I've got it.... Redirects, can't run TDSS Killer, programs won't run.
I have all the usual symptoms. Slow computer, browser re-directs, can't run windows update, some programs won't run at all, Anti-rootkit utility TDSSKiller starts to instal then stops at 80% and get a windows notification that the program has to close. Also getting windows "Host Process for windows services stopped working and was closed" error message. Windows Vista Pro Super AntiSpyware log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/22/2011 at 10:12 PM Application Version : 4.51.1000 Core Rules Database Version : 6903 Trace Rules Database Version: 4715 Scan type : Complete Scan Total Scan Time : 00:42:39 Memory items scanned : 734 Memory threats detected : 0 Registry items scanned : 10014 Registry threats detected : 0 File items scanned : 6265 File threats detected : 16 Adware.Tracking Cookie C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@ad.yieldmanager[1].txt C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@ar.atwola[2].txt C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@user.lucidmedia[1].txt C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@at.atwola[2].txt C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@g-pixel.invitemedia[1].txt C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@ar.atwola[4].txt C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@advertise[2].txt C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@invitemedia[2].txt C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@www.find-quick-results[1].txt C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@ar.atwola[5].txt C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@tacoda.at.atwola[2].txt C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@media6degrees[2].txt C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@cdn.at.atwola[2].txt C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@kaspersky.122.2o7[1].txt C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@segment-pixel.invitemedia[1].txt C:\Users\XPS M1330\AppData\Roaming\Microsoft\Windows\Cookies\xps_m1330@in.getclicky[1].txt HiJack this log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:12:03 PM, on 4/24/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19048) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\AOL Desktop 9.6\waol.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\AOL Desktop 9.6\shellmon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Common Files\aol\1248677211\ee\aolsoftware.exe C:\Users\XPS M1330\Downloads\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.6\AOL.EXE" -b O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - http://dfusionathomeapps.com/innervillian/DISNEY/plugin/DFusionHomeWebPlugIn.Installer.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{08249C07-0314-43EC-9067-D9F8B73E6DDD}: NameServer = 93.188.165.180,93.188.160.240 O17 - HKLM\System\CCS\Services\Tcpip\..\{98D75055-011D-4784-8D77-E12A4C0AA8C5}: NameServer = 93.188.165.180,93.188.160.240 O17 - HKLM\System\CCS\Services\Tcpip\..\{FDE72DC6-86FA-4869-8376-516D3ADF93D4}: NameServer = 93.188.165.180,93.188.160.240 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.165.180,93.188.160.240 O17 - HKLM\System\CS1\Services\Tcpip\..\{08249C07-0314-43EC-9067-D9F8B73E6DDD}: NameServer = 93.188.165.180,93.188.160.240 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.180,93.188.160.240 O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe -- End of file - 8835 bytes
April 24th, 2011 3:47am

I too have the same problem on Windows 7. Can anyone help
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2011 6:24pm

I too have the same problem on Windows 7. Can anyone help
April 24th, 2011 6:24pm

I too have the same problem on Windows 7. Can anyone help
Free Windows Admin Tool Kit Click here and download it now
April 25th, 2011 1:24am

Find a friend with a computer. Download the following programs into a CD or a flash drive. Take it home and run them. Malwarebytes : http://en.kioskea.net/download/download-105-malwarebytes-anti-malware STOPZilla : http://www.stopzilla.com/products/stopzilla/home.do TDSSKiller : http://www.softpedia.com/get/Antivirus/TDSSKiller.shtmlIf it solves your problem, I did it. If it does not, my twin brother did it.
April 25th, 2011 12:56pm

Nope, didn't work. It won't allow me to run any program that changes settings. Now it won't even allow me to get online. I need someone that know how to go in manually and repair the files. ??????? David
Free Windows Admin Tool Kit Click here and download it now
April 25th, 2011 10:32pm

Nope, didn't work. It won't allow me to run any program that changes settings. Now it won't even allow me to get online. I need someone that know how to go in manually and repair the files. ??????? David
April 25th, 2011 10:32pm

Nope, didn't work. It won't allow me to run any program that changes settings. Now it won't even allow me to get online. I need someone that know how to go in manually and repair the files. ??????? David
Free Windows Admin Tool Kit Click here and download it now
April 26th, 2011 5:32am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics