Jump to content

hueman84

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

Reputation

0 Neutral
  1. hueman84
    And here is my Panda ActiveScan: ANALYSIS: 2008-11-20 02:35:09 PROTECTIONS: 1 MALWARE: 17 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Windows Defender 1.1.3007.0 No No ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Application Data\Flock\Browser\Profiles\sw4omyju.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Application Data\Flock\Browser\Profiles\sw4omyju.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Application Data\Flock\Browser\Profiles\sw4omyju.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Application Data\Flock\Browser\Profiles\sw4omyju.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Application Data\Flock\Browser\Profiles\sw4omyju.default\cookies.txt[.trafficmp.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Application Data\Flock\Browser\Profiles\sw4omyju.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Application Data\Flock\Browser\Profiles\sw4omyju.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Application Data\Flock\Browser\Profiles\sw4omyju.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Application Data\Flock\Browser\Profiles\sw4omyju.default\cookies.txt[.casalemedia.com/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Application Data\Flock\Browser\Profiles\sw4omyju.default\cookies.txt[.atdmt.com/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Application Data\Flock\Browser\Profiles\sw4omyju.default\cookies.txt[.fastclick.net/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Application Data\Flock\Browser\Profiles\sw4omyju.default\cookies.txt[.tribalfusion.com/] 00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Cookies\xkwizito@web.tickle[2].txt 00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Cookies\xkwizito@web.tickle[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Application Data\Flock\Browser\Profiles\sw4omyju.default\cookies.txt[.advertising.com/] 00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Cookies\xkwizito@uol.com[2].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Cookies\xkwizito@searchportal.information[1].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Cookies\xkwizito@target[1].txt 00255579 Adware/IST.ISTBar Adware No 1 Yes No C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.041 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe 02887532 Cookie/XPAntivirusPro TrackingCookie No 0 Yes No C:\Documents and Settings\Xkwizito\Cookies\xkwizito@www.safenavweb[1].txt 02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\mljgf.dll.vir 03793785 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Xkwizito\Desktop\Stuff\Touch\Install these\Media Plugins\RescoRadio1.71.zip[Resco.Pocket.Radio.Keygen.exe] 03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1375\A0215886.sys 03898968 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1352\A0205795.exe ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location t ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description t ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = ===================
  2. hueman84
    oops, forgot to post that log as well...here it is GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-11-20 00:18:04 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xF7B6C4D0] <-- ROOTKIT !!! SSDT sptd.sys ZwEnumerateKey [0xF7485D48] <-- ROOTKIT !!! SSDT sptd.sys ZwEnumerateValueKey [0xF74860C0] <-- ROOTKIT !!! SSDT sptd.sys ZwOpenKey [0xF7485AE2] <-- ROOTKIT !!! SSDT sptd.sys ZwQueryKey [0xF748618A] <-- ROOTKIT !!! SSDT sptd.sys ZwQueryValueKey [0xF7486022] <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xF7B6C520] <-- ROOTKIT !!! ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 871D10E8 Device \FileSystem\Fastfat \FatCdrom 862280E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 87184C78 Device \Driver\Ftdisk \Device\HarddiskVolume2 87184C78 Device \Driver\NetBT \Device\NetBT_Tcpip_{58A183F2-9112-4055-BBA1-A699A0538C31} 86617220 Device \Driver\Cdrom \Device\CdRom0 865552C8 Device \FileSystem\Rdbss \Device\FsWrap 8635B268 Device \Driver\Cdrom \Device\CdRom1 865552C8 Device \Driver\iastor \Device\Ide\iaStor0 87184808 Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 87184808 Device \Driver\Ftdisk \Device\HarddiskVolume3 87184C78 Device \Driver\Ftdisk \Device\HarddiskVolume4 87184C78 Device \Driver\USBSTOR \Device\00000075 867650E8 Device \Driver\USBSTOR \Device\00000076 867650E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 86617220 Device \Driver\NetBT \Device\NetbiosSmb 86617220 Device \Driver\00000121 \Device\0000005a sptd.sys Device \Driver\Disk \Device\Harddisk0\DR0 87184550 Device \Driver\Disk \Device\Harddisk1\DR4 87184550 Device \Driver\NetBT \Device\NetBT_Tcpip_{39D7CCCB-FA98-4DB5-823C-926CFECA1967} 86617220 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86638668 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86638668 Device \FileSystem\Npfs \Device\NamedPipe 863DE0E8 Device \Driver\Ftdisk \Device\FtControl 87184C78 Device \FileSystem\Msfs \Device\Mailslot 863E20E8 Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 866AE4F0 Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 866AE4F0 Device \FileSystem\Fastfat \Fat 862280E8 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs 8658C0E8 Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Services - GMER 1.0.14 ---- Service system32\drivers\TDSSmqlt.sys (*** hidden *** ) [sYSTEM] TDSSserv.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 902560114 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1272264972 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -2140367873 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x32 0x05 0x93 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x30 0x6E 0x1E 0x53 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x15 0x74 0xF9 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDD 0x5C 0x0F 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x32 0x05 0x93 0x0F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x30 0x6E 0x1E 0x53 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x15 0x74 0xF9 0x51 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDD 0x5C 0x0F 0xE5 ... Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@group file system Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x32 0x05 0x93 0x0F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x30 0x6E 0x1E 0x53 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x15 0x74 0xF9 0x51 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDD 0x5C 0x0F 0xE5 ... ---- EOF - GMER 1.0.14 ----
  3. hueman84
    I saw someone here told another person to download GMER and scan with it...so I did and found the TDSSServ.sys is definitely still running rampant in my system.
  4. hueman84
    So recently I got the tdssserv.sys trojan which kept directing my google search results to random advertising pages. It also did the other things mentioned with it...not being able to update certain AVS and not being able to install certain AVS, as well as tremendously slowing down my internet. I looked around on the net and found that it was best (at least at the time I thought it was) to disable (not uninstall) tdssserv.sys via going through the Device Manager and then by restarting and running a virus scan. This seemed to work as now my google search results were normal and I could now update my AVS and install malwarebytes. I scanned my computer with malwarebytes and then superantispyware. Malwarebytes found tdssserv.sys and removed it, as well as some other cookies and other moderate/low risk items. However, I am still getting problems with CounterSpy (another virus scanner I use), as it will not update and it still doesn't think I am connected to the internet, and my internet speed does not seem to be at 100% still. I checked my registry with regedit and saw there were traces of tdssserv.sys still there . So after spending too much time trying to search for the answers myself I decided it was time to come here and ask for help. Here are the MalwareBytes and HiJackThis log, Panda Active Scan is still scanning..will post when it's done: Malwarebytes' Anti-Malware 1.30 Database version: 1412 Windows 5.1.2600 Service Pack 3 11/19/2008 2:04:43 PM mbam-log-2008-11-19 (14-04-43).txt Scan type: Full Scan (C:\|) Objects scanned: 178396 Time elapsed: 1 hour(s), 36 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 14 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 17 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{875a1348-7674-42aa-adac-b4f36a004a2d} (Adware.AdBand) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bbb05d9e-0297-404d-a6bf-d8f2876b84a6} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.zix (Rogue.WinZix2) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\WinZix (Trojan.Lop) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\kjbfionl.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Xkwizito\Desktop\Stuff\Touch\Install these\Games\68_377183_ad723_pxdxa.ESoft.Interactive.Spot.v1.0.1.ARM.PPC2002.Cracked_COR EPDA\ESoft.Interactive.Spot.v1.0.1.ARM.PPC2002.Cracked-COREPDA\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Xkwizito\Desktop\Stuff\Touch\Install these\Tools\Titan.14.Languages.Speereo.Voice.Translator.v4.0.Multilingual.XScale.WM2003 .Incl.Keygen.Patch-COREPDA\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSbrsr.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSoiqh.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSxfum.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\TDSSmqlt.sys (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Xkwizito\Application Data\mouseapp.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Xkwizito\Local Settings\Temporary Internet Files\ENCounterSpyConsumer.2.5.1040.0.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Xkwizito\Local Settings\Temp\TDSS4c77.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Xkwizito\Local Settings\Temp\TDSS4c87.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSStkdu.log (Trojan.TDSS) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:43:59 PM, on 11/19/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\Xkwizito\LOCALS~1\Temp\~AceTemp\RootkitRevealer\RootkitRevealer.exe C:\DOCUME~1\Xkwizito\LOCALS~1\Temp\ZNEOO.exe C:\Program Files\Ventrilo\Ventrilo.exe C:\WINDOWS\regedit.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9D81D933-4870-4A31-AC05-015143379349} - (no file) O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: awttusq - awttusq.dll (file missing) O20 - Winlogon Notify: kjbfionl - kjbfionl.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: ZNEOO - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Xkwizito\LOCALS~1\Temp\ZNEOO.exe -- End of file - 8311 bytes I also ran RootkitRevealer and here is the log if it helps. HKU\.DEFAULT\Control Panel\International 11/18/2007 2:13 PM 0 bytes Security mismatch. HKU\.DEFAULT\Control Panel\International\Geo 11/18/2007 2:13 PM 0 bytes Security mismatch. HKU\S-1-5-21-1389840345-1470907008-2518719266-1006\Control Panel\International 11/18/2007 2:13 PM 0 bytes Security mismatch. HKU\S-1-5-21-1389840345-1470907008-2518719266-1006\Control Panel\International\Geo 11/18/2007 2:13 PM 0 bytes Security mismatch. HKU\S-1-5-21-1389840345-1470907008-2518719266-1006\Software\Microsoft\Microsoft Management Console\Recent File List\File1 11/19/2008 2:52 PM 64 bytes Windows API length not consistent with raw hive data. HKU\S-1-5-21-1389840345-1470907008-2518719266-1006\Software\Microsoft\Microsoft Management Console\Recent File List\File2 11/19/2008 2:52 PM 66 bytes Windows API length not consistent with raw hive data. HKU\S-1-5-21-1389840345-1470907008-2518719266-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey 11/19/2008 10:40 PM 182 bytes Windows API length not consistent with raw hive data. HKU\S-1-5-21-1389840345-1470907008-2518719266-1006\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 7/3/2008 1:01 PM 0 bytes Key name contains embedded nulls (*) HKU\S-1-5-21-1389840345-1470907008-2518719266-1006\Software\Valve\Steam\Steam.exe\UpTimeMostRecent 11/19/2008 11:08 PM 4 bytes Data mismatch between Windows API and raw hive data. HKU\S-1-5-18\Control Panel\International 11/18/2007 2:13 PM 0 bytes Security mismatch. HKU\S-1-5-18\Control Panel\International\Geo 11/18/2007 2:13 PM 0 bytes Security mismatch. HKLM\SECURITY\Policy\Secrets\SAC* 8/10/2004 8:23 PM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 8/10/2004 8:23 PM 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\webcal\URL Protocol 10/12/2005 1:29 AM 13 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 11/19/2008 11:12 PM 80 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\ovnfhmij.exe 11/10/2008 4:43 PM 47 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\nnrfmpqw.exe 11/10/2008 4:43 PM 47 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 11/18/2007 1:47 PM 0 bytes Access is denied. HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\ovnfhmij.exe 11/10/2008 4:43 PM 47 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\nnrfmpqw.exe 11/10/2008 4:43 PM 47 bytes Data mismatch between Windows API and raw hive data. C:\Documents and Settings\Xkwizito\Local Settings\Application Data\Mozilla\Firefox\Profiles\8vvr19gg.default\Cache\3B66747Dd01 11/19/2008 10:51 PM 18.77 KB Visible in Windows API, directory index, but not in MFT. C:\Documents and Settings\Xkwizito\Local Settings\Application Data\Mozilla\Firefox\Profiles\8vvr19gg.default\Cache\86024F33d01 11/19/2008 4:55 PM 114.21 KB Visible in Windows API, MFT, but not in directory index. C:\Documents and Settings\Xkwizito\Local Settings\Application Data\Mozilla\Firefox\Profiles\8vvr19gg.default\Cache\A8D6BE47d01 11/19/2008 4:55 PM 46.74 KB Visible in Windows API, MFT, but not in directory index. C:\Documents and Settings\Xkwizito\Local Settings\Temp\~F.tmp 11/19/2008 10:21 PM 238.00 KB Visible in Windows API, but not in MFT or directory index.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.