Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've got it....


  • Please log in to reply
1 reply to this topic

#1 TriSum

TriSum

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 23 April 2011 - 01:38 AM

I have all the usual symptoms. Slow computer, browser re-directs, can't run windows update, some programs won't run at all, Anti-rootkit utility TDSSKiller starts to instal then stops at 80% and get a windows notification that the program has to close. Also getting windows "Host Process for windows services stopped working and was closed" error message.

Windows 7

Super AntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/22/2011 at 10:12 PM

Application Version : 4.51.1000

Core Rules Database Version : 6903
Trace Rules Database Version: 4715

Scan type : Complete Scan
Total Scan Time : 00:42:39

Memory items scanned : 734
Memory threats detected : 0
Registry items scanned : 10014
Registry threats detected : 0
File items scanned : 6265
File threats detected : 16

Adware.Tracking Cookie
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@ad.yieldmanager[1].txt
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@ar.atwola[2].txt
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@user.lucidmedia[1].txt
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@at.atwola[2].txt
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@g-pixel.invitemedia[1].txt
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@ar.atwola[4].txt
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@advertise[2].txt
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@invitemedia[2].txt
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@www.find-quick-results[1].txt
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@ar.atwola[5].txt
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@tacoda.at.atwola[2].txt
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@media6degrees[2].txt
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@cdn.at.atwola[2].txt
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@kaspersky.122.2o7[1].txt
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@segment-pixel.invitemedia[1].txt
C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@in.getclicky[1].txt

Edited by TriSum, 23 April 2011 - 01:39 AM.


BC AdBot (Login to Remove)

 


#2 TriSum

TriSum
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 24 April 2011 - 08:15 PM

Here's the HiJack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:12:03 PM, on 4/24/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AOL Desktop 9.6\shellmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\aol\1248677211\ee\aolsoftware.exe
C:\Users\XPS M1330\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.6\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - http://dfusionathomeapps.com/innervillian/DISNEY/plugin/DFusionHomeWebPlugIn.Installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{08249C07-0314-43EC-9067-D9F8B73E6DDD}: NameServer = 93.188.165.180,93.188.160.240
O17 - HKLM\System\CCS\Services\Tcpip\..\{98D75055-011D-4784-8D77-E12A4C0AA8C5}: NameServer = 93.188.165.180,93.188.160.240
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDE72DC6-86FA-4869-8376-516D3ADF93D4}: NameServer = 93.188.165.180,93.188.160.240
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.165.180,93.188.160.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{08249C07-0314-43EC-9067-D9F8B73E6DDD}: NameServer = 93.188.165.180,93.188.160.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.180,93.188.160.240
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

--
End of file - 8835 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users