Jump to content

Trojan.DNSChanger Help

silerman

By silerman
in Resolved Malware Removal Logs

 Share

Recommended Posts

silerman

silerman

Posted
Posted

Local Adaper Screwed up, can't input static IP Numbers and won't browse on Internet

Steve

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.11

9/28/2010 5:49:32 AM

mbam-log-2010-09-28 (05-49-32).txt

Scan type: Full scan (C:\|G:\|)

Objects scanned: 245951

Time elapsed: 44 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.72,93.188.166.107 -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\SymNoNav\ESUGMSI.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

DDS (Ver_10-03-17.01) - NTFSx86

Run by gloria at 5:41:36.23 on Wed 09/29/2010

Internet Explorer: 6.0.2900.5512

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.583 [GMT -5:00]

AV: Total Protection for Small Business *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\basfipm.exe

C:\Program Files\Canon\DIAS\CnxDIAS.exe

C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe

C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe

C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe

C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\ofps.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton Ghost\Agent\VProTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\logon.scr

Z:\gloria\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\managed virusscan\vscan\ScriptSn.20100519170125.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe"

mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe" /LOGON

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

dRunOnce: [RunNarrator] Narrator.exe

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.778.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxsrvc.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-11-19 214664]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2008-5-14 14144]

R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-12-16 222528]

R2 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2006-11-19 144704]

R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2006-11-19 282824]

R2 SWAGENT;SonicWALL Agent Service;c:\program files\mcafee\managed virusscan\agent\swAgent.exe [2006-11-19 202048]

R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2006-11-19 79816]

R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2006-11-19 35272]

R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-1-19 11520]

S0 cerc6;cerc6; [x]

S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2008-4-14 5120]

S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2008-5-14 34248]

=============== Created Last 30 ================

2010-09-29 10:40:10 0 ----a-w- c:\documents and settings\gloria.rcelectric\defogger_reenable

2010-09-28 17:56:45 159744 ----a-w- c:\windows\system32\igfxres.dll

2010-09-28 17:48:59 20992 -c--a-w- c:\windows\system32\dllcache\permchk.dll

2010-09-28 17:47:59 97792 -c--a-w- c:\windows\system32\dllcache\chtmbx.dll

2010-09-28 17:46:09 488 ---ha-r- c:\windows\system32\logonui.exe.manifest

2010-09-28 17:46:03 749 ---ha-r- c:\windows\WindowsShell.Manifest

2010-09-28 17:46:03 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest

2010-09-28 17:46:03 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest

2010-09-28 17:46:03 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest

2010-09-28 17:46:03 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest

2010-09-28 17:07:49 98816 ----a-w- c:\windows\sed.exe

2010-09-28 17:07:49 77312 ----a-w- c:\windows\MBR.exe

2010-09-28 17:07:49 256512 ----a-w- c:\windows\PEV.exe

2010-09-28 17:07:49 161792 ----a-w- c:\windows\SWREG.exe

2010-09-28 17:07:40 0 d-s---w- C:\ComboFix

2010-09-28 12:25:46 0 d-----w- c:\windows\msapps

2010-09-28 12:25:46 0 d-----w- c:\windows\Dell

2010-09-28 01:05:15 0 d-----w- c:\docume~1\gloria~1.rce\applic~1\SUPERAntiSpyware.com

2010-09-28 01:05:15 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-09-27 22:40:56 0 d-----w- c:\program files\SUPERAntiSpyware

2010-09-27 22:23:09 348160 ----a-w- c:\windows\unSpySweeper.exe

2010-09-27 21:55:16 0 d-----w- c:\program files\Lavasoft

2010-09-17 18:05:11 0 d-----w- c:\docume~1\gloria~1.rce\applic~1\webex

2010-09-16 12:57:40 3249 ----a-w- c:\windows\system32\wbem\Outlook_01cb559ebeb8a3a0.mof

==================== Find3M ====================

2010-09-28 17:44:46 24792 -c--a-w- c:\windows\system32\emptyregdb.dat

2010-07-22 05:57:20 5120 -c--a-w- c:\windows\system32\xpsp4res.dll

============= FINISH: 5:42:23.62 ===============

ark.zip

Attach.zip

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
silerman

silerman

Posted
  • Author
Posted

Here is my Combo Fix Log:

By the way combofix repaired my issue!

Thank you.

ComboFix 10-09-29.04 - gloria 09/30/2010 5:44.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.546 [GMT -5:00]

Running from: z:\gloria\ComboFix.exe

AV: Total Protection for Small Business *On-access scanning disabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk

c:\windows\system32\drivers\fad.sys

c:\windows\system32\encapi32.dll

c:\windows\system32\spool\prtprocs\w32x86\xO931i9q.dll

.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))))

.

2010-09-28 18:22 . 2010-09-28 18:22 108976 ----a-w- c:\documents and settings\administrator.RCELECTRIC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-28 18:22 . 2010-09-28 18:22 -------- d-----w- c:\documents and settings\administrator.RCELECTRIC\Application Data\McAfee

2010-09-28 18:21 . 2010-09-28 18:21 -------- d-----w- c:\documents and settings\administrator.RCELECTRIC\Application Data\Malwarebytes

2010-09-28 17:56 . 2004-08-20 20:50 159744 ----a-w- c:\windows\system32\igfxres.dll

2010-09-28 17:48 . 2008-04-14 12:00 20992 -c--a-w- c:\windows\system32\dllcache\permchk.dll

2010-09-28 17:47 . 2008-04-14 12:00 97792 -c--a-w- c:\windows\system32\dllcache\chtmbx.dll

2010-09-28 17:35 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2010-09-28 17:35 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2010-09-28 17:35 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2010-09-28 17:35 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2010-09-28 12:25 . 2010-09-28 12:25 -------- d-----w- c:\windows\msapps

2010-09-28 12:25 . 2010-09-28 12:25 -------- d-----w- c:\windows\Dell

2010-09-28 01:05 . 2010-09-28 01:05 63488 ----a-w- c:\documents and settings\Gloria.RCELECTRIC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-28 01:05 . 2010-09-28 01:05 52224 ----a-w- c:\documents and settings\Gloria.RCELECTRIC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-09-28 01:05 . 2010-09-28 01:05 117760 ----a-w- c:\documents and settings\Gloria.RCELECTRIC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-28 01:05 . 2010-09-28 01:05 -------- d-----w- c:\documents and settings\Gloria.RCELECTRIC\Application Data\SUPERAntiSpyware.com

2010-09-28 01:05 . 2010-09-28 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-09-27 22:40 . 2010-09-28 18:50 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-09-27 22:23 . 2003-10-16 04:52 348160 ----a-w- c:\windows\unSpySweeper.exe

2010-09-27 21:55 . 2010-09-27 21:55 -------- d-----w- c:\program files\Lavasoft

2010-09-17 18:05 . 2010-09-17 18:05 -------- d-----w- c:\documents and settings\Gloria.RCELECTRIC\Application Data\webex

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-28 17:56 . 2005-06-06 13:34 108976 ----a-w- c:\documents and settings\Gloria.RCELECTRIC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-28 17:44 . 2004-08-11 22:12 24792 -c--a-w- c:\windows\system32\emptyregdb.dat

2010-09-28 01:07 . 2005-05-05 15:16 -------- d-----w- c:\program files\Common Files\Adobe

2010-09-28 01:07 . 2006-11-19 22:03 -------- d-----w- c:\program files\Webroot

2010-08-13 13:26 . 2010-08-13 13:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee

2010-08-10 12:56 . 2010-08-10 12:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2010-08-06 21:37 . 2010-08-06 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-08-06 21:11 . 2010-08-06 21:11 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe

2010-07-22 05:57 . 2009-04-16 02:17 5120 -c--a-w- c:\windows\system32\xpsp4res.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-20 2245984]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-10 77824]

"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-05-11 476480]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk

backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzzHPSETUP]

d:\setup.exe \RESET [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2004-08-20 20:51 118784 -c--a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-05-12 04:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2004-08-20 20:55 155648 -c--a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2006-02-10 14:22 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-06-25 14:06 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 22:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\Program Files\\Canon\\DIAS\\CnxDIAS.exe"=

"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"59152:UDP"= 59152:UDP:SonicWALL Compliance 59152

"59153:UDP"= 59153:UDP:SonicWALL Compliance 59153

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [5/14/2008 9:30 PM 14144]

R2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [11/19/2006 5:13 PM 202048]

R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 6:13 PM 1553896]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [1/19/2010 3:53 PM 11520]

S0 cerc6;cerc6; [x]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [12/16/2009 8:31 PM 222528]

S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [11/19/2006 5:12 PM 282824]

S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\SYSTEM32\dllhost.exe [4/14/2008 7:00 AM 5120]

.

Contents of the 'Scheduled Tasks' folder

2010-09-25 c:\windows\Tasks\defrag.job

- c:\windows\SYSTEM32\defrag.exe [2008-04-14 12:00]

2010-09-25 c:\windows\Tasks\Disk Cleanup.job

- c:\windows\SYSTEM32\cleanmgr.exe [2008-04-14 12:00]

.

.

------- Supplementary Scan -------

.

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: {CAD9ED74-70C3-4379-A14D-FB446B3B44C9} = 10.46.65.3

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-McAfee Managed Services Tray - c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe

SafeBoot-WebrootSpySweeperService

MSConfigStartUp-BuildBU - c:\dell\bldbubg.exe

MSConfigStartUp-MVS Splash - c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe

AddRemove-MVS - c:\progra~1\McAfee\MANAGE~1\Agent\myinx

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\igfxsrvc.dll

c:\windows\system32\hccutils.DLL

- - - - - - - > 'winlogon.exe'(2712)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

Completion time: 2010-09-30 05:48:44

ComboFix-quarantined-files.txt 2010-09-30 10:48

Pre-Run: 60,618,424,320 bytes free

Post-Run: 60,598,693,888 bytes free

- - End Of File - - 55C09B0543A10F355C1B7026451DB64D

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

There is more to do here, so let's continue.

Please download this file and save it as it's originally named, next to ComboFix.exe.

RC1-4.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

-screen317

Link to post
Share on other sites
  • 3 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.