Welcome, Guest. Please Login or Register.
Search
Members
Login
Register
   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   please check my log		 « Previous topic | Next topic »
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: please check my log  (Read 1134 times)
Thomas
Full Member
***






   


Gender: male
 Posts: 233
please check my log
« on: Jun 28th, 2010, 8:11am »		 Quote Quote  Modify Modify
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:09:06 AM, on 6/28/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.1892 8 )
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\MpcStar\mpcstar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\april\Desktop\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsid ewiki.html
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsr v.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV .exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
 
--
End of file - 4639 bytes
« Last Edit: Jun 28th, 2010, 8:12am by Thomas » IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
Thomas
Full Member
***






   


Gender: male
 Posts: 233
Re: please check my log
« Reply #1 on: Jun 28th, 2010, 8:13am »		 Quote Quote  Modify Modify
ComboFix 10-06-25.02 - april 06/26/2010   2:04.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3034.1901 [GMT -5:00]
Running from: c:\users\april\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\programdata\80308f4
c:\programdata\80308f4\210813.reg
c:\programdata\80308f4\mcp.ico
c:\programdata\80308f4\SM8030_314.exe
c:\programdata\80308f4\SMAV.ico
c:\programdata\80308f4\SMAVSys\vd952342.bd
c:\users\april\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.dll
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\april\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\april\AppData\Roaming\Microsoft\Windows\Start Menu\Security Master AV.lnk
c:\users\april\AppData\Roaming\Security Master AV
c:\users\april\AppData\Roaming\Security Master AV\Instructions.ini
c:\users\april\Desktop\Security Master AV.lnk
c:\windows\system32\st326162.dll
 
.
(((((((((((((((((((((((((   Files Created from 2010-05-26 to 2010-06-26  )))))))))))))))))))))))))))))))
.
 
2010-06-26 03:24 . 2010-06-26 03:24--------d-sh--w-c:\programdata\SMDCXPSFBTAV
2010-06-24 08:00 . 2009-11-08 15:5599176----a-w-c:\windows\system32\PresentationHostProxy.dll
2010-06-24 08:00 . 2009-11-08 15:5549472----a-w-c:\windows\system32\netfxperf.dll
2010-06-24 08:00 . 2009-11-08 15:55297808----a-w-c:\windows\system32\mscoree.dll
2010-06-24 08:00 . 2009-11-08 15:55295264----a-w-c:\windows\system32\PresentationHost.exe
2010-06-24 08:00 . 2009-11-08 15:551130824----a-w-c:\windows\system32\dfshim.dll
2010-06-23 13:20 . 2010-04-16 16:4328672----a-w-c:\windows\system32\Apphlpdm.dll
2010-06-23 13:20 . 2010-04-16 14:394240384----a-w-c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-21 16:58 . 2010-06-24 14:43--------d-----w-c:\programdata\boost_interprocess
2010-06-21 16:57 . 2010-06-21 16:59--------d-----w-c:\users\april\AppData\Roaming\TigerPlayer
2010-06-21 16:57 . 2010-06-21 16:57--------d-----w-c:\programdata\Apple Computer
2010-06-21 16:56 . 2010-06-21 16:57--------d-----w-c:\program files\MpcStar
2010-06-21 16:55 . 2010-06-21 16:55--------d-----w-c:\program files\AC3Filter
2010-06-21 16:54 . 2010-06-21 16:5457344----a-w-c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-20 23:16 . 2010-06-20 23:16--------d-----w-c:\program files\uTorrent
2010-06-20 23:15 . 2010-06-24 00:59--------d-----w-c:\users\april\AppData\Roaming\uTorrent
2010-06-16 18:22 . 2010-06-16 18:22--------d-----w-c:\programdata\WindowsSearch
2010-06-15 01:32 . 2010-06-15 01:32--------d-----w-c:\program files\ZooskMessenger
2010-06-10 01:55 . 2010-04-05 17:0167072----a-w-c:\windows\system32\asycfilt.dll
2010-06-10 01:55 . 2010-05-26 17:0634304----a-w-c:\windows\system32\atmlib.dll
2010-06-10 01:55 . 2010-05-26 14:47289792----a-w-c:\windows\system32\atmfd.dll
2010-06-09 08:16 . 2010-06-09 08:16--------d-----w-c:\program files\YTK Enhanced
2010-06-06 13:29 . 2010-06-09 06:01--------d-----w-c:\program files\Veoh Networks
2010-06-04 02:46 . 2010-06-04 02:48--------d-----w-c:\program files\CCleaner
2010-06-03 17:14 . 2010-06-03 17:14--------d-----w-c:\program files\Mind Quiz
2010-06-02 01:34 . 2010-06-04 02:09--------d-----w-c:\program files\Microsoft Silverlight
2010-06-01 19:13 . 2010-06-09 07:00--------d-----w-c:\users\april\AppData\Roaming\YTK Enhanced
2010-05-30 14:10 . 2010-05-30 14:10--------d-----w-c:\users\april\AppData\Roaming\com.zoosk.Desktop.09 6E6A67431258A508A2446A847B240591D2C99B.1
2010-05-30 14:10 . 2010-05-30 14:0838784----a-w-c:\users\april\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-30 14:10 . 2010-05-30 14:10--------d-----w-c:\program files\Common Files\Adobe AIR
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 10:24 . 2010-05-21 14:07--------d-----w-c:\program files\SUPERAntiSpyware
2010-06-10 10:23 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail
2010-06-08 15:23 . 2010-05-23 02:11--------d-----w-c:\program files\Digital Asphyxia
2010-06-04 22:10 . 2010-05-21 17:1663488----a-w-c:\users\april\AppData\Roaming\SUPERAntiSpyware.com\SU PERAntiSpyware\SDDLLS\SD10006.dll
2010-06-04 22:10 . 2010-05-21 17:16117760----a-w-c:\users\april\AppData\Roaming\SUPERAntiSpyware.com\S UPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-24 18:33 . 2010-05-24 18:33--------d-----w-c:\program files\Windows Portable Devices
2010-05-24 18:33 . 2006-11-02 10:25665600----a-w-c:\windows\inf\drvindex.dat
2010-05-24 18:33 . 2010-05-24 18:330---ha-w-c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-23 23:33 . 2006-11-02 12:35--------d-----w-c:\program files\Windows Sidebar
2010-05-23 23:33 . 2006-11-02 12:35--------d-----w-c:\program files\Windows Photo Gallery
2010-05-23 23:33 . 2006-11-02 12:35--------d-----w-c:\program files\Windows Collaboration
2010-05-23 23:33 . 2006-11-02 12:35--------d-----w-c:\program files\Windows Calendar
2010-05-23 23:33 . 2006-11-02 12:35--------d-----w-c:\program files\Windows Defender
2010-05-23 02:12 . 2010-05-23 02:12--------d-----w-c:\users\april\AppData\Roaming\Digital Asphyxia
2010-05-23 02:12 . 2010-05-23 02:12--------d-----w-c:\programdata\Digital Asphyxia
2010-05-23 02:11 . 2010-05-23 02:11--------d-----w-c:\programdata\Tarma Installer
2010-05-23 02:11 . 2010-05-23 02:1182432--s---r-c:\programdata\Tarma Installer\{D6B25B8D-0566-42B1-A23D-7576138435D6}\Setup.exe
2010-05-23 01:44 . 2010-05-23 01:44--------d-----w-c:\programdata\Yahoo!
2010-05-23 01:44 . 2010-05-23 01:44--------d-----w-c:\program files\Yahoo!
2010-05-22 00:23 . 2010-05-22 00:22--------d-----w-c:\program files\Common Files\Adobe
2010-05-21 19:14 . 2010-01-06 12:17221568------w-c:\windows\system32\MpSigStub.exe
2010-05-21 17:16 . 2010-05-21 17:1652224----a-w-c:\users\april\AppData\Roaming\SUPERAntiSpyware.com\SU PERAntiSpyware\SDDLLS\SD10005.dll
2010-05-21 14:07 . 2010-05-21 14:07--------d-----w-c:\programdata\SUPERAntiSpyware.com
2010-05-21 14:07 . 2010-05-21 14:07--------d-----w-c:\users\april\AppData\Roaming\SUPERAntiSpyware.com  
2010-05-21 14:07 . 2010-05-21 14:07--------d-----w-c:\program files\Common Files\Wise Installation Wizard
2010-05-16 16:24 . 2010-05-16 16:24--------d-----w-c:\programdata\EmailNotifier
2010-05-16 16:23 . 2010-05-16 16:2318944----a-r-c:\users\april\AppData\Roaming\Microsoft\Installer\{8F 018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-05-13 04:38 . 2010-05-13 04:37--------d-----w-c:\users\april\AppData\Roaming\MySpace
2010-05-13 04:37 . 2010-05-13 04:37--------d-----w-c:\programdata\Roaming
2010-05-13 04:36 . 2010-05-13 04:337631232----a-w-c:\users\april\AppData\Roaming\MySpace\IM\Install\MS IMClientSetup.1.0.823.0-static-A.exe
2010-05-09 22:09 . 2010-05-09 22:07--------d-----w-c:\users\april\AppData\Roaming\Yahoo!
2010-05-09 22:07 . 2010-05-09 22:07262144----a-w-c:\programdata\ntuser.dat
2010-05-04 05:59 . 2010-06-10 01:59916480----a-w-c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 01:5971680----a-w-c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 01:59109056----a-w-c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 01:59133632----a-w-c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 01:592037248----a-w-c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 02:262048----a-w-c:\windows\system32\tzres.dll
2010-04-20 20:45 . 2010-05-23 01:44607472----a-w-c:\programdata\Yahoo!\YUpdater\yupdater.exe
2010-04-16 16:43 . 2010-06-23 13:20173056----a-w-c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 13:20458752----a-w-c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 13:20542720----a-w-c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 13:202159616----a-w-c:\windows\AppPatch\AcGenral.dll
2010-04-12 21:29 . 2010-04-26 12:57411368----a-w-c:\windows\system32\deployJava1.dll
2010-01-05 04:05 . 2009-04-11 19:018192--sha-w-c:\windows\Users\Default\NTUSER.DAT
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown  
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-12 2403568]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-01 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-01 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-01 483428]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
 
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ef,a7,1f,07,d1,fa,ca,01
 
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-28 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef805 6\aestsrv.exe [2009-04-01 81920]
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetworkREG_MULTI_SZ   PLA DPS BFE mpssvc
LocalServiceAndNoImpersonationREG_MULTI_SZ   FontCache
.
Contents of the 'Scheduled Tasks' folder
 
2010-06-26 c:\windows\Tasks\User_Feed_Synchronization-{62D09183-134D-4599-AA15-5ED0 E9810CAB}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsid ewiki.html
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -
 
BHO-{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - (no file)
HKCU-Run-Security Master AV - c:\programdata\80308f4\SM8030_314.exe
 
 
 
************************************************************************ **
scanning hidden processes ...  
 
scanning hidden autostart entries ...  
 
scanning hidden files ...  
 
scan completed successfully
hidden files:  
 
************************************************************************ **
.
Completion time: 2010-06-26  02:09:48
ComboFix-quarantined-files.txt  2010-06-26 07:09
 
Pre-Run: 165,977,063,424 bytes free
Post-Run: 165,972,713,472 bytes free
 
- - End Of File - - 1E72C8B7A8BD95C95D07BA05B27D5B4C
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
Thomas
Full Member
***






   


Gender: male
 Posts: 233
Re: please check my log
« Reply #2 on: Jun 28th, 2010, 10:36am »		 Quote Quote  Modify Modify
TrojanHunter Scan Report - Saved 2010-06-28 09:53
 
Warning: Unable to unpack UPX-packed file C:\Program Files\uTorrent\uTorrent.exe
Warning: Unable to unpack UPX-packed file C:\Windows\ERDNT\Hiv-backup\ERDNT.EXE
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: please check my log
« Reply #3 on: Jun 28th, 2010, 12:34pm »		 Quote Quote  Modify Modify
There is nothing malicious showing up in your HJT log.  There is one item that you can FIX using Hijackthis.  Here is the item; I'm confident you know how to FIX it.
 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
 
It looks like Combofix.exe found and removed malicious rogue Security Master AV from your system.  
 
I hope that have the latest TrojanHunter rulesets.  I see that you ran a scan with TrojanHunter.
 
I hope that you have the latest version of SAS V4.39.1002 with the latest core/trace definitions and ran a complete scan with it after running Combofix.
 
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Thomas
Full Member
***






   


Gender: male
 Posts: 233
Re: please check my log
« Reply #4 on: Jun 28th, 2010, 3:49pm »		 Quote Quote  Modify Modify
what about this tom
 
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
Thomas
Full Member
***






   


Gender: male
 Posts: 233
Re: please check my log
« Reply #5 on: Jun 28th, 2010, 5:46pm »		 Quote Quote  Modify Modify
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
 
Generated 06/28/2010 at 05:20 PM
 
Application Version : 4.39.1002
 
Core Rules Database Version : 5122
Trace Rules Database Version: 2934
 
Scan type  : Complete Scan
Total Scan Time : 00:31:24
 
Memory items scanned : 610
Memory threats detected   : 0
Registry items scanned    : 7046
Registry threats detected : 0
File items scanned   : 24869
File threats detected     : 179
 
Adware.Tracking Cookie
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@eaeacom.112.2o7[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@tracker.ytunnelpro[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@imrworldwide[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@ads.pointroll[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@atdmt[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@pointroll[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@adbrite[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@media6degrees[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@specificmedia[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@adinterax[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@advertising[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@ad.yieldmanager[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@ads.veoh[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@ad.wsod[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@specificclick[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@questionmarket[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@msnportal.112.2o7[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@doubleclick[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\april@invitemedia[1].txt
ia.media-imdb.com [ C:\Users\april\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\april\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CWX58WRE ]
a.ads2.msads.net [ C:\Users\april\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CWX58WRE ]
ads2.msads.net [ C:\Users\april\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CWX58WRE ]
b.ads2.msads.net [ C:\Users\april\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CWX58WRE ]
bc.youporn.com [ C:\Users\april\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CWX58WRE ]
convoad.technoratimedia.com [ C:\Users\april\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CWX58WRE ]
core.insightexpressai.com [ C:\Users\april\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CWX58WRE ]
ia.media-imdb.com [ C:\Users\april\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CWX58WRE ]
media.mtvnservices.com [ C:\Users\april\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CWX58WRE ]
media.scanscout.com [ C:\Users\april\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CWX58WRE ]
s0.2mdn.net [ C:\Users\april\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CWX58WRE ]
secure-us.imrworldwide.com [ C:\Users\april\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CWX58WRE ]
spe.atdmt.com [ C:\Users\april\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CWX58WRE ]
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@www.tltrack[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@trvlnet.adbureau[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@insightexpressai[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@adinterax[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@apmebf[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@brighthouse.122.2o7[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@veohnetwork.122.2o7[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@yieldmanager[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@sumtercountysheriff[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@eyewonder[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@www.mediafire[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@microsoftwindows.112.2o7[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@media6degrees[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@doubleclick[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@liveperson[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@liveperson[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@adlegend[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@bluestreak[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@steelhousemedia[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@cb.adbureau[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ehg-zoomerang.hitbox[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@adbureau[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@media.adfrontiers[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@afe.specificclick[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@lucidmedia[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@liveperson[7].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@liveperson[5].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@liveperson[4].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@liveperson[3].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@interclick[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@richmedia.yahoo[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@collective-media[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@walmart.112.2o7[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@bs.serving-sys[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@edgeadx[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@a1.interclick[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@media-general[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@youporn[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@eb.adbureau[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@kontera[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ads.veoh[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ads.pointroll[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@cdn1.trafficmp[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ads.pointroll[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@youporn.videobox[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@burstnet[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@legolas-media[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@www.googleadservices[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@www.googleadservices[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@statcounter[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@at.atwola[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@amazonservices.122.2o7[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@hitbox[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@d.c.y.cltomedia[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@adserving.contextualmarketplace[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ru4[3].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@2o7[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@bannerserve.irocketmedia[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ads.bridgetrack[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ru4[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@imrworldwide[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@server.iad.liveperson[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@clickbangpop[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@trafficmp[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@questionmarket[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@qnsr[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@myroitracking[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@c.f.y.cltomedia[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@googleads.g.doubleclick[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ad.yieldmanager[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ad.yieldmanager[3].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ad.yieldmanager[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@cltomedia[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@specificmedia[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@invitemedia[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@adecn[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@specificclick[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@advertising[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@specificmedia[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@microsoftmachinetranslation.112.2o7[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@advertising[3].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@sales.liveperson[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ad.youporn.videobox[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@www.burstnet[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@mediapromoter[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@eas.apm.emediate[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@atdmt[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@overture[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@burstbeacon[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@realmedia[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ads.undertone[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@realmedia[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@atdmt[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@dmtracker[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@fastclick[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@yadro[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@dominionenterprises.112.2o7[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@oasn04.247realmedia[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@247realmedia[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@divx.112.2o7[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@in.getclicky[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@5.e.y.cltomedia[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@pro-market[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@revsci[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@casalemedia[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@adxpose[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@data.coremetrics[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@mediaplex[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@tacoda[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@adbrite[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ad.wsod[3].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@s.h.y.cltomedia[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@citi.bridgetrack[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@www.burstbeacon[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@adserver.adtechus[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@cheapcycleparts.122.2o7[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ads.pubmatic[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@stats.gamestop[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@content.yieldmanager[3].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@content.yieldmanager[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@nextag[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@adservingdaddy[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@mediafire[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@serving-sys[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@stpetersburgtimes.122.2o7[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@network.realmedia[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@earthlink.122.2o7[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@zedo[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@cdn4.specificclick[3].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@cdn4.specificclick[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@statse.webtrendslive[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@eaeacom.112.2o7[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@tribalfusion[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ads.youporn[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@msnportal.112.2o7[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@tracker.ytunnelpro[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@s.m.y.cltomedia[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@pointroll[1].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@ad.wsod[2].txt
C:\Users\april\AppData\Roaming\Microsoft\Windows\Cookies\Low\april@doubleclick[1].txt
 
Adware.Flash Tracking Cookie
C:\Users\april\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CWX58WRE\BC.YOUPORN.COM
C:\Users\april\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CWX58WRE\CONVOAD.TECHNORATIMEDIA.COM
C:\Users\april\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CWX58WRE\IA.MEDIA-IMDB.COM
C:\Users\april\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CWX58WRE\A.ADS2.MSADS.NET
C:\Users\april\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CWX58WRE\ADS2.MSADS.NET
C:\Users\april\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CWX58WRE\B.ADS2.MSADS.NET
C:\Users\april\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CWX58WRE\SECURE-US.IMRWORLDWIDE.COM
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: please check my log
« Reply #6 on: Jun 28th, 2010, 11:45pm »		 Quote Quote  Modify Modify
on Jun 28th, 2010, 3:49pm, Thomas wrote:
what about this tom
 
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

 
Yes, you can FIX this one also with HJT.
 
Concerning your SAS scan log, your core/trace definitions are 3-4 days out-of-date.  The latest core/trace are 5131/2943 as of this morning.  
 
-  Before you run a new SAS Complete Scan, run CCleaner.  CCleaner should clear out all the tracking cookies and the flash cookies....assuming that you have the Internet Explorer>Cookie option selected in CCleaner under the Windows tab.  
 
-  Then let SAS quarantine anything it finds during the scan.
 
-  Also be sure that you have the latest CCleaner version which is V2.33.1184.  You can download the latest version from the link below.  Download the SLIM version which has no toolbar options in it.
 
http://www.piriform.com/ccleaner/builds
 
BTW... If it is not too much trouble, would you please zip the Combofix quarantine folder Qoobox and submit it to Gavin at submit@misec.net
« Last Edit: Jun 29th, 2010, 12:00am by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Thomas
Full Member
***






   


Gender: male
 Posts: 233
Re: please check my log
« Reply #7 on: Jun 29th, 2010, 12:04am »		 Quote Quote  Modify Modify
on Jun 28th, 2010, 11:45pm, siliconman01 wrote:

 
Yes, you can FIX this one also with HJT.
 
Concerning your SAS scan log, your core/trace definitions are 3-4 days out-of-date.  The latest core/trace are 5131/2943 as of this morning.  
 
-  Before you run a new SAS Complete Scan, run CCleaner.  CCleaner should clear out all the tracking cookies and the flash cookies....assuming that you have the Internet Explorer>Cookie option selected in CCleaner under the Windows tab.  
 
-  Then let SAS quarantine anything it finds during the scan.
 
-  Also be sure that you have the latest CCleaner version which is V2.33.1184.  You can download the latest version from the link below.  Download the SLIM version which has no toolbar options in it.
 
http://www.piriform.com/ccleaner/builds
 
BTW... If it is not too much trouble, would you please zip the Combofix quarantine folder Qoobox and submit it to Gavin at submit@misec.net

 
im 1 step ahead of you tom i sent it before i made the thread
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: please check my log
« Reply #8 on: Jun 29th, 2010, 1:22am »		 Quote Quote  Modify Modify
Great!  Thanks much for your submittal.   Cheesy
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Thomas
Full Member
***






   


Gender: male
 Posts: 233
Re: please check my log
« Reply #9 on: Jun 29th, 2010, 10:06pm »		 Quote Quote  Modify Modify
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
 
Generated 06/29/2010 at 09:57 PM
 
Application Version : 4.39.1002
 
Core Rules Database Version : 5135
Trace Rules Database Version: 2947
 
Scan type  : Complete Scan
Total Scan Time : 00:29:00
 
Memory items scanned : 556
Memory threats detected   : 0
Registry items scanned    : 7046
Registry threats detected : 0
File items scanned   : 24652
File threats detected     : 0
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
Thomas
Full Member
***






   


Gender: male
 Posts: 233
Re: please check my log
« Reply #10 on: Jun 29th, 2010, 11:24pm »		 Quote Quote  Modify Modify
hey tom im downloading Malwarebytes and soon im done i will post the log here
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: please check my log
« Reply #11 on: Jun 30th, 2010, 12:58am »		 Quote Quote  Modify Modify
Okay  Wink
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Thomas
Full Member
***






   


Gender: male
 Posts: 233
Re: please check my log
« Reply #12 on: Jun 30th, 2010, 12:59am »		 Quote Quote  Modify Modify
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org
 
Database version: 4260
 
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
 
6/30/2010 12:51:45 AM
mbam-log-2010-06-30 (00-51-45).txt
 
Scan type: Full scan (C:\|E:\|)
Objects scanned: 215270
Time elapsed: 49 minute(s), 26 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
 
Memory Processes Infected:
(No malicious items detected)
 
Memory Modules Infected:
(No malicious items detected)
 
Registry Keys Infected:
HKEY_CLASSES_ROOT\searchtoolbarlib.csearchtoolbarimpl (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\searchtoolbarlib.csearchtoolbarimpl.1 (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) -> Quarantined and deleted successfully.
 
Registry Values Infected:
(No malicious items detected)
 
Registry Data Items Infected:
(No malicious items detected)
 
Folders Infected:
(No malicious items detected)
 
Files Infected:
(No malicious items detected)
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: please check my log
« Reply #13 on: Jun 30th, 2010, 1:15am »		 Quote Quote  Modify Modify
It appears that MBAM found some leftover registry keys from a previous infection.  Good catch.  Keep MBAM around as a backup scanner.  Be sure to run its update prior to scanning because MBAM issues multiple updates each day.
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Thomas
Full Member
***






   


Gender: male
 Posts: 233
Re: please check my log
« Reply #14 on: Jun 30th, 2010, 1:22am »		 Quote Quote  Modify Modify
allright thanks i was checking if this laptop is clean and it look like it clean
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »