zen21
Members-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by zen21
-
Please Help Finally able to get logs
zen21 replied to zen21's topic in Resolved Malware Removal Logs
OTScanit log attached. OTScanIt.Txt OTScanIt.Txt -
Please Help Finally able to get logs
zen21 replied to zen21's topic in Resolved Malware Removal Logs
Here is Lop S&D. Ill post the other one in a few. --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.20GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08 USER : MyComputer ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:70 Go (Free:40 Go) D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) E:\ (Local Disk) - NTFS - Total:232 Go (Free:181 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( Fri 01/02/2009|15:03 ) --------------------\\ Listing folders in APPLIC~1 [12/23/2008|01:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Malwarebytes [09/22/2007|01:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft [12/19/2008|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6} [12/23/2008|12:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe [09/22/2007|04:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL [09/22/2007|04:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads [09/22/2007|06:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple [09/22/2007|06:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer [11/07/2008|07:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI [09/22/2007|05:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software [12/22/2008|08:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes [09/22/2007|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [12/23/2008|02:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy [12/23/2008|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com [09/22/2007|02:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage [11/07/2007|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip [09/22/2007|01:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [09/23/2007|12:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [12/23/2008|12:51] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> Adobe [09/22/2007|04:12] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> Aim [10/25/2007|08:29] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> Apple Computer [11/07/2008|07:22] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> ATI [01/02/2009|07:11] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> Azureus [09/22/2007|08:52] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> DivX [03/31/2008|05:23] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> dvdcss [12/05/2007|03:56] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> Google [10/26/2007|08:17] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> Hewlett-Packard [09/22/2007|01:58] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> Identities [09/23/2007|10:53] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> ImgBurn [09/22/2007|03:13] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> InstallShield [09/22/2007|03:11] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> Macromedia [12/22/2008|08:49] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> Malwarebytes [11/18/2007|06:45] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> Media Player Classic [02/09/2008|05:41] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> Microsoft [09/22/2007|04:08] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> Mozilla [09/22/2007|10:27] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> Real [09/23/2007|03:16] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> Sun [12/23/2008|02:00] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> SUPERAntiSpyware.com [09/22/2007|08:55] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> vlc [11/11/2007|09:10] C:\DOCUME~1\MYCOMP~1\APPLIC~1\<DIR> WinRAR [09/22/2007|01:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [08/10/2008 05:18 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [12/13/2007 10:24 PM][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1197602648.job [09/23/2007 07:50 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/12/2004 09:01 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [11/26/2007|05:15] C:\Program Files\<DIR> Activision [12/07/2008|06:16] C:\Program Files\<DIR> Adobe [09/22/2007|04:21] C:\Program Files\<DIR> AIM [04/15/2008|06:48] C:\Program Files\<DIR> Apollo DVD Copy [08/10/2008|05:18] C:\Program Files\<DIR> Apple Software Update [08/02/2008|02:18] C:\Program Files\<DIR> Aspyr [11/07/2008|07:18] C:\Program Files\<DIR> ATI [11/07/2008|07:00] C:\Program Files\<DIR> ATI Technologies [11/22/2008|02:08] C:\Program Files\<DIR> Avanquest update [03/30/2008|08:02] C:\Program Files\<DIR> AVI MPEG RM WMV Joiner [12/06/2008|01:42] C:\Program Files\<DIR> Azureus [08/08/2008|06:18] C:\Program Files\<DIR> BitPim [12/19/2008|11:26] C:\Program Files\<DIR> Bonjour [09/22/2007|02:10] C:\Program Files\<DIR> Broadcom [12/12/2008|10:12] C:\Program Files\<DIR> BugsysClub Software [12/28/2008|04:01] C:\Program Files\<DIR> Common Files [09/22/2007|08:17] C:\Program Files\<DIR> Creative [09/23/2007|10:44] C:\Program Files\<DIR> DivX [09/23/2007|05:22] C:\Program Files\<DIR> EA GAMES [12/05/2007|03:56] C:\Program Files\<DIR> Google [10/26/2007|08:10] C:\Program Files\<DIR> Hewlett-Packard [09/23/2007|10:53] C:\Program Files\<DIR> ImgBurn [11/07/2008|07:00] C:\Program Files\<DIR> InstallShield Installation Information [12/22/2008|08:12] C:\Program Files\<DIR> Internet Explorer [12/19/2008|11:26] C:\Program Files\<DIR> iPod [12/19/2008|11:26] C:\Program Files\<DIR> iTunes [09/22/2007|05:26] C:\Program Files\<DIR> Java [09/22/2007|11:03] C:\Program Files\<DIR> K-Lite Codec Pack [12/23/2008|12:53] C:\Program Files\<DIR> Malwarebytes' Anti-Malware [08/23/2008|02:00] C:\Program Files\<DIR> Messenger [09/27/2007|08:36] C:\Program Files\<DIR> Microsoft ActiveSync [09/22/2007|01:55] C:\Program Files\<DIR> microsoft frontpage [12/04/2008|07:31] C:\Program Files\<DIR> Microsoft Office [12/16/2007|07:31] C:\Program Files\<DIR> Motorola [11/22/2008|02:10] C:\Program Files\<DIR> Motorola Phone Tools [08/21/2008|07:33] C:\Program Files\<DIR> Movie Maker [01/02/2009|02:59] C:\Program Files\<DIR> Mozilla Firefox [12/04/2008|07:31] C:\Program Files\<DIR> MSECache [08/21/2008|07:33] C:\Program Files\<DIR> msn [09/22/2007|01:52] C:\Program Files\<DIR> MSN Gaming Zone [11/12/2008|03:00] C:\Program Files\<DIR> MSXML 4.0 [09/23/2007|10:50] C:\Program Files\<DIR> NCH Swift Sound [12/13/2007|09:11] C:\Program Files\<DIR> Netflix [08/21/2008|07:32] C:\Program Files\<DIR> NetMeeting [09/22/2007|04:23] C:\Program Files\<DIR> No1 DVD Ripper [08/21/2008|07:32] C:\Program Files\<DIR> Outlook Express [12/23/2008|02:51] C:\Program Files\<DIR> Panda Security [11/20/2008|09:48] C:\Program Files\<DIR> QuickTime [09/22/2007|03:13] C:\Program Files\<DIR> Razer [09/23/2007|01:57] C:\Program Files\<DIR> Real [09/23/2007|01:58] C:\Program Files\<DIR> RealMedia [11/20/2008|09:44] C:\Program Files\<DIR> Safari [12/23/2008|02:14] C:\Program Files\<DIR> Spybot - Search & Destroy [11/11/2008|08:03] C:\Program Files\<DIR> Starcraft [09/22/2007|01:58] C:\Program Files\<DIR> Uninstall Information [09/22/2007|06:54] C:\Program Files\<DIR> VideoLAN [09/23/2007|04:42] C:\Program Files\<DIR> Windows Media Connect 2 [08/21/2008|07:32] C:\Program Files\<DIR> Windows Media Player [08/21/2008|07:32] C:\Program Files\<DIR> Windows NT [09/22/2007|01:54] C:\Program Files\<DIR> WindowsUpdate [11/17/2007|08:46] C:\Program Files\<DIR> WinRAR [11/07/2007|09:57] C:\Program Files\<DIR> WinZip [09/22/2007|01:55] C:\Program Files\<DIR> xerox [09/22/2007|09:52] C:\Program Files\<DIR> Zero G Registry [12/27/2008|11:13] C:\Program Files\<DIR> Zoom Player --------------------\\ Listing Folders in C:\Program Files\Common Files [02/29/2008|07:20] C:\Program Files\Common Files\<DIR> Adobe [12/19/2008|11:16] C:\Program Files\Common Files\<DIR> Apple [10/18/2008|06:14] C:\Program Files\Common Files\<DIR> Blizzard Entertainment [09/22/2007|09:06] C:\Program Files\Common Files\<DIR> Designer [10/26/2007|08:10] C:\Program Files\Common Files\<DIR> Hewlett-Packard [09/22/2007|02:59] C:\Program Files\Common Files\<DIR> InstallShield [09/22/2007|05:26] C:\Program Files\Common Files\<DIR> Java [12/04/2008|07:31] C:\Program Files\Common Files\<DIR> Microsoft Shared [09/22/2007|05:38] C:\Program Files\Common Files\<DIR> Motorola Shared [09/22/2007|01:53] C:\Program Files\Common Files\<DIR> MSSoap [09/22/2007|09:46] C:\Program Files\Common Files\<DIR> ODBC [09/22/2007|10:27] C:\Program Files\Common Files\<DIR> Real [09/22/2007|01:53] C:\Program Files\Common Files\<DIR> Services [09/22/2007|09:45] C:\Program Files\Common Files\<DIR> SpeechEngines [08/21/2008|07:32] C:\Program Files\Common Files\<DIR> System [09/22/2007|10:27] C:\Program Files\Common Files\<DIR> xing shared --------------------\\ Process ( 30 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders C:\DOCUME~1\MYCOMP~1\Cookies\mycomputer@advertising[2].txt C:\DOCUME~1\MYCOMP~1\Cookies\mycomputer@adopt.euroclick[2].txt --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-02 15:04:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... C:\WINDOWS\System32\win32x.exe 26112 bytes executable C:\WINDOWS\System32\drivers\win32x.sys 12544 bytes executable C:\WINDOWS\System32\userinit.exe 74240 bytes executable scan completed successfully hidden processes: 0 hidden files: 3 --------------------\\ Searching for other infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\MYCOMP~1\Recent\[isoHunt] WinRar 3.71 final keygen (Works 100% ).torrent.lnk [F:43][D:4]-> C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp [F:151][D:0]-> C:\DOCUME~1\MYCOMP~1\Cookies [F:501][D:4]-> C:\DOCUME~1\MYCOMP~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Fri 01/02/2009|15:05 - Option : [1] --------------------\\ Scan completed at 15:05:17 -
Please Help Finally able to get logs
zen21 replied to zen21's topic in Resolved Malware Removal Logs
Heres the latest logs. Still showing the same. I updated and removed. Malwarebytes' Anti-Malware 1.31 Database version: 1589 Windows 5.1.2600 Service Pack 3 1/1/2009 5:31:09 PM mbam-log-2009-01-01 (17-31-09).txt Scan type: Quick Scan Objects scanned: 51776 Time elapsed: 3 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\MyComputer\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Default User\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Delete on reboot. -
Please Help Finally able to get logs
zen21 replied to zen21's topic in Resolved Malware Removal Logs
Heres the new log. That same stuff is still showing. Malwarebytes' Anti-Malware 1.31 Database version: 1587 Windows 5.1.2600 Service Pack 3 12/31/2008 7:52:48 PM mbam-log-2008-12-31 (19-52-42).txt Scan type: Quick Scan Objects scanned: 51631 Time elapsed: 3 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\MyComputer\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\Default User\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> No action taken. -
Please Help Finally able to get logs
zen21 replied to zen21's topic in Resolved Malware Removal Logs
New Log Malwarebytes' Anti-Malware 1.31 Database version: 1582 Windows 5.1.2600 Service Pack 3 12/31/2008 7:18:48 AM mbam-log-2008-12-31 (07-18-48).txt Scan type: Quick Scan Objects scanned: 51598 Time elapsed: 3 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\MyComputer\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Default User\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Delete on reboot. -
Please Help Finally able to get logs
zen21 replied to zen21's topic in Resolved Malware Removal Logs
COMBO FIX LOG ComboFix 08-12-28.01 - MyComputer 2008-12-28 15:59:46.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1542 [GMT -5:00] Running from: c:\documents and settings\MyComputer\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\15913497_F86C_4218_8817_F50940D1E1B2.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\3DF04940_9866_4241_A998_0CDDFAFD147A.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\426500D7_0FF3_426c_828D_065DBAEA0581.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\478BD4AE_2691_438d_BDCA_3485DC022700.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\61EA7D69_19D4_421a_A899_0DF4D58CD119.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\98F6DF79_7171_452d_9C26_C0193E12DBDF.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\A2B240D6_0386_419e_91C5_3F7D90437CD0.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\C75CEF8D_5AF4_4563_8594_C45A45E14E63.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\E21285C1_40E6_435c_A69F_3387E7BD89CB.gif c:\documents and settings\MyComputer\Local Settings\Temporary Internet Files\E9A4D648_ED73_4ea7_88B2_18332DBA4F3E.38 c:\windows\system32\au3305adc.dll c:\windows\wiaserviv.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CBEVTSVC -------\Legacy_TDSSSERV.SYS -------\Service_TDSSserv.sys ((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 ))))))))))))))))))))))))))))))) . 2008-12-23 14:51 . 2008-12-23 14:51 <DIR> d-------- c:\program files\Panda Security 2008-12-23 14:51 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2008-12-23 14:11 . 2008-12-23 14:11 61,440 --a------ c:\windows\system32\drivers\sdnmctyw.sys 2008-12-23 14:02 . 2008-12-23 14:14 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-12-23 13:49 . 2008-12-23 13:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2008-12-23 13:06 . 2008-12-23 14:00 <DIR> d-------- c:\documents and settings\MyComputer\Application Data\SUPERAntiSpyware.com 2008-12-23 13:06 . 2008-12-23 13:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-12-23 12:53 . 2008-12-23 12:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-23 12:53 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-23 12:53 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-22 20:49 . 2008-12-22 20:49 <DIR> d-------- c:\documents and settings\MyComputer\Application Data\Malwarebytes 2008-12-22 20:49 . 2008-12-22 20:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-22 20:31 . 2008-12-22 20:31 <DIR> d-------- c:\documents and settings\Administrator 2008-12-19 11:34 . 2008-12-19 11:34 32 --a-s---- c:\windows\system32\283363896.dat 2008-12-19 11:26 . 2008-12-19 11:26 <DIR> d-------- c:\program files\iTunes 2008-12-19 11:26 . 2008-12-19 11:26 <DIR> d-------- c:\program files\iPod 2008-12-19 11:26 . 2008-12-19 11:26 <DIR> d-------- c:\program files\Bonjour 2008-12-19 11:26 . 2008-12-19 11:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-19 11:26 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2008-12-19 11:26 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2008-12-04 19:31 . 2008-12-04 19:31 <DIR> d-------- c:\program files\MSECache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-28 14:22 --------- d-----w c:\documents and settings\MyComputer\Application Data\Azureus 2008-12-28 04:13 --------- d-----w c:\program files\Zoom Player 2008-12-28 02:03 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-12-23 19:15 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-23 19:11 676 ----a-w c:\program files\pmzluicz.txt 2008-12-19 16:16 --------- d-----w c:\program files\Common Files\Apple 2008-12-13 03:12 --------- d-----w c:\program files\BugsysClub Software 2008-12-06 18:42 --------- d-----w c:\program files\Azureus 2008-11-22 19:10 --------- d-----w c:\program files\Motorola Phone Tools 2008-11-22 19:08 --------- d-----w c:\program files\Avanquest update 2008-11-21 02:48 --------- d-----w c:\program files\QuickTime 2008-11-21 02:44 --------- d-----w c:\program files\Safari 2008-11-12 08:00 --------- d-----w c:\program files\MSXML 4.0 2008-11-12 01:03 --------- d-----w c:\program files\Starcraft 2008-11-08 00:22 --------- d-----w c:\documents and settings\MyComputer\Application Data\ATI 2008-11-08 00:22 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2008-11-08 00:18 --------- d-----w c:\program files\ATI 2008-11-08 00:00 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-08 00:00 --------- d-----w c:\program files\ATI Technologies 2008-10-18 04:38 94,208 ----a-w c:\windows\ScUnin.exe 2007-11-08 03:52 22,328 ----a-w c:\documents and settings\MyComputer\Application Data\PnkBstrK.sys 2007-10-12 03:10 24,192 ----a-w c:\documents and settings\MyComputer\usbsermptxp.sys 2007-10-12 03:10 22,768 ----a-w c:\documents and settings\MyComputer\usbsermpt.sys 2008-08-22 00:40 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082120080822\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] -ra------ 2008-09-26 11:02 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2006-08-01 14:35 67112 c:\program files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-10-01 11:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] --a------ 2007-10-04 18:38 307200 c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-09-22 22:27 185632 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "Schedule"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "WmdmPmSN"=3 (0x3) "Apple Mobile Device"=2 (0x2) "Bonjour Service"=2 (0x2) "mnmsrvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Motorola\\Software Update\\msu.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF21.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . Contents of the 'Scheduled Tasks' folder 2008-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2007-12-14 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1197602648.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-lsass driver - c:\windows\msauc.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.netflix.com/MemberHome uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\MyComputer\Application Data\Mozilla\Firefox\Profiles\qi4vmjhw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.surfinfo.com . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-28 16:04:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\drivers\win32x.sys 12544 bytes executable c:\windows\system32\win32x.exe 26112 bytes executable c:\windows\system32\userinit.exe 74240 bytes executable scan completed successfully hidden files: 3 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\win32x] "ImagePath"="\??\c:\windows\system32\drivers\win32x.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilterNetman] "ImagePath"="c:\windows\system32\wpv301229732492.cpx srv" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\PnkBstrA.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Razer\Copperhead\razertra.exe c:\program files\Razer\Copperhead\razerofa.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\system32\imapi.exe . ************************************************************************** . Completion time: 2008-12-28 16:10:12 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-28 21:09:34 Pre-Run: 42,992,156,672 bytes free Post-Run: 43,528,630,272 bytes free 202 --- E O F --- 2008-12-18 21:49:05 =========================== Hijackthis LOG =========================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:34:31 PM, on 12/28/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Razer\Copperhead\razerhid.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Razer\Copperhead\razertra.exe C:\Program Files\Razer\Copperhead\razerofa.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Documents and Settings\MyComputer\Desktop\HiJackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: HTTP SSL HTTPFilterNetman (HTTPFilterNetman) - Unknown owner - C:\WINDOWS\system32\wpv301229732492.cpx.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 4278 bytes On a side note should I have recovery console installed??? Thanks -
Please Help Finally able to get logs
zen21 replied to zen21's topic in Resolved Malware Removal Logs
No problem. Yes, it would be great if you could look through the logs I posted and tell me if there is anything else I should do. I will say my computer has been much better since I ran all the scans and cleared out whatever they found. Thanks -
Hello, I was finally able to get logs without getting blue screened. I ran malwarebytes 2 times once in save mode and once when i rebooted in normal mode. I had to do it this way because I would get blue screened in both malwarebytes and spybot when running from win xp in normal mode. I will post both malwarebytes logs and the other below. I would greatly appreciate any help provided. Thanks in advance. First Malwarebytes scan done in safe mode Malwarebytes' Anti-Malware 1.31 Database version: 1537 Windows 5.1.2600 Service Pack 3 12/23/2008 1:56:04 PM mbam-log-2008-12-23 (13-56-04).txt Scan type: Quick Scan Objects scanned: 53723 Time elapsed: 5 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 10 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 51 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{1408e208-2ac1-42d3-9f10-78a5b36e05ac} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a744f16c-b2d5-4138-81a2-085cdfcde83a} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{a744f16c-b2d5-4138-81a2-085cdfcde83a} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\43f7cbdd (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\43f7cbdd (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\43f7cbdd (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc (Trojan.MyDoom) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\webproxy (Trojan.BHO) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv681229976527.cpx (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\43f7cbdd.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\TDSSpaxt.sys (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\setupapi.dll (Spyware.Passwords) -> Quarantined and deleted successfully. C:\Program Files\Internet Explorer\setupapi.dll (Spyware.Passwords) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0RCTO5OV\install[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QR2PM1A7\ftp[1].exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\638097440.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\msauc.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv071229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv111229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv131229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv171229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv271229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv291229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv301229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv301229732492.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv331229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv341229999452.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv381229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv421229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv461229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv521229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv561229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv611229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv681229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv731229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv781229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv821229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv871229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv941229732464.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv951229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv961229732545.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv971229670606.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\homepage.html (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\pharma.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\other.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\finance.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\adult.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lt.res (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\aol.com-error.html (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\gmail.com-error.html (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\google.com-error.html (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\live.com-error.html (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\search.yahoo.com-error.html (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\index.html (Trojan.FakeAlert) -> Quarantined and deleted successfully. Second Scan done after rebooting in normal mode Malwarebytes' Anti-Malware 1.31 Database version: 1537 Windows 5.1.2600 Service Pack 3 12/23/2008 2:11:08 PM mbam-log-2008-12-23 (14-11-08).txt Scan type: Quick Scan Objects scanned: 54338 Time elapsed: 5 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\MyComputer\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Default User\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Delete on reboot. Active Scan Log ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-12-23 15:57:31 PROTECTIONS: 0 MALWARE: 13 SUSPECTS: 1 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\MyComputer\Cookies\mycomputer@atdmt[2].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\MyComputer\Cookies\mycomputer@247realmedia[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\MyComputer\Cookies\mycomputer@tribalfusion[2].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\MyComputer\Cookies\mycomputer@com[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\MyComputer\Cookies\mycomputer@serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\MyComputer\Cookies\mycomputer@bs.serving-sys[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\MyComputer\Cookies\mycomputer@advertising[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\MyComputer\Cookies\mycomputer@ads.pointroll[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\MyComputer\Cookies\mycomputer@realmedia[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\MyComputer\Cookies\mycomputer@questionmarket[2].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\MyComputer\Cookies\mycomputer@go[1].txt 00444112 Bck/Tdss.C Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{37F2E228-8618-4D5D-8031-13E4B18ABD0D}\RP108\A0041778.sys 04373460 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{37F2E228-8618-4D5D-8031-13E4B18ABD0D}\RP108\A0041777.sys ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location ;=============================================================================== ================================================================================ = =================== No C:\Program Files\AIM\Backup\uninstall.exe ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== Hijackthis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:01:11 PM, on 12/23/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Razer\Copperhead\razerhid.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Razer\Copperhead\razertra.exe C:\Program Files\Razer\Copperhead\razerofa.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\MyComputer\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: HTTP SSL HTTPFilterNetman (HTTPFilterNetman) - Unknown owner - C:\WINDOWS\system32\wpv301229732492.cpx.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 4287 bytes
-
Malwarebytes and Spybot S&D freeze during scan
zen21 replied to zen21's topic in General Windows PC Help
Thanks Elite360 Following the links above does not work because I get bluescreened halfway though the scan on spybot and i get a critical error with malwarebytes. Ive tried uninstalling and reinstalling but with the same result. I use my mac to download the programs and run them off a flash drive just incase the download could have been corrupted on my PC. -
Malwarebytes and Spybot S&D freeze during scan
zen21 replied to zen21's topic in General Windows PC Help
How do I run Malwarebytes in safemode? Thanks -
Malwarebytes and Spybot S&D freeze during scan
zen21 posted a topic in Resolved Malware Removal Logs
Hi, Hopefully someone can help me. I believe my machine is infected with that 2009 virus going around. I read the instructions on how to scan and post logs. However, Malwarebytes and Spybot freeze during the scan. With Malwarebytes I get the windows error report and with Spybot I get blue screened. Thanks -
Hi, Hopefully someone can help me. I believe my machine is infected with that 2009 virus going around. I read the instructions on how to scan and post logs. However, Malwarebytes and Spybot freeze during the scan. With Malwarebytes I get the windows error report and with Spybot I get blue screened. Thanks