Jump to content

metrotheme

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by metrotheme

  1. Malwarebytes' Anti-Malware 1.30 Database version: 1378 Windows 5.1.2600 Service Pack 2 11/12/2008 6:10:29 AM mbam-log-2008-11-12 (06-10-29).txt Scan type: Quick Scan Objects scanned: 49540 Time elapsed: 9 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{28caeff3-0f18-4036-b504-51d73bd81abc} (Adware.MediaAccess) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINNT\system32\av.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HJT LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:12:07 AM, on 11/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\AOL\1155758737\ee\AOLSoftware.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AOL 9.1\waol.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINNT\System32\svchost.exe C:\WINNT\wanmpsvc.exe C:\WINNT\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\AOL 9.1\shellmon.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Program Files\Malwarebytes' Anti-Malware\mba.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\Program Files\Trend Micro\HijackThis\hijackthis.exe C:\PROGRA~1\Symantec\LiveUpdate\AUpdate.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://ie.search.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://espn.go.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155758737\ee\AOLSoftware.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\winrnr.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\rsvpsp.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\rsvpsp.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll O15 - Trusted Zone: http://free.aol.com O16 - DPF: DirectAnimation Java Classes - file://C:\WINNT\Java\classes\dajava.cab O16 - DPF: Microsoft XML Parser for Java - file://C:\WINNT\Java\classes\xmldso.cab O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} - http://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} - http://codecs.microsoft.com/codecs/i386/voxacm.CAB O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} - http://codecs.microsoft.com/codecs/i386/msaudio.cab O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB O16 - DPF: {10000000-1000-0000-1000-000000000000} - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} - http://codecs.microsoft.com/codecs/i386/i263_32.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} - http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/250d3895325f1f...ip/RdxIE601.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) - http://69.84.106.21:50001/bl_camera.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_04) - O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...7867.7462731482 O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - http://java.sun.com/products/plugin/1.3.1/...-131_02-win.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://antivirus.temple.edu/webinstall/webinst.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINNT\system32\msvidctl.dll O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll O18 - Protocol: ipp - (no CLSID) - (no file) O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINNT\System32\inetcomm.dll O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll O18 - Protocol: msdaipp - (no CLSID) - (no file) O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\System32\mshtml.dll O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINNT\system32\msvidctl.dll O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\System32\wiascr.dll O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINNT\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINNT\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\System32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINNT\System32\stobject.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll O23 - Service: Application Layer Gateway Service (ALG) - Microsoft Corporation - C:\WINNT\System32\alg.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Application Management (AppMgmt) - Microsoft Corporation - C:\WINNT\system32\svchost.exe O23 - Service: Windows Audio (AudioSrv) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Computer Browser (Browser) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Indexing Service (CiSvc) - Microsoft Corporation - C:\WINNT\system32\cisvc.exe O23 - Service: COM+ System Application (COMSysApp) - Microsoft Corporation - C:\WINNT\System32\dllhost.exe O23 - Service: Cryptographic Services (CryptSvc) - Microsoft Corporation - C:\WINNT\system32\svchost.exe O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Microsoft Corporation - C:\WINNT\system32\svchost.exe O23 - Service: DHCP Client (Dhcp) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINNT\System32\dmadmin.exe O23 - Service: Logical Disk Manager (dmserver) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: DNS Client (Dnscache) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Error Reporting Service (ERSvc) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Event Log (Eventlog) - Microsoft Corporation - C:\WINNT\system32\services.exe O23 - Service: COM+ Event System (EventSystem) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Help and Support (helpsvc) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: HTTP SSL (HTTPFilter) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Microsoft Corporation - C:\WINNT\System32\imapi.exe O23 - Service: iprip - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Server (lanmanserver) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Workstation (lanmanworkstation) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Microsoft Corporation - C:\WINNT\System32\mnmsrvc.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Microsoft Corporation - C:\WINNT\System32\msdtc.exe O23 - Service: Windows Installer (MSIServer) - Microsoft Corporation - C:\WINNT\System32\msiexec.exe O23 - Service: Net Logon (Netlogon) - Microsoft Corporation - C:\WINNT\System32\lsass.exe O23 - Service: Network Connections (Netman) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Network Location Awareness (NLA) (Nla) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe O23 - Service: NT LM Security Support Provider (NtLmSsp) - Microsoft Corporation - C:\WINNT\System32\lsass.exe O23 - Service: Removable Storage (NtmsSvc) - Microsoft Corporation - C:\WINNT\system32\svchost.exe O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe O23 - Service: Plug and Play (PlugPlay) - Microsoft Corporation - C:\WINNT\system32\services.exe O23 - Service: IPSEC Services (PolicyAgent) - Microsoft Corporation - C:\WINNT\System32\lsass.exe O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS O23 - Service: Protected Storage (ProtectedStorage) - Microsoft Corporation - C:\WINNT\system32\lsass.exe O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Remote Access Connection Manager (RasMan) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Microsoft Corporation - C:\WINNT\system32\sessmgr.exe O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Microsoft Corporation - C:\WINNT\System32\locator.exe O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Microsoft Corporation - C:\WINNT\system32\svchost.exe O23 - Service: QoS RSVP (RSVP) - Microsoft Corporation - C:\WINNT\System32\rsvp.exe O23 - Service: Security Accounts Manager (SamSs) - Microsoft Corporation - C:\WINNT\system32\lsass.exe O23 - Service: Smart Card (SCardSvr) - Microsoft Corporation - C:\WINNT\System32\SCardSvr.exe O23 - Service: Task Scheduler (Schedule) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Secondary Logon (seclogon) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: System Event Notification (SENS) - Microsoft Corporation - C:\WINNT\system32\svchost.exe O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Shell Hardware Detection (ShellHWDetection) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Print Spooler (Spooler) - Microsoft Corporation - C:\WINNT\system32\spoolsv.exe O23 - Service: System Restore Service (srservice) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: SSDP Discovery Service (SSDPSRV) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Microsoft Corporation - C:\WINNT\System32\dllhost.exe O23 - Service: Performance Logs and Alerts (SysmonLog) - Microsoft Corporation - C:\WINNT\system32\smlogsvc.exe O23 - Service: Telephony (TapiSrv) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Terminal Services (TermService) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Themes - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Distributed Link Tracking Client (TrkWks) - Microsoft Corporation - C:\WINNT\system32\svchost.exe O23 - Service: Windows User Mode Driver Framework (UMWdf) - Microsoft Corporation - C:\WINNT\System32\wdfmgr.exe O23 - Service: Universal Plug and Play Device Host (upnphost) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Uninterruptible Power Supply (UPS) - Microsoft Corporation - C:\WINNT\System32\ups.exe O23 - Service: Volume Shadow Copy (VSS) - Microsoft Corporation - C:\WINNT\System32\vssvc.exe O23 - Service: Windows Time (W32Time) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe O23 - Service: WebClient - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Windows Management Instrumentation (winmgmt) - Microsoft Corporation - C:\WINNT\system32\svchost.exe O23 - Service: WMDM PMSP Service - Microsoft Corporation - C:\WINNT\System32\MsPMSPSv.exe O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: WMI Performance Adapter (WmiApSrv) - Microsoft Corporation - C:\WINNT\System32\wbem\wmiapsrv.exe O23 - Service: Security Center (wscsvc) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Automatic Updates (wuauserv) - Microsoft Corporation - C:\WINNT\system32\svchost.exe O23 - Service: Wireless Zero Configuration (WZCSVC) - Microsoft Corporation - C:\WINNT\System32\svchost.exe O23 - Service: Network Provisioning Service (xmlprov) - Microsoft Corporation - C:\WINNT\System32\svchost.exe -- End of file - 22687 bytes
  2. I've been at this all day. I managed to get rid of most of the AV 2009 virus, but there are still left overs. Any search I do on google gives me links that are all redirections to other sites. If I try to update spybot, it will not connect, the same for mcafee. Here are the logs from MBAM: I ran Housecall Micro's scan earlier today as well. Below this is my log file for HJT. I am concerned that I am getting redirected and cannot connect to those protective sites. Malwarebytes' Anti-Malware 1.30 Database version: 1306 Windows 5.1.2600 Service Pack 2 11/11/2008 2:35:45 PM mbam-log-2008-11-11 (14-35-45).txt Scan type: Quick Scan Objects scanned: 49774 Time elapsed: 8 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 9 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\VirusProtectPro 3.4 (Rogue.VirusProtectPro) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully. C:\WINNT\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\VirusProtectPro 3.4\ignored.lst (Rogue.VirusProtectPro) -> Quarantined and deleted successfully. C:\WINNT\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINNT\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully. C:\WINNT\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully. C:\WINNT\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\system32\wini10802.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully. Here is my second one run later in the day. Malwarebytes' Anti-Malware 1.30 Database version: 1306 Windows 5.1.2600 Service Pack 2 11/11/2008 3:46:41 PM mbam-log-2008-11-11 (15-46-41).txt Scan type: Quick Scan Objects scanned: 50358 Time elapsed: 14 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:12:29 PM, on 11/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\AOL\1155758737\ee\AOLSoftware.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe C:\WINNT\System32\NMSSvc.exe C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINNT\System32\svchost.exe C:\WINNT\wanmpsvc.exe C:\WINNT\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\AOL 9.1\waol.exe C:\Program Files\AOL 9.1\shellmon.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://espn.go.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155758737\ee\AOLSoftware.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB O16 - DPF: {10000000-1000-0000-1000-000000000000} - O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/250d3895325f1f...ip/RdxIE601.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) - http://69.84.106.21:50001/bl_camera.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_04) - O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://antivirus.temple.edu/webinstall/webinst.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe -- End of file - 6930 bytes
  3. I am in the same situation. MBAM will not run. Spybot will not run. HJT will not run. I cannot update McAfee through AOL. My web browser redirects almost everything to their spam pages and all of my google search results go to a "trick" page. I can't run the detection programs in safe mode neither.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.