BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Trojan removal help
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Trojan removal help  
Forum Quick Jump
 
New Topic Post reply to : Trojan removal help Printable version of : Trojan removal help
[ << Previous Thread | Next Thread >> ]

bellto2
New Member


Date Joined Jun 2009
Total Posts : 10
 
   Posted 2/8/2011 10:37 AM (GMT +3)    Quote: Trojan removal helpAlert an admin about: Trojan removal help
HI

havent needed to come on here for a while, but i think i may need your much valued help again.

i have a computer that picked up a trojan, so i did an avg scan which came up with nothing.
i then downloaded the latest version of MBAM and did a scan. this brought up several infected items, which i quarantined and deleted.

here is the hijack this log POST mbam scan,

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:30:00 PM, on 8/02/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\jimmy\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: the blinkx toolbar - {F08555B0-9CC3-11D2-AA8E-000000000567} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_shook.dll
O1 - Hosts: ::1 localhost
O2 - BHO: The blinkx Toolbar - {0069B690-7A2B-41C5-98CA-9F535B4C8532} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_bho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O4 - Global Startup: BitTorrent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8181 bytes


and here is the MBAM log file.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5709

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

8/02/2011 5:17:56 PM
mbam-log-2011-02-08 (17-17-46).txt

Scan type: Full scan (C:\|)
Objects scanned: 363497
Time elapsed: 1 hour(s), 16 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 68
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9} (Adware.7FaSSt) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38493F7F-2922-4C6C-9A9A-8DA2C940D0EE} (Adware.7FaSSt) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} (Adware.7FaSSt) -> No action taken.
HKEY_CLASSES_ROOT\BBar.BBarBand.1 (Adware.7FaSSt) -> No action taken.
HKEY_CLASSES_ROOT\BBar.BBarBand (Adware.7FaSSt) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} (Adware.7FaSSt) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} (Adware.7FaSSt) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.ShoppingReports) -> No action taken.
HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport.HbAx (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport.HbAx.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport.IEButton (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport.IEButton.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl.1 (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8A184A2-4675-4B0E-9834-91CC01C45DBB} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{B8A184A2-4675-4B0E-9834-91CC01C45DBB} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B8A184A2-4675-4B0E-9834-91CC01C45DBB} (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} (Adware.7FaSSt) -> Value: {E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Tpedi (Trojan.Agent.U) -> Value: Tpedi -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{696E4A18-0398-B439-4FB2-3777EEC4BA8D} (Trojan.ZbotR.Gen) -> Value: {696E4A18-0398-B439-4FB2-3777EEC4BA8D} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F67463D2-DE64-2B37-7A0A-66BA90533AEF} (Trojan.ZbotR.Gen) -> Value: {F67463D2-DE64-2B37-7A0A-66BA90533AEF} -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\shoppingreport (Adware.ShopperReports) -> No action taken.
c:\program files\shoppingreport\Bin (Adware.ShopperReports) -> No action taken.
c:\program files\shoppingreport\Bin\2.5.0 (Adware.ShopperReports) -> No action taken.
c:\program files\shoppingreport2 (Adware.ShoppingReport2) -> No action taken.
c:\program files\shoppingreport2\Bin (Adware.ShoppingReport2) -> No action taken.
c:\program files\shoppingreport2\Bin\2.7.21 (Adware.ShoppingReport2) -> No action taken.
c:\program files\questbrwsearch (Adware.QuestBrowse) -> No action taken.
c:\programdata\questbrwsearch (Adware.QuestBrowse) -> No action taken.

Files Infected:
c:\program files\shoppingreport2\Bin\2.7.21\shoppingreport.dll (Adware.SmartShopper) -> No action taken.
c:\program files\blinkx remote toolbar\the_blinkx_toolbar.dll (Adware.7FaSSt) -> No action taken.
c:\program files\shoppingreport2\Uninst.exe (Adware.ShoppingReports) -> No action taken.
c:\programdata\questbrwsearch\questbrowse124.exe (Adware.QuestBrowse) -> No action taken.
c:\Users\jimmy\AppData\Roaming\avdrn.dat (Malware.Trace) -> No action taken.
c:\programdata\microsoft\Windows\start menu\AV7\antivirus7.lnk (Rogue.Antivirus7) -> No action taken.
c:\Users\jimmy\AppData\Roaming\Ucew\safu.exe (Trojan.ZbotR.Gen) -> No action taken.


// end file


any help is much appreciated, just want to make sure i have taken care of this properly.

ps, i also created a new restore point, post mbam scan.

thanks very much, Tom.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12980
 
   Posted 2/8/2011 3:24 PM (GMT +3)    Quote: Trojan removal helpAlert an admin about: Trojan removal help
Hello    smile
 
 
Let´s take a closer look.
 
Unfortunately, you are running AVG and that fights with Combofix. So now , to prevent damage to your system, Combofix will no longer allow itself to run on a computer where AVG is installed and active. It's your choice whether you want to uninstall AVG and use another anti virus. Avast offers a free AV here: http://www.avast.com/free-antivirus-download
If you decide to remove AVG,  download and use AVG uninstall tool from: http://kb.eset.com/esetkb/index?page=content&id=SOLN146
 
 
Please download Combofix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
 And save to the desktop.
 
After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:
Exit all windows that are currently open on your computer.
To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.
 
 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply
 
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


 
NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.
 


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

bellto2
New Member


Date Joined Jun 2009
Total Posts : 10
 
   Posted 2/9/2011 8:50 AM (GMT +3)    Quote: Trojan removal helpAlert an admin about: Trojan removal help
ComboFix 11-02-08.02 - jimmy 09/02/2011 15:39:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2046.1381 [GMT 10:00]
Running from: c:\users\jimmy\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AV7
c:\program files\blinkx Remote Toolbar\thE_blinkx_bho.dll
c:\programdata\Microsoft\Windows\Start Menu\AV7
c:\programdata\Microsoft\Windows\Start Menu\AV7\Uninstall.lnk
c:\users\jimmy\AppData\Local\{D006140A-4C98-48D6-A43E-1666A81BE548}
c:\users\jimmy\AppData\Local\{D006140A-4C98-48D6-A43E-1666A81BE548}\chrome.manifest
c:\users\jimmy\AppData\Local\{D006140A-4C98-48D6-A43E-1666A81BE548}\chrome\content\_cfg.js
c:\users\jimmy\AppData\Local\{D006140A-4C98-48D6-A43E-1666A81BE548}\chrome\content\overlay.xul
c:\users\jimmy\AppData\Local\{D006140A-4C98-48D6-A43E-1666A81BE548}\install.rdf
c:\users\jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download programs.url
c:\users\jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games.url
c:\users\jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator.url
c:\users\jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\jimmy\AppData\Roaming\pnmfzy.dat
c:\users\jimmy\Desktop\Download programs.url
c:\users\jimmy\Desktop\Games.url
c:\users\jimmy\Desktop\Translator.url
c:\users\jimmy\Desktop\Videos.url
c:\users\jimmy\FAVORI~1\Download programs.url
c:\users\jimmy\FAVORI~1\Games.url
c:\users\jimmy\FAVORI~1\Translator.url
c:\users\jimmy\FAVORI~1\Videos.url
c:\users\jimmy\Favorites\Download programs.url
c:\users\jimmy\Favorites\Games.url
c:\users\jimmy\Favorites\Translator.url
c:\users\jimmy\Favorites\Videos.url
c:\users\margaret\Desktop\Internet Explorer.lnk
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-02-08 05:43 . 2011-02-08 05:43 -------- d-----w- c:\users\jimmy\AppData\Roaming\Malwarebytes
2011-02-08 05:43 . 2011-02-08 05:43 -------- d-----w- c:\programdata\Malwarebytes
2011-02-08 05:43 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-08 05:43 . 2011-02-08 05:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-08 05:43 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-25 21:51 . 2011-01-25 21:51 -------- d-----w- c:\program files\iPod
2011-01-25 21:51 . 2011-01-25 21:52 -------- d-----w- c:\program files\iTunes
2011-01-25 21:21 . 2011-01-25 21:21 -------- d-----w- c:\windows\en
2011-01-25 21:21 . 2010-09-22 14:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-01-25 21:17 . 2009-09-04 07:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-01-25 21:17 . 2009-09-04 07:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-01-25 21:17 . 2009-09-04 07:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-01-25 21:07 . 2011-01-25 21:07 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\e84497071cbbcd32b\InstallManager_WLE_WLE.exe
2011-01-25 21:07 . 2011-01-25 21:07 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\dee43ad71cbbcd320\MeshBetaRemover.exe
2011-01-25 21:07 . 2011-01-25 21:07 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\cf47f3f71cbbcd318\DXSETUP.exe
2011-01-25 21:07 . 2011-01-25 21:07 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\cf47f3f71cbbcd318\dsetup32.dll
2011-01-25 21:07 . 2011-01-25 21:07 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\cf47f3f71cbbcd318\DSETUP.dll
2011-01-25 21:07 . 2011-01-25 21:07 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\cde61a071cbbcd317\DSETUP.dll
2011-01-25 21:07 . 2011-01-25 21:07 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\cde61a071cbbcd317\DXSETUP.exe
2011-01-25 21:07 . 2011-01-25 21:07 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\cde61a071cbbcd317\dsetup32.dll
2011-01-25 21:06 . 2011-02-08 03:56 -------- d-----w- c:\users\jimmy\AppData\Local\Windows Live
2011-01-25 21:05 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-01-25 04:01 . 2011-02-08 07:18 -------- d-----w- c:\users\jimmy\AppData\Roaming\Ucew
2011-01-25 04:01 . 2011-02-08 05:50 -------- d-----w- c:\users\jimmy\AppData\Roaming\Ytawat
2011-01-16 11:29 . 2011-01-16 11:34 -------- d-----w- c:\program files\PC Speed Up
2011-01-16 11:29 . 2011-01-16 11:30 -------- d-----w- c:\users\jimmy\AppData\Local\OpenCandy
2011-01-16 11:29 . 2011-01-16 11:29 -------- d-----w- c:\users\jimmy\AppData\Roaming\OpenCandy
2011-01-16 11:29 . 2011-01-17 03:34 -------- d-----w- c:\program files\FrostWire
2011-01-14 19:57 . 2011-01-14 19:57 -------- d-----w- c:\program files\Ask.com
2011-01-14 08:19 . 2011-01-14 08:19 -------- d-----w- c:\program files\Xvid
2011-01-14 08:19 . 2008-12-13 10:01 77824 ----a-w- c:\windows\system32\xvid.ax
2011-01-14 08:19 . 2008-12-04 11:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2011-01-14 08:19 . 2008-12-04 11:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2011-01-14 08:09 . 2011-02-09 05:46 -------- d-----w- c:\program files\blinkx Remote Toolbar
2011-01-14 07:09 . 2011-01-15 08:28 -------- d-----w- c:\users\jimmy\AppData\Roaming\Igigys
2011-01-14 07:09 . 2011-01-15 01:38 -------- d-----w- c:\users\jimmy\AppData\Roaming\Ycis
2011-01-14 03:30 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-14 03:30 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-14 03:30 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-14 03:30 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-14 03:30 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-14 03:30 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-14 03:30 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 08:29 . 2010-12-10 08:29 64864 ----a-w- c:\windows\system32\sqlctr90.dll
2010-12-10 08:29 . 2010-12-10 08:29 2248032 ----a-w- c:\windows\system32\sqlncli.dll
2010-11-29 07:38 . 2010-11-29 07:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 07:38 . 2010-11-29 07:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-22 21:42 . 2010-11-08 01:59 0 ----a-w- c:\users\jimmy\AppData\Local\Orunilerihe.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 12:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 12:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 01:49 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blinkx_toolbar]
2009-09-16 13:27 196608 ----a-w- c:\program files\blinkx Remote Toolbar\the_blinkx_toolbar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-12-11 16:31 722256 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link D-Link Wireless G DWA-110]
2008-04-15 01:31 1675264 ----a-w- c:\program files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2005-03-17 04:45 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 07:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 08:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 14:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2005-03-17 04:25 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 07:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-16 21:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 00:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 02:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-11 10:35 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-05-23 501248]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-19 206336]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2008-01-19 4608]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-04 77824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 00:49]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 00:49]

2011-02-09 c:\windows\Tasks\User_Feed_Synchronization-{605C38F3-29FB-4357-B1BD-FDA482F039F5}.job
- c:\windows\system32\msfeedssync.exe [2010-12-19 04:25]

2011-02-09 c:\windows\Tasks\User_Feed_Synchronization-{83ECB63F-2EDC-4784-96E5-F0A635E98F17}.job
- c:\windows\system32\msfeedssync.exe [2010-12-19 04:25]

2011-02-09 c:\windows\Tasks\User_Feed_Synchronization-{9DC2B754-0CD3-479B-B51E-7EDC1E65931D}.job
- c:\windows\system32\msfeedssync.exe [2010-12-19 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\olwfhiii.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14197&locale=en_US&apn_uid=BB28A1DC-E31C-421C-8470-0D92D7A3ABA6&apn_ptnrs=FN&apn_sauid=BD80568A-9DE2-4B8A-85A0-22D6FCABD69C&apn_dtid=TES002YYAU&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-{F67463D2-DE64-2B37-7A0A-66BA90533AEF} - c:\users\jimmy\AppData\Roaming\Ucew\safu.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 15:47
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-09 15:49:18
ComboFix-quarantined-files.txt 2011-02-09 05:49

Pre-Run: 121,048,702,976 bytes free
Post-Run: 120,929,828,864 bytes free

- - End Of File - - B0F4E19D22E1CA1FCBD12DF26AC65B17
Back to Top
 
New Topic Post reply to : Trojan removal help Printable version of : Trojan removal help
 
Forum Information
Currently it is Friday, October 24, 2014 6:24 PM (GMT +3)
There are a total of 60,693 posts in 13,332 threads.
In the last 3 days there were 1 new threads and 27 reply posts. View Active Threads
Who's Online
This forum has 36551 registered members. Please welcome our newest member, 270bajigur.
4 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard firewall blocks dns requests for virtual machine clients (3)10/24/2014 11:55:39 AM (leok)
Errors, warnings, infections, trojans and junk (25)10/24/2014 7:49:17 AM (Touch)