Trojan 'Caiijing' - please please help me guys

BullGuard Antivirus Forum > Virus Removal > Removal Tools > Trojan 'Caiijing' - please please help me guys

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

dj_steve
New Member

Date Joined Jun 2008
Total Posts : 3

Posted 6-25-2008 9:22 (GMT +2)

Help please asap!!!!

my pc has been infected with a Trojan Caiijing.

I know alot of places offer a free scan but is there anyway I can get rid of the virus reliably without paying??

And if I do have to pay, whats the best option?

It has slowed my pc down so much, please guys, help me out.

Thanks guys, :-)

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12798

Posted 6-28-2008 5:22 (GMT +2)

Hello and welcome cool

You don´t have to pay for anything here, as it is a free service -

Click here - ->> http://www.bullguard.com/forum/14/Before-posting-a-log_43561.html

After You have run the scan tools -

Reboot normally

Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT in this topic

Please copy and paste your log. DO NOT add it as an attachment

Kindly do not annotate or format the log with color or font changes.

NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

dj_steve
New Member

Date Joined Jun 2008
Total Posts : 3

Posted 7-1-2008 8:20 (GMT +2)

ComboFix 08-06-30.2 - steve 2008-07-01 19:06:52.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1182 [GMT 1:00]
Running from: C:\Users\steve\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 17:51 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-01 17:51 --------- d-----w C:\Program Files\Adobe Media Player
2008-06-30 23:09 --------- d-----w C:\Program Files\Yahoo!
2008-06-30 22:21 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-30 22:17 --------- d-----w C:\Program Files\CCleaner
2008-06-30 22:12 --------- d-----w C:\Users\steve\AppData\Roaming\SUPERAntiSpyware.com
2008-06-30 22:12 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-06-30 22:12 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-30 22:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 19:17 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-06-30 19:17 67,080 ----a-w C:\Windows\system32\drivers\avgwfpx.sys
2008-06-30 19:17 10,520 ----a-w C:\Windows\System32\avgrsstx.dll
2008-06-30 19:17 --------- d-----w C:\ProgramData\avg8
2008-06-30 19:17 --------- d-----w C:\Program Files\AVG
2008-06-30 18:14 --------- d-----w C:\ProgramData\Symantec
2008-06-30 18:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-30 17:59 --------- d-----w C:\Users\steve\AppData\Roaming\WinBatch
2008-06-30 17:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-29 11:10 174 --sha-w C:\Program Files\desktop.ini
2008-06-29 02:37 --------- d-----w C:\Program Files\Windows Mail
2008-06-29 02:37 --------- d-----w C:\Program Files\Windows Calendar
2008-06-29 02:36 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-29 02:32 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-06-29 02:32 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-06-29 02:32 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-06-29 02:31 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-06-29 02:31 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-06-29 02:31 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-06-29 02:31 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-06-29 02:31 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-06-29 02:31 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-06-29 02:31 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-06-29 02:31 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-06-29 02:31 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-06-29 02:31 2,923,520 ----a-w C:\Windows\explorer.exe
2008-06-29 02:31 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-06-29 02:31 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-06-29 02:28 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-06-29 02:27 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-06-29 02:26 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-06-29 02:26 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-06-29 02:26 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-06-29 02:26 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-06-29 02:26 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-06-29 02:26 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-06-29 02:26 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-06-29 02:26 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-06-29 02:26 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-06-29 02:26 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-06-29 02:26 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-06-29 02:26 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-06-29 02:23 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-06-29 02:23 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-06-29 02:23 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-06-29 02:23 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-06-29 02:22 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-06-29 02:22 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-06-29 02:21 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-06-29 02:21 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-06-29 02:21 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-06-29 02:21 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-06-29 02:21 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-06-29 02:19 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-06-29 02:16 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-06-29 02:16 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-06-29 02:16 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-06-29 02:16 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2008-06-29 02:15 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-06-29 02:14 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-06-29 02:14 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-06-29 02:14 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-06-29 02:14 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-06-29 02:14 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-06-29 02:14 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-06-29 02:14 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-06-29 02:14 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-06-29 02:14 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-06-29 02:14 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-06-29 02:14 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-06-29 02:11 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-06-29 02:11 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-06-29 02:11 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-06-29 02:10 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-29 02:10 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-29 02:10 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-29 02:10 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-29 02:10 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-29 02:10 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-29 02:10 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-06-29 02:09 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-06-29 02:09 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-06-29 02:09 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-06-29 02:09 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-06-29 02:09 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-06-29 02:09 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-06-29 02:09 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-06-29 02:08 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-06-29 02:08 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-06-29 02:08 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-06-29 02:08 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-29 03:11 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 14:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 17:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 11:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-03-12 21:37 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-03-12 21:37 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-03-12 21:37 81920]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 07:11 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-30 20:17 1177368]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\WINDOWS\RtHDVCpl.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{582C01F0-51C7-4627-996F-EB43430EE678}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8BA6DD1D-3C25-49B7-90F3-36BC494F1983}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{9C97BF80-3CAA-4939-BE4A-7306C877AAC7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{40282167-19AA-4F5D-95F4-FC9A425B6528}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{CBC36F81-B49E-402A-809C-8C1DB06A88A4}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{724AF943-709A-4886-AB2F-B3335CA9C83A}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-06-30 20:17]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-30 20:17]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-30 20:17]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-06-30 20:17]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 19:09:07
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-01 19:09:56
ComboFix-quarantined-files.txt 2008-07-01 18:09:53

The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 213,031,387,136 bytes free

173 --- E O F --- 2008-07-01 17:21:54

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:24, on 01/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\hp\kbd\kbd.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Users\steve\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 5609 bytes

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/30/2008 at 11:38 PM

Application Version : 4.15.1000

Core Rules Database Version : 3493
Trace Rules Database Version: 1484

Scan type : Complete Scan
Total Scan Time : 00:24:08

Memory items scanned : 512
Memory threats detected : 0
Registry items scanned : 6478
Registry threats detected : 0
File items scanned : 17342
File threats detected : 1

Adware.Tracking Cookie
C:\Users\steve\AppData\Roaming\Microsoft\Windows\Cookies\Low\steve@indextools.txt

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12798

Posted 7-2-2008 9:37 (GMT +2)

Looks clean. How are things running now ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

dj_steve
New Member

Date Joined Jun 2008
Total Posts : 3

Posted 7-2-2008 7:05 (GMT +2)

Seems to be ok actuallu, I did a system recovery. Is there a chance this could have deleted the trojan?

thanks for your help anyway, sorry to waste your time

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12798

Posted 7-4-2008 8:44 (GMT +2)

You don´t waste My time smile

If the infection was in systemrestore folder, it´s removed now.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Friday, September 05, 2008 7:24 PM (GMT +2)
There are a total of 61.804 posts in 15.428 threads.
In the last 3 days there were 19 new threads and 61 reply posts. View Active Threads