Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Vundo H


  • This topic is locked This topic is locked
2 replies to this topic

#1 poolhall

poolhall

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 02 March 2009 - 12:10 PM

I am running a windows xp laptop. Browsers run very slow, I get popups to random sites mostly about spyware.

I have run superantispyware, onecare, spybot, vundofix, virtumondebegone and malwarebytes without success.

Malwarebytes finds 3 files in safe mode, but is ineffective at deleting them.

Thank you in advance for any help you can provide. I don't know what else to try.

Here is the log file:


DDS (Ver_09-02-01.01) - NTFSx86 NETWORK
Run by Alex at 8:57:12.42 on 03/02/09
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.992 [GMT -8:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Alex\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.my.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.myyahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {50B49041-8607-4E49-8415-97A05C328C94} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: IE_PopupBlocker Class: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\program files\propel

accelerator\prpl_IePopupBlocker.dll
BHO: CallinSearch for Skype Browser Helper Object: {66113d5a-7192-4132-a3ed-6b2806663950} - c:\program files\callinsearch

toolbar\exoode_vc.dll
BHO: {6F282C89-3BD3-4387-92D9-C76428B07E07} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f1e3fd37-ca8d-4ecf-9c5f-c91dbec89e50} - c:\windows\system32\dulurare.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BE77B225-43E0-4D37-BFE8-45B54A0B1035} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: Bonjour: {9999a076-a9e2-4c99-8a2b-632fc9429223} - c:\program files\bonjour\ExplorerPlugin.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\documents and settings\alex\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [UC_Start] c:\program files\ibm\updater\\ucstartup.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [S3TRAY2] S3Tray2.exe
mRun: [IBMPRC] c:\ibmtools\utils\ibmprc.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [RoboPDF] c:\windows\system32\spool\drivers\w32x86\2\RPDFLchr.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [QCWLIcon] c:\progra~1\thinkpad\connec~1\QCWLIcon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [QCTray] c:\progra~1\thinkpad\connec~1\QCTray.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [kunajejayi] Rundll32.exe "c:\windows\system32\rojuyenu.dll",s
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alex\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo\nasnavi\NasNavi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat

5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common

files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autobahn.lnk - c:\program files\autobahn\autobahn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\memeoa~1.lnk -

c:\windows\installer\{17fe46df-24dc-4888-ba8b-1c918a2e79ed}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft

office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software

foundation\apache2.2\bin\ApacheMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql

server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop

search\WindowsSearch.exe
IE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google

gears\internet explorer\0.5.4.2\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program

files\evernote\evernote\enbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: bcgpeople.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} - hxxp://kdx.kontiki.com/kdx/Client403/kdx.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PCANotify - PCANotify.dll
Notify: QConGina - QConGina.dll
AppInit_DLLs: wlmmwk.dll c:\windows\system32\leninuyi.dll exevng.dll wshkfv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\hgGwTnnL relog_ap
LSA: Notification Packages = scecli scecli c:\windows\system32\leninuyi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\4th12nlz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\alex\application

data\mozilla\firefox\profiles\4th12nlz.default\extensions\{6ff1d3c4-61bc-4021-89b7-af8a8f784ebb}\components\snagitmozextensio

n.dll
FF - component: c:\documents and settings\alex\application

data\mozilla\firefox\profiles\4th12nlz.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\comp

onents\ipc.dll
FF - component: c:\documents and settings\alex\application

data\mozilla\firefox\profiles\4th12nlz.default\extensions\{be77b225-43e0-4d37-bfe8-45b54a0b1035}\components\FFAlert.dll
FF - component: c:\documents and settings\alex\application

data\mozilla\firefox\profiles\4th12nlz.default\extensions\ubiquity@labs.mozilla.com\platform\winnt_x86-msvc\components\ubiqui

ty.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\documents and settings\alex\application

data\mozilla\firefox\profiles\4th12nlz.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp

07076007.dll
FF - plugin: c:\documents and settings\alex\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.131.11\npGoogleOneClick5.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCVALNP.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPodBridge32.dll

---- FIREFOX POLICIES ----
//This file last modified on 10:18 AM 4/10/2005 by techlifeblogged[at]gmail.com
//This is basically everything laszlo had in his original post and atmodified as I read through
//the forum
//hxxp://forums.mozillazine.org/viewtopic.php?t=53650&postdays=0&postorder=asc&postsperpage=15&start=0

//All of this goes in a text file called user.js in your profile folder
//the location of your profile folder depends on your operating system
//Go here to find out where yours is hxxp://www.mozilla.org/support/firefox/edit#profile
//And hxxp://www.mozilla.org/support/firefox/edit#user

//!!IMPORTANT!! Some of this needs to be optomized to the speed of your connection!
//Scroll down near the bottom of the page to the special section you need to modify.

//Everyone can benefit from these settings
FF - user.js: general.smoothScroll - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: config.trim_on_minimize - false //Load quicker from a minimized state
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.maxtextrun - 8191
FF - user.js: plugin.expose_full_path - true // Show full path to plugins in about:plugins
FF - user.js: ui.submenuDelay - 0 //Speeds up submenus like Bookmarks
FF - user.js: browser.xul.error_pages.enabled - true // Instead of annoying error dialog messages, display pages
FF - user.js: browser.cache.memory.capacity - 16000 // Prevent memory leak
FF - user.js: browser.display.show_image_placeholders - false //To have images load like IE

//for general network performance
FF - user.js: network.dnsCacheExpiration - 360 // 6 minutes
FF - user.js: network.dnsCacheEntries - 100
FF - user.js: network.dns.disableIPv6 - true
FF - user.js: network.ftp.idleConnectionTimeout - 60 // 1 minute
FF - user.js: network.http.keep-alive.timeout - 30
FF - user.js: network.http.request.max-start-delay - 5
FF - user.js: network.http.connect.timeout - 30
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4

//switch to enable caching of objects served over a secure connection
//WARNING: Setting this to true could be a potential security issue because SSL pages can contain personal information
//that you might not want floating around on your PC.
FF - user.js: browser.cache.disk_cache_ssl - false

// Let remote content link to local (file://) content. This is needed for intranets.
// hxxp://bugzilla.mozilla.org/show_bug.cgi?id=84128#c20
FF - user.js: security.checkloaduri - false

//This could be a potential security risk if set to true. See thread

hxxp://forums.mozillazine.org/viewtopic.php?t=53650&postdays=0&postorder=asc&postsperpage=15&start=75
FF - user.js: signed.applets.codebase_principal_support - false

//==========================================================================================================
//---Begin Special Section based on what type of computer and connection speed you have---
//Change nglayout.initialpaint.delay based on how fast your connection is.
//Higher for slow connections lower for fast.
//recalculate the rest of the settings as commented after each line.
FF - user.js: nglayout.initialpaint.delay - 100 //Try 100 for fast, 750 for dial-up.
FF - user.js: content.notify.interval - 100000 //1000 * nglayout.initialpaint.delay (don't go below 100000)
FF - user.js: content.switch.threshold - 100000 //1000 * nglayout.initialpaint.delay
FF - user.js: content.max.tokenizing.time - 300000 //3 * content.notify.interval
//---End Special Section based on what type of computer and connection speed you have---
//==========================================================================================================

// From Laszlo: If these settings don't give you an improvement,
// you could play with the content. and .initialpaint.delay
// settings. As said above, I got the best results by keeping them
// in synch as in the given example (750000 and 750) while setting
// max.tokenizing.time to a multiple of switch.threshold
// (greater 3; with the values of the above example:
// 3 * 750000 = 2250000, 4 * 750000 = 3000000, ...).
============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2005-4-6 59520]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2002-2-11 33496]
S1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2005-4-6 11520]
S1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.SYS [2000-9-11 10816]
S1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-4-6 2432]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
S1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2005-4-6 4608]
S1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2005-4-6 16384]
S2 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2008-6-13 24635]
S2 gupdate;Google Update Service;c:\program files\google\update\GoogleUpdate.exe [2008-7-16 133104]
S2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2004-9-23 64256]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2008-4-17

25824]
S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-11-5

25968]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S2 svnserveservice;Subversion Svnserve Service;c:\program files\subversion\bin\svnservice.exe [2006-5-10 413696]
S2 TrunkDrive.exe;TrunkDrive;c:\program files\elephantdrive\elephant trunkdrive\TrunkDrive - Service.exe [2008-12-23 116184]
S2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2008-7-22 36352]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-7-2 42376]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-7-2 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-7-2 81288]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2005-4-6 12288]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-7-2 337800]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-7-2 1017224]
S4 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\AWHOST32.EXE [2002-2-15 114749]

=============== Created Last 30 ================

2009-03-01 14:06 129,024 ac-sh--- c:\windows\system32\bujruc.dll
2009-03-01 10:36 <DIR> -cd----- C:\fsaua.data
2009-03-01 02:05 129,024 -c------ c:\windows\system32\exevng.dll
2009-02-28 20:31 5,248 ac------ c:\windows\system32\OEMINFO.PNF
2009-02-28 18:58 <DIR> -cd----- c:\docume~1\alex\applic~1\Malwarebytes
2009-02-28 18:58 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-02-28 18:57 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-28 18:57 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-28 18:57 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-02-28 16:57 91,328 ac------ c:\windows\system32\drivers\msfwdrv.sys
2009-02-28 16:57 116,416 ac------ c:\windows\system32\drivers\msfwhlpr.sys
2009-02-28 16:56 53,168 ac------ c:\windows\system32\drivers\MpFilter.sys
2009-02-28 16:52 <DIR> -cd----- c:\program files\Microsoft Windows OneCare Live
2009-02-28 14:05 1,664,319 -c-sh--- c:\windows\system32\olituzem.ini
2009-02-27 06:03 129,024 ac-sh--- c:\windows\system32\fpqsra.dll
2009-02-26 18:02 129,024 ac-sh--- c:\windows\system32\gchgrp.dll
2009-02-21 09:44 <DIR> -cd----- c:\program files\IBP 10
2009-02-21 09:44 <DIR> -cd----- c:\docume~1\alex\applic~1\IBP
2009-02-20 08:55 <DIR> -cd----- c:\program files\CrossLoop
2009-02-17 18:39 <DIR> -cd----- c:\program files\ElephantDrive
2009-02-15 11:40 <DIR> -cd----- c:\program files\Microsoft adCenter
2009-02-15 11:34 <DIR> -cd----- c:\windows\system32\XPSViewer
2009-02-15 11:30 14,048 -c------ c:\windows\system32\spmsg2.dll
2009-02-12 10:28 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\IsolatedStorage
2009-02-12 10:28 <DIR> -cd----- c:\program files\BinTube
2009-02-12 03:05 <DIR> -cd----- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$
2009-02-02 13:52 <DIR> -cd----- c:\docume~1\alex\applic~1\SpeedPPC
2009-02-02 13:52 <DIR> -cd----- c:\program files\SpeedPPC Campaign Builder

==================== Find3M ====================

2009-03-01 14:06 129,024 ac-sh--- c:\windows\system32\jodozome.dll
2009-02-28 14:05 84,992 -c------ c:\windows\system32\farakive.dll
2009-02-28 14:05 129,024 ac-sh--- c:\windows\system32\henijuve.dll
2009-02-27 18:03 84,992 ac-sh--- c:\windows\system32\savudude.dll
2009-02-27 18:03 129,024 ac-sh--- c:\windows\system32\wezinone.dll
2009-02-27 06:03 129,024 ac-sh--- c:\windows\system32\mimihahu.dll
2009-02-27 06:03 84,992 ac-sh--- c:\windows\system32\yuheduzo.dll
2009-02-26 18:02 129,024 ac-sh--- c:\windows\system32\gisekaki.dll
2009-02-26 18:02 84,992 ac-sh--- c:\windows\system32\tawulani.dll
2009-01-19 18:35 853 ac------ c:\program files\training.html
2009-01-19 18:34 853 ac------ c:\program files\index2.html
2009-01-08 09:06 434,688 ac------ c:\windows\system32\ss2uinst.exe
2009-01-08 01:05 410,984 ac------ c:\windows\system32\deploytk.dll
2008-10-01 11:15 60,744 ac------ c:\documents and settings\alex\g2mdlhlpx.exe
2007-11-29 09:35 32 ac------ c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-10-07 08:54 25,600 ac------ c:\documents and settings\alex\usbsermptxp.sys
2007-10-07 08:54 22,768 ac------ c:\documents and settings\alex\usbsermpt.sys

============= FINISH: 8:58:27.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:51 AM

Posted 16 March 2009 - 10:21 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:51 AM

Posted 24 March 2009 - 06:53 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users