Jim F

Any idea how long until I find out how to get rid of this problem? I'm not trying to push, I just don't know what your reply means to me. Thanx! Jim

Hello All! I am new here, so I hope I do this right. I have a PC that is a customer's of mine. It appears as though he decided to download Pro Antispyware 2009 which was a costly mistake to begin with. Anyway...I seem to have removed everything I could find using Malwarebytes, but I still seem to have an issue. The PC has 2 users on it. When I scan under one user with Malwarebytes, it comes up clean. When I scan while logged in under the other user, it keeps telling me about MS Juan and MS Tracking system being infected in the registry. No matter how many times I tell malware to remove the items, they keep coming back. Here are the Malwarebytes, Panda Active Scan, and Hijack This logs. I hope someone can help me get rid of what's left that's indicated by these logs. Please get back to me as soon as you can. Thanx! Jim Malwarebytes' Anti-Malware 1.30 Database version: 1368 Windows 5.1.2600 Service Pack 3 11/6/2008 8:49:20 AM mbam-log-2008-11-06 (08-49-20).txt Scan type: Quick Scan Objects scanned: 48063 Time elapsed: 4 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Panda Active Scan ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-11-06 11:08:28 PROTECTIONS: 1 MALWARE: 30 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== AVG Anti-Virus Free 8.0 Yes Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@trafficmp[2].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@casalemedia[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@atdmt[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@247realmedia[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@fastclick[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@fastclick[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@tribalfusion[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt 00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@7search[2].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@com[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@statcounter[1].txt 00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@counter.hitslink[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@apmebf[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@apmebf[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@bs.serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@bs.serving-sys[1].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@server.iad.liveperson[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@advertising[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@ads.pointroll[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@overture[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@realmedia[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@questionmarket[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@questionmarket[2].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@zedo[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@adrevolver[2].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@target[1].txt 00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@ads.addynamix[1].txt 00442549 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\System32\pdxdnl.dll 00442549 Spyware/Virtumonde Spyware No 1 Yes No C:\RECYCLER\S-1-5-21-220523388-1292428093-839522115-1004\Dc1.dll 01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-220523388-1292428093-839522115-1004\Dc2.txt 01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-220523388-1292428093-839522115-1004\Dc3.txt 03967136 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\System32\lmxpbb.dll 03967136 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\lmxpbb.dll 03967136 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\nyubxsuw.dll 03967136 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\lmxpbb.dll ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location =a ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description =a ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:11:57 AM, on 11/6/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\sistray.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f5a9241209154da698a18e18943860c5 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f5a9241209154da698a18e18943860c5 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll dbzggn.dll crjqyz.dll tqvqxc.dll bunpjm.dll hoznmb.dll zguqkt.dll lmxpbb.dll qjeiar.dll pdxdnl.dll O20 - Winlogon Notify: qoMgeFYs - qoMgeFYs.dll (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 4644 bytes