Jump to content

Trojans- Agent, Vundo.H : Too many system processes in TaskMgr


Recommended Posts

Hi,

I have been using MBAM(free) for last 1 year, really appreciate the software. Just today I installed a kids-software with crack, that resulted in the trojans AGENT/VUNDO.H Please help me as I have only one laptop and managed to do some cleaning based on your instruction post. But still my laptop is very very slow. Moreover when I run GMER program my laptop re-booted itself, so I ignored that step.

Waiting for your quick reply.

Thanks.

DDS Log:

=========================================================

DDS (Ver_10-03-17.01) - NTFSx86

Run by RituDeepa at 0:38:22.56 on 04/04/2010

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.33 [GMT 8:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\PROGRA~1\Webshots\315~1.761\webshots.scr

svchost.exe

C:\Program Files\AGI\core\4.0\AGCoreService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\RituDeepa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\RituDeepa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\ntvdm.exe

C:\VIJAY\XDOWNL~1\DDS.COM

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop

uInternet Settings,ProxyOverride = localhost

uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll

BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll

BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL

TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)" -"http://www.dositey.com/2008/language/phonics/phonics1.htm"

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE

mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [NPSStartup]

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

StartupFolder: c:\docume~1\ritude~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7613\Launcher.exe

IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\dap\dapextie.htm

IE: Download &all with DAP - c:\program files\dap\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ritude~1\applic~1\mozilla\firefox\profiles\8jici1n1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll

FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\documents and settings\ritudeepa\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll

FF - plugin: c:\program files\divx\divx content uploader\npUpload.dll

FF - plugin: c:\program files\divx\divx player\npDivxPlayerPlugin.dll

FF - plugin: c:\program files\divx\divx web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeploytk.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin2.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin3.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin4.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin5.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin6.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin7.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-3-18 58048]

R2 AGCoreService;AG Core Services;c:\program files\agi\core\4.0\AGCoreService.exe [2009-11-9 20480]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-3-27 233472]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2007-3-18 102463]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]

R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2004-9-22 221191]

R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2004-9-22 28672]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-3-27 36608]

R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2007-3-18 108256]

S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [2008-12-24 7936]

S4 rcp_service;ReaConverter scheduler service;c:\program files\reaconverter 5.5 pro\rcp_scheduler.exe [2007-11-30 558592]

=============== Created Last 30 ================

2010-04-03 16:29:30 0 ----a-w- c:\docume~1\ritude~1\defogger_reenable

2010-04-03 15:00:37 0 d-----w- c:\progra~1\Trend Micro

2010-04-03 02:39:59 0 d-----w- C:\c64a43e4c57cd4e9e511619d009041

2010-04-03 01:38:54 0 d-----w- C:\downloads

2010-04-03 01:31:39 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-04-03 01:31:16 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-04-03 01:14:44 0 d-----w- c:\windows\system32\XPSViewer

2010-04-03 01:11:54 14048 ------w- c:\windows\system32\spmsg2.dll

2010-04-03 00:38:50 0 d-----w- c:\docume~1\ritude~1\applic~1\VitySoft

2010-03-31 12:48:10 0 d-----w- c:\progra~1\AnyBizSoft

2010-03-27 09:12:03 0 d-----w- c:\progra~1\MarkAny

2010-03-27 08:40:15 0 d-----w- c:\windows\system32\NtmsData

2010-03-27 08:15:18 319456 ----a-w- c:\windows\system32\DIFxAPI.dll

2010-03-27 08:15:12 90624 ----a-w- c:\windows\system32\nmwcdcls.dll

2010-03-27 08:15:06 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2010-03-27 08:13:33 0 d-----w- c:\windows\system32\Samsung_USB_Drivers

2010-03-27 08:13:10 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys

2010-03-27 08:13:10 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe

2010-03-27 08:13:10 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll

2010-03-27 08:12:45 0 d-----w- c:\docume~1\ritude~1\applic~1\Samsung

2010-03-27 08:11:52 0 d-----w- c:\progra~1\PC Connectivity Solution

2010-03-27 08:10:49 0 d-----w- c:\progra~1\Samsung

2010-03-27 07:57:53 0 d-----w- c:\progra~1\Windows Mobile Device Handbook

2010-03-14 11:57:16 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys

2010-03-14 11:57:16 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2010-03-14 11:57:14 129784 ------w- c:\windows\system32\pxafs.dll

2010-03-14 11:56:43 0 d-----w- c:\progra~1\DivX

2010-03-14 09:14:29 0 d-----w- c:\progra~1\common~1\DivX Shared

2010-03-13 17:39:01 0 d-----w- c:\windows\SxsCaPendDel

2010-03-13 16:57:31 120056 ------w- c:\windows\system32\pxcpyi64.exe

2010-03-13 16:57:31 118520 ------w- c:\windows\system32\pxinsi64.exe

==================== Find3M ====================

2010-03-29 16:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-29 16:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2010-03-10 13:18:20 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-02-23 05:20:02 634648 ------w- c:\windows\system32\dllcache\iexplore.exe

2010-02-23 05:18:28 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

2009-12-06 12:03:45 244 ----a-w- c:\progra~1\setuplog.txt

2007-02-10 07:19:23 22 --sha-w- c:\windows\sminst\HPCD.sys

2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-11-10 07:58:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111020081111\index.dat

============= FINISH: 0:40:54.54 ===============

================================================================================

===

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:01:44 AM, on 04/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\PROGRA~1\Webshots\315~1.761\webshots.scr

C:\Program Files\AGI\core\4.0\AGCoreService.exe

C:\Documents and Settings\RituDeepa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Documents and Settings\RituDeepa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: agihelper.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing)

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)" -"http://www.dositey.com/2008/language/phonics/phonics1.htm"

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.0\AGCoreService.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 9389 bytes

================================================================================

=============

First-Scan MBAM

Malwarebytes' Anti-Malware 1.34

Database version: 1814

Windows 5.1.2600 Service Pack 3

04/03/2010 9:59:29 PM

mbam-log-2010-04-03 (21-59-29).txt

Scan type: Quick Scan

Objects scanned: 25921

Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b4a3dd8-2e81-3005-8b94-02e2ed96ff9d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1b4a3dd8-2e81-3005-8b94-02e2ed96ff9d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\xwr38692.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

================================================================================

=====

Full Scan MBAM :

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

04/04/2010 12:17:45 AM

mbam-log-2010-04-04 (00-17-45).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 212207

Time elapsed: 1 hour(s), 54 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\ctfmon_oq.exe (Trojan.Agent) -> Quarantined and deleted successfully.

================================================================================

==================

Attach.rar

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.