locked
I've got it.... Redirects, can't run TDSS Killer, programs won't run. RRS feed

  • Question

  • I have all the usual symptoms. Slow computer, browser re-directs, can't run windows update, some programs won't run at all, Anti-rootkit utility TDSSKiller starts to instal then stops at 80% and get a windows notification that the program has to close. Also getting windows "Host Process for windows services stopped working and was closed" error message.

    Windows Vista Pro

    Super AntiSpyware log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 04/22/2011 at 10:12 PM

    Application Version : 4.51.1000

    Core Rules Database Version : 6903
    Trace Rules Database Version: 4715

    Scan type : Complete Scan
    Total Scan Time : 00:42:39

    Memory items scanned : 734
    Memory threats detected : 0
    Registry items scanned : 10014
    Registry threats detected : 0
    File items scanned : 6265
    File threats detected : 16

    Adware.Tracking Cookie
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@ad.yieldmanager[1].txt
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@ar.atwola[2].txt
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@user.lucidmedia[1].txt
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@at.atwola[2].txt
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@g-pixel.invitemedia[1].txt
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@ar.atwola[4].txt
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@advertise[2].txt
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@invitemedia[2].txt
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@www.find-quick-results[1].txt
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@ar.atwola[5].txt
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@tacoda.at.atwola[2].txt
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@media6degrees[2].txt
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@cdn.at.atwola[2].txt
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@kaspersky.122.2o7[1].txt
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@segment-pixel.invitemedia[1].txt
    C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@in.getclicky[1].txt

     

    HiJack this log:

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:12:03 PM, on 4/24/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19048)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\AOL Desktop 9.6\waol.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\AOL Desktop 9.6\shellmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Common Files\aol\1248677211\ee\aolsoftware.exe
    C:\Users\XPS M1330\Downloads\hijackthis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.6\AOL.EXE" -b
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - http://dfusionathomeapps.com/innervillian/DISNEY/plugin/DFusionHomeWebPlugIn.Installer.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{08249C07-0314-43EC-9067-D9F8B73E6DDD}: NameServer = 93.188.165.180,93.188.160.240
    O17 - HKLM\System\CCS\Services\Tcpip\..\{98D75055-011D-4784-8D77-E12A4C0AA8C5}: NameServer = 93.188.165.180,93.188.160.240
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FDE72DC6-86FA-4869-8376-516D3ADF93D4}: NameServer = 93.188.165.180,93.188.160.240
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.165.180,93.188.160.240
    O17 - HKLM\System\CS1\Services\Tcpip\..\{08249C07-0314-43EC-9067-D9F8B73E6DDD}: NameServer = 93.188.165.180,93.188.160.240
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.180,93.188.160.240
    O20 - AppInit_DLLs: avgrsstx.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    --
    End of file - 8835 bytes

    • Edited by TriSum Monday, April 25, 2011 1:13 AM
    Sunday, April 24, 2011 12:47 AM

Answers

All replies