specchief Posted August 27, 2007 ID:7930 Share Posted August 27, 2007 Hey, everybody. Seems that my laptop has come down with win32/Virtumonde. Spybot S/D, Adaware, Windows Defender couldnt remove it, but they've let me know that it's there. I could really use some help in removing this thing.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:35:27 PM, on 8/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\WINDOWS\system32\fxssvc.exeC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Trend Micro\Internet Security 12\pccguide.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\system32\lexpps.exeC:\Program Files\NetWaiting\netWaiting.exeC:\Program Files\Dell Support\DSAgnt.exeC:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeC:\Program Files\MSN\MSNCoreFiles\msn.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msnmember.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://updates.installshield.com/GetUpdate...01FD9FB500FDEACR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAYO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startupO4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKUS\S-1-5-21-15168313-731109417-1176995727-1007\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'Kim Hummel')O4 - HKUS\S-1-5-21-15168313-731109417-1176995727-1007\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Kim Hummel')O4 - HKUS\S-1-5-21-15168313-731109417-1176995727-1007\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (User 'Kim Hummel')O4 - HKUS\S-1-5-21-15168313-731109417-1176995727-1007\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Kim Hummel')O4 - HKUS\S-1-5-21-15168313-731109417-1176995727-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Kim Hummel')O4 - HKUS\S-1-5-21-15168313-731109417-1176995727-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Kim Hummel')O4 - HKUS\S-1-5-21-15168313-731109417-1176995727-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Kim Hummel')O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lndsrngm.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dllO9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cabO16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CABO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeO23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeO23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe--End of file - 10795 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted August 28, 2007 ID:7937 Share Posted August 28, 2007 Hi and welcome to Malwarebytes. You are running a version of Java known to be a security risk. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation.Please run HJT again and put a check next to the item below then click fix.O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lndsrngm.exeThen please do this get this program AVG AntiSpyware update and run a full scan removing everything it finds.Then go here and run a scan PandaActive Scan There is a tutorial at the top of this forum for how to run a scan and save the log.Post the logs from the Panda and AVG scans please.I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures. Link to post Share on other sites More sharing options...
specchief Posted September 1, 2007 Author ID:8006 Share Posted September 1, 2007 (edited) Hi and welcome to Malwarebytes. You are running a version of Java known to be a security risk. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation.Please run HJT again and put a check next to the item below then click fix.O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lndsrngm.exeThen please do this get this program AVG AntiSpyware update and run a full scan removing everything it finds.Then go here and run a scan PandaActive Scan There is a tutorial at the top of this forum for how to run a scan and save the log.Post the logs from the Panda and AVG scans please.I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.Thanks for the suggestions, JeanInMontana. I ran both AVG and PandaActive. The PandaActive scan report does not transfer legibly, so i'm including it as a file.AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 1:43:34 AM 9/1/2007 + Scan result: C:\Downloads\MysteryCaseFilesSetup-dm[1].exe -> Adware.Trymedia : No action taken.C:\Downloads\fairiesSetup-dm[1].exe -> Adware.Trymedia : No action taken.C:\Documents and Settings\Dan Hummel\Local Settings\Temporary Internet Files\Content.IE5\I2R9G4MK\tk58[1].exe -> Adware.ZQuest : No action taken.C:\Documents and Settings\Kim Hummel\Local Settings\Temporary Internet Files\Content.IE5\5ZF8PWRU\tk58[1].exe -> Adware.ZQuest : No action taken.C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP279\A0042368.exe -> Adware.ZQuest : No action taken.C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP279\A0046460.exe -> Adware.ZQuest : No action taken.C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP280\A0047460.exe -> Adware.ZQuest : No action taken.C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP280\A0047511.exe -> Adware.ZQuest : No action taken.C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP292\A0050844.exe -> Adware.ZQuest : No action taken.C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP287\A0050669.exe -> Downloader.Tiny.id : No action taken.C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP292\A0050842.exe -> Downloader.VB.awj : No action taken.C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0036650.exe -> Dropper.Small : No action taken.C:\Documents and Settings\Dan Hummel\Cookies\dan_hummel@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Kim Hummel\Cookies\kim_hummel@2o7[2].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@livedealcom.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@tgn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@hearstmagazines.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@microsoftwlsearchcrm.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@arn.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@3.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.C:\Documents and Settings\Kim Hummel\Cookies\kim_hummel@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.C:\Documents and Settings\Danny Hummel\Cookies\danny_hummel@www.adobe[1].txt -> TrackingCookie.Adobe : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@advertising[1].txt -> TrackingCookie.Advertising : No action taken.C:\Documents and Settings\Kim Hummel\Cookies\kim_hummel@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.C:\Documents and Settings\Kim Hummel\Cookies\kim_hummel@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@bfast[2].txt -> TrackingCookie.Bfast : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.C:\Documents and Settings\Danny Hummel\Cookies\danny_hummel@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.C:\Documents and Settings\Danny Hummel\Cookies\danny_hummel@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.C:\Documents and Settings\Danny Hummel\Cookies\danny_hummel@com[2].txt -> TrackingCookie.Com : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@com[2].txt -> TrackingCookie.Com : No action taken.C:\Documents and Settings\Dan Hummel\Cookies\dan_hummel@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.C:\Documents and Settings\Kim Hummel\Cookies\kim_hummel@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@dealtime[2].txt -> TrackingCookie.Dealtime : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@stat.dealtime[1].txt -> TrackingCookie.Dealtime : No action taken.C:\Documents and Settings\Kim Hummel\Cookies\kim_hummel@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.C:\Documents and Settings\Kim Hummel\Cookies\kim_hummel@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@e-2dj6wfkoehc5gep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@e-2dj6wgliehczefp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@e-2dj6wjkyklajoao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@e-2dj6wjny-1gcjoe.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.C:\Documents and Settings\Dan Hummel\Cookies\dan_hummel@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.C:\Documents and Settings\Dan Hummel\Cookies\dan_hummel@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.C:\Documents and Settings\Kim Hummel\Cookies\kim_hummel@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@ehg-visionretailinginc.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@ehg-franklinelectronic.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@ehg-ogilvyspore.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@counter.hitslink[2].txt -> TrackingCookie.Hitslink : No action taken.C:\Documents and Settings\Kim Hummel\Cookies\kim_hummel@searchportal.information[1].txt -> TrackingCookie.Information : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@linksynergy[1].txt -> TrackingCookie.Linksynergy : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@search.live[2].txt -> TrackingCookie.Live : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@sales.liveperson[3].txt -> TrackingCookie.Liveperson : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.C:\Documents and Settings\Kim Hummel\Cookies\kim_hummel@search.msn[2].txt -> TrackingCookie.Msn : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@search.msn[1].txt -> TrackingCookie.Msn : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@stat.onestat[2].txt -> TrackingCookie.Onestat : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@data2.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@data3.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@overture[1].txt -> TrackingCookie.Overture : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@pro-market[1].txt -> TrackingCookie.Pro-market : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@www.pstats[1].txt -> TrackingCookie.Pstats : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.C:\Documents and Settings\Kim Hummel\Cookies\kim_hummel@revenue[2].txt -> TrackingCookie.Revenue : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@revsci[2].txt -> TrackingCookie.Revsci : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@try.starware[1].txt -> TrackingCookie.Starware : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@h.starware[1].txt -> TrackingCookie.Starware : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@anat.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@webstat[1].txt -> TrackingCookie.Web-stat : No action taken.C:\Documents and Settings\Dan Hummel\Cookies\dan_hummel@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.C:\Documents and Settings\Danny Hummel\Cookies\danny_hummel@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.C:\Documents and Settings\Kim Hummel\Cookies\kim_hummel@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.C:\Documents and Settings\Kim Hummel\Cookies\kim_hummel@m.webtrends[3].txt -> TrackingCookie.Webtrends : No action taken.C:\Documents and Settings\Kim Hummel\Cookies\kim_hummel@m.webtrends[4].txt -> TrackingCookie.Webtrends : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : No action taken.C:\Documents and Settings\Kim Hummel\Cookies\kim_hummel@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@zedo[1].txt -> TrackingCookie.Zedo : No action taken.C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP292\A0050843.exe -> Trojan.Small : No action taken.C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP279\A0045357.exe -> Trojan.Small.oa : No action taken.Incident Status Location Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\rqrsspo.dll Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Dan Hummel\Desktop\Click to Find and Fix Errors.url Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dan Hummel\Cookies\dan_hummel@adrevolver[1].txt Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Dan Hummel\Cookies\dan_hummel@anm.co[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dan Hummel\Cookies\dan_hummel@media.adrevolver[1].txt Adware:Adware/TTC Not disinfected C:\Documents and Settings\Dan Hummel\Local Settings\Temporary Internet Files\Content.IE5\I2R9G4MK\tk58[1].exe Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Kim Hummel\Local Settings\Temporary Internet Files\Content.IE5\5ZF8PWRU\gepj[1] Adware:Adware/TTC Not disinfected C:\Documents and Settings\Kim Hummel\Local Settings\Temporary Internet Files\Content.IE5\5ZF8PWRU\tk58[1].exe Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@apmebf[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@atwola[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@belnk[1].txt Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@bravenet[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@cgi-bin[2].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@did-it[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@dist.belnk[2].txt Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@webpower[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael hummel@xiti[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@go[1].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@i.screensavers[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@media.adrevolver[1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@target[1].txt Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@tickle[2].txt Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@web.tickle[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Rachael Hummel\Cookies\rachael_hummel@www5.addfreestats[1].txt Adware:Adware/Trymedia Not disinfected C:\Downloads\fairiesSetup-dm[1].exe Adware:Adware/Trymedia Not disinfected C:\Downloads\MysteryCaseFilesSetup-dm[1].exe Adware:Adware/TTC Not disinfected C:\Program Files\Messenger\mehewoq22011.exe Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm] Virus:Trj/Downloader.PUT Disinfected C:\WINDOWS\system32\ICM55\nav22011.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mvjreglm.dll _________________________________________________________________________________________________________________________________Activescan.txtActivescan.txt Edited September 1, 2007 by JeanInMontana To add Panda scan Link to post Share on other sites More sharing options...
JeanInMontana Posted September 1, 2007 ID:8007 Share Posted September 1, 2007 Hello, you did not follow my instructions. Nothing was removed with AVG, and there is a tutorial for how to run and post the Panda scan. I posted the scan.It does show Virtumonde go here http://www.symantec.com/security_response/...-99&tabid=3 and follow their instructions for removal.Then rerun AVG and take action. Remove the items found you have a trojan that Panda didn't remove and several other adware items. Post the AVG log and a new HJT log please. Link to post Share on other sites More sharing options...
Sparsha Posted September 3, 2007 ID:8026 Share Posted September 3, 2007 i dont know whether i can suggest something here or not.....please let me know if i can suggest something to resolve this issue...... Link to post Share on other sites More sharing options...
JeanInMontana Posted September 3, 2007 ID:8028 Share Posted September 3, 2007 i dont know whether i can suggest something here or not.....please let me know if i can suggest something to resolve this issue......http://www.malwarebytes.org/forums/index.php?act=boardrules Link to post Share on other sites More sharing options...
JeanInMontana Posted September 11, 2007 ID:8170 Share Posted September 11, 2007 Do to lack of response I'm closing this thread. Link to post Share on other sites More sharing options...
Recommended Posts