Jump to content

How infected am I?

Recommended Posts

I've been trying to clean my PC without doing a clean format and partition. I've been using the various tools listed on this site. Here are the logs that you need.

Malwarebytes' Anti-Malware 1.30

Database version: 1311

Windows 5.1.2600 Service Pack 3

10/24/2008 1:11:43 AM

mbam-log-2008-10-24 (01-11-43).txt

Scan type: Quick Scan

Objects scanned: 50600

Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 6

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eac95a5e-b836-47a1-9508-dc5307c37003} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4a78d29-52b1-4a7b-bac0-1471bedf9836} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)





ANALYSIS: 2008-10-24 00:48:43









Description Version Active Updated





Avira AntiVir PersonalEdition Yes Yes






Id Description Type Active Severity Disinfectable Disinfected Location





00035328 Application/KillApp.A HackTools No 0 Yes No C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP1244\A0155654.exe

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@com[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@did-it[1].txt

00958505 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP1244\A0155653.dll

01260840 Trj/Downloader.PME Virus/Trojan No 1 Yes No C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\16.dat

03053018 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP1251\A0160207.dll

03139076 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP1244\A0155744.dll






Sent Location

Link to post
Share on other sites

Hi there opiumden34 and welcome to Malwarebytes. Your looking better now, MBAM removed a plethora of malware. Please move HJT from your desktop and to it's own folder in program files.

Once you have done that run it in scan only and put a check next to all of the following lines and then click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.aspx?tb_id=50154

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154

O2 - BHO: (no name) - {054cb733-20bf-40aa-8392-0df7448addcf} - (no file)

O2 - BHO: (no name) - {0f570f28-7ed6-4f41-9df0-401ace8ab0b7} - (no file)

O2 - BHO: (no name) - {2835B8E3-DA53-4A77-A657-2E46C84D3330} - C:\WINDOWS\system32\opnkjKAq.dll (file missing)

O2 - BHO: (no name) - {5055BBBE-A236-490F-A798-A1ED92BE378C} - C:\WINDOWS\system32\khfCtttt.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {702DC270-C60A-4CAE-8BC2-0009A6174290} - C:\WINDOWS\system32\urqpnKcb.dll (file missing)

O2 - BHO: (no name) - {7055903A-E1DF-4F12-82CB-5A3C05E4A0D4} - (no file)

O2 - BHO: (no name) - {70af9f25-88c1-4ff5-90a1-b7db14f2c605} - (no file)

O2 - BHO: (no name) - {71BF1537-68C6-4A35-B7BB-59185CA2FE7E} - C:\WINDOWS\system32\qoMeEULC.dll (file missing)

O2 - BHO: (no name) - {74979E96-A3DB-4AE9-AE48-7A3D1E47ACE6} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {8651D72A-F366-4781-8163-08969B1F37F7} - (no file)

O2 - BHO: (no name) - {9868917F-A069-4B6A-8495-1591DEDD17CE} - (no file)

O2 - BHO: (no name) - {D2D4546A-A1B0-4344-8F94-78DC44DC0479} - C:\WINDOWS\system32\nnnkIyWQ.dll (file missing)

O2 - BHO: (no name) - {E7611C63-2B1C-4E4F-9113-B920578941D4} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)

O20 - AppInit_DLLs: hxmubx.dll,C:\WINDOWS\System32\dbgeng32.dll

O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

Uninstall Morpheus and delete all files associated, including those you have downloaded with it. Rarely is P2P downloading legal and Malwarebytes will not be associated with illegal activities and this is most likely how you got infected.

You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.

Reboot to normal mode.

Update MBAM run a quick scan, post that log and a new HJT log please.

Link to post
Share on other sites

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Link to post
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.