19-6E87-4210-BDAE-E779829E34DF}] 27/11/2007 12:37 a.m. 331360 --a------ C:\WINDOWS\system32\pmkjk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8e06a83-8e19-499f-8168-233cf30946d7}] 01/12/2007 12:02 a.m. 78912 --a------ C:\WINDOWS\system32\nbqdomjh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED4AB95E-5E4E-4526-349A-F4A5766F6195}] C:\Program Files\Windows Media Player\zykiz.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [15/10/2005 11:29 a.m. C:\WINDOWS\agrsmmsg.exe] "RTHDCPL"="RTHDCPL.EXE" [09/12/2005 08:49 p.m. C:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [03/05/2005 11:43 p.m. C:\WINDOWS\Alcmtr.exe] "NDSTray.exe"="NDSTray.exe" [] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [07/10/2005 02:20 a.m.] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [27/04/2005 01:13 p.m.] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [01/12/2005 09:25 a.m.] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [06/01/2006 11:02 a.m.] "TFncKy"="TFncKy.exe" [] "TDispVol"="TDispVol.exe" [12/03/2005 12:03 p.m. C:\WINDOWS\system32\TDispVol.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/03/2006 09:02 p.m.] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [05/12/2005 12:37 p.m.] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/11/2005 11:41 a.m.] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [28/11/2005 06:55 p.m.] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [28/11/2005 06:52 p.m.] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [28/11/2005 06:55 p.m.] "PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [05/05/2006 05:36 p.m.] "TPSMain"="TPSMain.exe" [31/05/2005 09:00 p.m. C:\WINDOWS\system32\TPSMain.exe] "CFSServ.exe"="CFSServ.exe" [] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [22/11/2006 06:38 a.m.] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [13/12/2005 08:49 a.m.] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/01/2007 07:33 p.m.] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 a.m.] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 p.m.] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 07:24 a.m.] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [31/07/2007 07:44 p.m.] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [05/06/2007 03:05 p.m.] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [26/06/2007 06:00 p.m.] "3099a31c"="C:\WINDOWS\system32\lujelfjv.dll" [01/12/2007 12:08 a.m.] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [28/11/2007 07:51 p.m.] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [30/12/2004 09:32 p.m.] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 01:00 a.m.] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [22/02/2006 04:18 p.m.] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/04/2007 07:27 p.m.] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [16/07/2007 04:17 p.m.] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART C:\Documents and Settings\KeZiAh\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [12/06/2004 6:57:52 p.m.] wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [18/08/2005 8:44:26 a.m.] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [3/02/2006 7:19:10 p.m.] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [23/01/2007 12:27:56 a.m.] RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [7/03/2006 11:58:25 a.m.] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] psqlpwd.dll 05/05/2006 05:48 p.m. 40448 C:\WINDOWS\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjk.dll "Notification Packages"= scecli psqlpwd -- End of Deckard's System Scanner: finished at 2007-12-01 14:14:31 ------------ and this is the Panda Active Scan result: Incident Status Location Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@ad.yieldmanager[1].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@adtech[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@advertising[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@apmebf[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@atdmt[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@com[1].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@did-it[1].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@did-it[3].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@doubleclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@fastclick[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@questionmarket[2].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@server.iad.liveperson[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@statcounter[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@statse.webtrendslive[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@statse.webtrendslive[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@tribalfusion[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@tribalfusion[2].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@www.myaffiliateprogram[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@xiti[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\KeZiAh\Cookies\keziah@zedo[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\KeZiAh\Desktop\setup\SmitfraudFix\Process.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\KeZiAh\Desktop\setup\SmitfraudFix\restart.exe hope this helps |
|
|
|
|
|
12-05-2007, 12:35 PM
|
#6 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,931
OS: Windows 7 Ultimate
|
Re: constant popup ads Trojan.Vundo
Hi classyleo,
Sorry for the delay in looking into your log, as we are extremely busy as you may have noticed. If you still require assistance, then please carry out my instructions. Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription. -------------------------------------------------------------- Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. -------------------------------------------------------------- Download Combofix from Here or Alternate link **Save it directly to your desktop** Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Warning: Do not mouseclick combofix's window whilst it's running. That may cause it to stall A log will be produced that will ultimately be named C:\ComboFix.txt I'll need that in your next reply -------------------------------------------------------------- Please go to: VirusTotal
If VirusTotal is busy, try the same at Jotti -------------------------------------------------------------- Please reply back with the following logs: C:\ComboFix.txt VirusTotal Results
__________________
 Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
12-05-2007, 02:27 PM
|
#7 (permalink) |
|
Registered User
Join Date: Nov 2007
Location: Auckland
Posts: 25
OS: Windows XP Professional Version 2002 Service Pack 2
|
Re: constant popup ads Trojan.Vundo
thanks for your reply. yes i do see that the site is extremly busy but atleast you replied and thats great. here is what you requested for
This is the combofix txt: ComboFix 07-12-02.6 - KeZiAh 2007-12-06 9:59:15.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.151 [GMT 13:00] Running from: C:\Documents and Settings\KeZiAh\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\KeZiAh\Application Data\macromedia\Flash Player\#SharedObjects\V7B8Y6NZ\iforex.com C:\Documents and Settings\KeZiAh\Application Data\macromedia\Flash Player\#SharedObjects\V7B8Y6NZ\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\KeZiAh\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\KeZiAh\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\Program Files\Temporary C:\Program Files\WinAble C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\abW9 C:\Temp\abW9\tPho.log C:\WINDOWS\cookies.ini C:\WINDOWS\Fonts\a.zip C:\WINDOWS\system32\argdausm.ini C:\WINDOWS\system32\fnfucbkd.dll C:\WINDOWS\system32\gfohijca.dll C:\WINDOWS\system32\kjkmp.ini C:\WINDOWS\system32\kjkmp.ini2 C:\WINDOWS\system32\msuadgra.dll C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pmkjk.dll C:\WINDOWS\system32\rMa05yy C:\WINDOWS\system32\x4 C:\WINDOWS\system32\z1 C:\WINDOWS\Fonts\' . ((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 ))))))))))))))))))))))))))))))) . 2007-12-05 00:17 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-05 00:17 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-05 00:17 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-05 00:17 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-05 00:17 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-03 19:23 . 2007-12-04 00:01 787,144 --ahs---- C:\WINDOWS\system32\ssrscwtv.ini 2007-12-01 14:12 . 2007-12-01 14:12 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-01 14:09 . 2007-12-01 14:09 <DIR> d-------- C:\Deckard 2007-12-01 13:54 . 2007-12-01 13:54 <DIR> d-------- C:\ie-spyad_zo 2007-12-01 13:48 . 2007-12-03 21:06 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-12-01 12:26 . 2007-12-01 12:29 477,286,400 --a------ C:\34D.tmp 2007-12-01 11:58 . 2007-12-01 12:59 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-01 11:58 . 2007-12-01 12:59 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-01 10:01 . 2007-05-29 13:55 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-12-01 10:01 . 2007-05-29 13:55 10,592 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2007-12-01 10:01 . 2007-05-29 13:55 705 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2007-12-01 00:08 . 2007-12-03 19:16 793,389 --ahs---- C:\WINDOWS\system32\vjflejul.ini 2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-29 23:09 . 2007-11-29 23:03 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-11-29 23:03 . 2007-12-06 00:15 <DIR> d-------- C:\Documents and Settings\KeZiAh\.housecall6.6 2007-11-28 23:04 . 2007-11-30 23:58 792,965 --ahs---- C:\WINDOWS\system32\hpnpjluh.ini 2007-11-27 21:35 . 2007-11-27 21:35 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-27 20:47 . 2007-12-05 00:18 5,028 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-27 18:41 . 2007-11-27 18:41 <DIR> d-------- C:\Program Files\Yahoo! Games 2007-11-27 12:54 . 2007-12-05 00:20 <DIR> d-------- C:\Program Files\Norton Security Scan 2007-11-27 11:23 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1 2007-11-27 11:23 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1 2007-11-27 11:18 . 2007-11-27 11:20 16 --a------ C:\WINDOWS\system32\coh.cache 2007-11-27 11:02 . 2007-12-01 13:24 <DIR> d-------- C:\Program Files\Norton AntiVirus 2007-11-27 11:00 . 2007-12-05 23:32 <DIR> d-------- C:\Program Files\Symantec 2007-11-27 11:00 . 2007-12-05 23:31 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-11-27 11:00 . 2007-12-05 23:31 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-11-27 11:00 . 2007-12-05 23:32 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-11-27 11:00 . 2007-12-05 23:32 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-11-27 00:35 . 2007-11-27 00:35 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-27 00:32 . 2007-11-27 00:32 120 --a------ C:\n.bat 2007-11-27 00:30 . 2007-11-27 00:44 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-05 20:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-05 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-12-01 00:26 --------- d-----w C:\Program Files\Winamp 2007-12-01 00:24 --------- d-----w C:\Program Files\Protector Suite QL 2007-12-01 00:22 --------- d-----w C:\Program Files\iTunes 2007-12-01 00:21 --------- d-----w C:\Program Files\Google 2007-11-30 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-11-26 12:25 --------- d-----w C:\Program Files\QuickTime 2007-10-26 09:38 --------- d-----w C:\Program Files\Picasa2 2007-09-10 08:02 73,216 ----a-w C:\WINDOWS\cadkasdeinst01e.exe 2007-08-09 08:51 280 ----a-w C:\Documents and Settings\KeZiAh\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}] C:\Program Files\ContextTool\ContextTool-1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED4AB95E-5E4E-4526-349A-F4A5766F6195}] C:\Program Files\Windows Media Player\zykiz.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 21:32] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 01:00] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-02-22 16:18] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 19:27] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-07-16 16:17] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 11:29 C:\WINDOWS\agrsmmsg.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 20:49 C:\WINDOWS\RTHDCPL.exe] "NDSTray.exe"="NDSTray.exe" [] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-07 02:20] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 13:13] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-12-01 09:25] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-06 11:02] "TFncKy"="TFncKy.exe" [] "TDispVol"="TDispVol.exe" [2005-03-12 12:03 C:\WINDOWS\system32\TDispVol.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 21:02] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 18:55] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 18:52] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 18:55] "PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-05-05 17:36] "TPSMain"="TPSMain.exe" [2005-05-31 21:00 C:\WINDOWS\system32\TPSMain.exe] "CFSServ.exe"="CFSServ.exe" [] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-22 06:38] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-01 19:33] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 07:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 19:44] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-05 15:05] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-06-26 18:00] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [] C:\Documents and Settings\KeZiAh\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-12 18:57:52] wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-18 08:44:26] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-03 19:19:10] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-23 00:27:56] RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-03-07 11:58:25] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] psqlpwd.dll 2006-05-05 17:48 40448 C:\WINDOWS\system32\psqlpwd.dll . Contents of the 'Scheduled Tasks' folder "2007-11-26 22:11:26 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - KeZiAh.job" - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-06 10:10:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-06 10:12:30 - machine was rebooted . --- E O F --- This is the VirusTotal Result: File cadkasdeinst01e.exe received on 12.05.2007 22:15:00 (CET)Antivirus Version Last Update Result AhnLab-V3 2007.12.6.0 2007.12.05 - AntiVir 7.6.0.34 2007.12.05 - Authentium 4.93.8 2007.12.05 - Avast 4.7.1098.0 2007.12.05 - AVG 7.5.0.503 2007.12.05 - BitDefender 7.2 2007.12.05 - CAT-QuickHeal 9.00 2007.12.05 - ClamAV 0.91.2 2007.12.05 - DrWeb 4.44.0.09170 2007.12.05 - eSafe 7.0.15.0 2007.12.05 - eTrust-Vet 31.3.5353 2007.12.05 - Ewido 4.0 2007.12.05 - FileAdvisor 1 2007.12.05 - Fortinet 3.14.0.0 2007.12.05 - F-Prot 4.4.2.54 2007.12.05 - F-Secure 6.70.13030.0 2007.12.05 - Ikarus T3.1.1.12 2007.12.05 - Kaspersky 7.0.0.125 2007.12.05 - McAfee 5178 2007.12.05 - Microsoft 1.3007 2007.12.05 - NOD32v2 2701 2007.12.05 - Norman 5.80.02 2007.12.05 - Panda 9.0.0.4 2007.12.05 - Prevx1 V2 2007.12.05 - Rising 20.21.20.00 2007.12.05 - Sophos 4.24.0 2007.12.05 - Sunbelt 2.2.907.0 2007.12.05 - Symantec 10 2007.12.05 - TheHacker 6.2.9.151 2007.12.05 - VBA32 3.12.2.5 2007.12.05 - VirusBuster 4.3.26:9 2007.12.05 - Webwasher-Gateway 6.6.2 2007.12.05 - Additional information File size: 73216 bytes MD5: 63af89ba5b6fa700416a71975c2078da SHA1: 3ee249fd571df072f564f287b9de2ddf8c46231b PEiD: - Last edited by classyleo; 12-05-2007 at 02:30 PM. |
|
|
|
|
12-05-2007, 03:18 PM
|
#8 (permalink) | |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,931
OS: Windows 7 Ultimate
|
Re: constant popup ads Trojan.Vundo
Hi classyleo,
Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. Also be sure to carry out the instructions in the sequence listed below. -------------------------------------------------------------- Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to C:\SDFix DO NOT run SDFix yet. We will shortly -------------------------------------------------------------- Enter Safe Mode
Note: Some systems, this may be the F5 key, so try that if F8 doesn't work. -------------------------------------------------------------- Run SDFix
-------------------------------------------------------------- Restart your computer in Normal Mode -------------------------------------------------------------- Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Referring to the picture above, drag CFScript into ComboFix.exe Follow the prompts, and post the resulting log, C:\ComboFix.txt Warning: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -------------------------------------------------------------- Please run HiJackThis again, and post a fresh log -------------------------------------------------------------- Please reply back with the following logs: C:\SDFix\report.txt C:\ComboFix.txt Fresh HiJackThis Log Update on systems behavior
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
|
12-05-2007, 06:27 PM
|
#9 (permalink) |
|
Registered User
Join Date: Nov 2007
Location: Auckland
Posts: 25
OS: Windows XP Professional Version 2002 Service Pack 2
|
Re: constant popup ads Trojan.Vundo
hey there thnks for your help. i havent seen any pop ups so far so the news must be good but heres the information u asked for:
SDFIX Report SDFix: Version 1.117 Run by KeZiAh on Thu 06/12/2007 at 01:03 p.m. Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\PROGRA~1\WINDOW~2\DISON~1.HTM - Deleted C:\n.bat - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-06 14:03:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FE2DACC32FFC736428AAAAFB7320283D\Usage] "Complete"=dword:37860301 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F289813F-9BF7-27A9-F954-A2794FB4192E}] "iacijkagnljffmojgg"=hex:6a,61,69,62,69,6d,61,6f,67,66,6f,69,64,62,69,65,70,6c,61,6b,00,.. "hamgliknhpplhokc"=hex:6a,61,69,62,69,6d,61,6f,67,66,6f,69,64,62,69,65,70,6c,61,6b,00,.. scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Fri 26 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe" Wed 13 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 31 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Finished! ComboFix: ComboFix 07-12-02.6 - KeZiAh 2007-12-06 14:12:32.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.223 [GMT 13:00] Running from: C:\Documents and Settings\KeZiAh\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\KeZiAh\Desktop\CFScript.txt * Created a new restore point FILE C:\34D.tmp C:\WINDOWS\system32\hpnpjluh.ini C:\WINDOWS\system32\ssrscwtv.ini C:\WINDOWS\system32\vbzip10.dll C:\WINDOWS\system32\vjflejul.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\34D.tmp C:\WINDOWS\system32\hpnpjluh.ini C:\WINDOWS\system32\ssrscwtv.ini C:\WINDOWS\system32\vbzip10.dll C:\WINDOWS\system32\vjflejul.ini . ((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 ))))))))))))))))))))))))))))))) . 2007-12-06 12:20 . 2007-12-06 12:20 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-05 00:17 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-05 00:17 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-05 00:17 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-05 00:17 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-05 00:17 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-01 14:12 . 2007-12-01 14:12 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-01 14:09 . 2007-12-01 14:09 <DIR> d-------- C:\Deckard 2007-12-01 13:54 . 2007-12-01 13:54 <DIR> d-------- C:\ie-spyad_zo 2007-12-01 13:48 . 2007-12-03 21:06 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-12-01 11:58 . 2007-12-01 12:59 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-01 11:58 . 2007-12-01 12:59 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-01 10:01 . 2007-05-29 13:55 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-12-01 10:01 . 2007-05-29 13:55 10,592 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2007-12-01 10:01 . 2007-05-29 13:55 705 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-29 23:09 . 2007-11-29 23:03 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-11-29 23:03 . 2007-12-06 00:15 <DIR> d-------- C:\Documents and Settings\KeZiAh\.housecall6.6 2007-11-27 21:35 . 2007-11-27 21:35 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-27 20:47 . 2007-12-05 00:18 5,028 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-27 18:41 . 2007-11-27 18:41 <DIR> d-------- C:\Program Files\Yahoo! Games 2007-11-27 12:54 . 2007-12-05 00:20 <DIR> d-------- C:\Program Files\Norton Security Scan 2007-11-27 11:23 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1 2007-11-27 11:23 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1 2007-11-27 11:18 . 2007-11-27 11:20 16 --a------ C:\WINDOWS\system32\coh.cache 2007-11-27 11:02 . 2007-12-01 13:24 <DIR> d-------- C:\Program Files\Norton AntiVirus 2007-11-27 11:00 . 2007-12-05 23:32 <DIR> d-------- C:\Program Files\Symantec 2007-11-27 11:00 . 2007-12-05 23:31 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-11-27 11:00 . 2007-12-05 23:31 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-11-27 11:00 . 2007-12-05 23:32 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-11-27 11:00 . 2007-12-05 23:32 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-11-27 00:30 . 2007-11-27 00:44 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-05 20:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-05 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-12-01 00:26 --------- d-----w C:\Program Files\Winamp 2007-12-01 00:24 --------- d-----w C:\Program Files\Protector Suite QL 2007-12-01 00:22 --------- d-----w C:\Program Files\iTunes 2007-12-01 00:21 --------- d-----w C:\Program Files\Google 2007-11-30 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-11-26 12:25 --------- d-----w C:\Program Files\QuickTime 2007-10-26 09:38 --------- d-----w C:\Program Files\Picasa2 2007-09-10 08:02 73,216 ----a-w C:\WINDOWS\cadkasdeinst01e.exe 2007-08-09 08:51 280 ----a-w C:\Documents and Settings\KeZiAh\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((( snapshot@2007-12-06_10.11.13.26 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-05 07:19:42 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2007-12-06 00:03:30 9,633,792 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2007-12-06 00:03:30 86,016 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2007-12-05 07:19:42 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2007-12-05 23:20:24 9,633,792 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2007-12-05 23:20:24 86,016 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 21:32] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 01:00] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-02-22 16:18] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 19:27] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-07-16 16:17] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 11:29 C:\WINDOWS\agrsmmsg.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 20:49 C:\WINDOWS\RTHDCPL.exe] "NDSTray.exe"="NDSTray.exe" [] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-07 02:20] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 13:13] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-12-01 09:25] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-06 11:02] "TFncKy"="TFncKy.exe" [] "TDispVol"="TDispVol.exe" [2005-03-12 12:03 C:\WINDOWS\system32\TDispVol.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 21:02] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 18:55] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 18:52] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 18:55] "PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-05-05 17:36] "TPSMain"="TPSMain.exe" [2005-05-31 21:00 C:\WINDOWS\system32\TPSMain.exe] "CFSServ.exe"="CFSServ.exe" [] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-22 06:38] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-01 19:33] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 07:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 19:44] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-05 15:05] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-06-26 18:00] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [] C:\Documents and Settings\KeZiAh\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-12 18:57:52] wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-18 08:44:26] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-03 19:19:10] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-23 00:27:56] RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-03-07 11:58:25] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] psqlpwd.dll 2006-05-05 17:48 40448 C:\WINDOWS\system32\psqlpwd.dll R2 FdRedir;FdRedir;\??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys R2 FileDisk2;FileDisk Protector Kernel Driver;\??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys R2 smihlp;SMI helper driver;\??\C:\Program Files\Protector Suite QL\smihlp.sys R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys . Contents of the 'Scheduled Tasks' folder "2007-11-26 22:11:26 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - KeZiAh.job" - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-06 14:18:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-06 14:20:11 - machine was rebooted C:\ComboFix2.txt ... 2007-12-06 10:12 . --- E O F --- HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:22:14 p.m., on 6/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www4.snapfish.co.nz/SnapfishActivia.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 11014 bytes |
|
|
|
|
12-05-2007, 07:56 PM
|
#10 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,931
OS: Windows 7 Ultimate
|
Re: constant popup ads Trojan.Vundo
Looking really good. Lets get one more online scan.
Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
12-05-2007, 09:55 PM
|
#11 (permalink) |
|
Registered User
Join Date: Nov 2007
Location: Auckland
Posts: 25
OS: Windows XP Professional Version 2002 Service Pack 2
|
Re: constant popup ads Trojan.Vundo
here is the report you requested
------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, December 06, 2007 5:53:42 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 6/12/2007 Kaspersky Anti-Virus database records: 473582 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: false Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 51292 Number of viruses found: 4 Number of infected objects: 13 Number of suspicious objects: 0 Duration of the scan process: 00:48:30 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-12-06_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\54047CF2.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped C:\Documents and Settings\KeZiAh\Cookies\index.dat Object is locked skipped C:\Documents and Settings\KeZiAh\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\KeZiAh\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\KeZiAh\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\KeZiAh\Local Settings\Temp\Perflib_Perfdata_f44.dat Object is locked skipped C:\Documents and Settings\KeZiAh\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\KeZiAh\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\KeZiAh\NTUSER.DAT Object is locked skipped C:\Documents and Settings\KeZiAh\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Yahoo!\Messenger\logs\billing_KeZiAh.log Object is locked skipped C:\Program Files\Yahoo!\Messenger\logs\client_KeZiAh.log Object is locked skipped C:\Program Files\Yahoo!\Messenger\logs\network_KeZiAh.log Object is locked skipped C:\qoobox\Quarantine\C\WINDOWS\system32\fnfucbkd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped C:\qoobox\Quarantine\C\WINDOWS\system32\msuadgra.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped C:\SDFix\backups\backups.zip/backups/dison.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped C:\SDFix\backups\backups.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP1\A0000017.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ag skipped C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP1\A0000040.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ag skipped C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP1\A0000043.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ag skipped C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP1\A0000097.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP1\A0000097.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP1\A0000097.exe RarSFX: infected - 2 skipped C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP1\A0000104.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP2\A0000145.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP2\A0000147.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP3\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\yacs.log Object is locked skipped Scan process completed. |
|
|
|
|
12-10-2007, 08:59 AM
|
#13 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,931
OS: Windows 7 Ultimate
|
Re: constant popup ads Trojan.Vundo
Hi classyleo,
For some reason didn't get notified of your post on the 5th. Sorry about that. Please delete the following folder in BLUE: C:\SDFix --------------------------------------------------------------------------- Well done, your logs are clean! There are just a few more things I would like you to do. Go to Start > Run - type ComboFix /u Click OK ---------------------------------------------------------------- Microsoft Updates It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection. Malware Prevention Tools These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.
Alternative Web Browsers Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites. Firewalls If you do not have a firewall, here are a few free ones available for personal use: Understanding and Using Firewalls Informational Reading In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:
Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
12-12-2007, 01:15 AM
|
#14 (permalink) |
|
Registered User
Join Date: Nov 2007
Location: Auckland
Posts: 25
OS: Windows XP Professional Version 2002 Service Pack 2
|
Re: constant popup ads Trojan.Vundo
hi just a question when i did the KASPERSKY ONLINE SCANNER it said that there were a few infected files could you explain why it said that. and i do have updates for spyware blaster and iespyad and the rest already installed. i am using Norton Anti Virus is that ok or do i need the others
|
|
|
|
|
12-12-2007, 07:48 PM
|
#15 (permalink) | ||
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,931
OS: Windows 7 Ultimate
|
Re: constant popup ads Trojan.Vundo
Hello,
Quote:
Quote:
Well safe surfing 
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
||
|
|
|
|
12-13-2007, 04:13 AM
|
#16 (permalink) |
|
Registered User
Join Date: Nov 2007
Location: Auckland
Posts: 25
OS: Windows XP Professional Version 2002 Service Pack 2
|
Re: constant popup ads Trojan.Vundo
hello
thank you for all your help. i have installed Zone Alarm as my firewall and thats working well. I have norton and that is ok. i have iespyad and spywareblaster and thats going well and yes i do the constant updates as well almost everyday so thank you for your help and i will recommend this to all my friends thanks a bundle classyleo |
|
|
|
| Thread Tools | |
|
|
