Jump to content

Results of Panda Active scan

James R

By James R
in Resolved Malware Removal Logs

 Share

Recommended Posts

James R

James R

Posted
Posted

Malwarebytes' Anti-Malware 1.30

Database version: 1368

Windows 5.1.2600 Service Pack 2

23/11/2008 20:02:31

mbam-log-2008-11-23 (20-02-31).txt

Scan type: Quick Scan

Objects scanned: 69139

Time elapsed: 17 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Link to post
Share on other sites
James R

James R

Posted
  • Author
Posted

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-11-24 07:12:39

PROTECTIONS: 2

MALWARE: 26

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Symantec Antivirus Corporate Edition 8.0 No No

Norton Antivirus Edition 7.5 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntiVirusLab.zip

00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip

00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip

00032745 adware/sahagent Adware No 0 Yes No c:\sahagent.log

00123310 HackTool/SRunner.B HackTools No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1318\A0130705.exe

00132190 Adware/SAHAgent Adware No 0 No No C:\temp\sahagent.exe[bundle.exe]

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\admin.neil.taylor\Cookies\admin.neil.taylor@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-1547161642-162531612-839522115-32077\Dc8.GWR700210\Cookies\administrator@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\admin.john.coyle\Cookies\admin.john.coyle@atdmt[1].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Steve.Orchard\Cookies\steve.orchard@adultfriendfinder[1].txt

00202347 application/winfixer2005 HackTools No 0 Yes No c:\windows\downloaded program files\uwas6_0001_n68m2301netinstaller.exe

00400835 Generic Trojan Virus/Trojan No 0 Yes No c:\windows\system32\wkssvc32.dll

00400835 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\wkssvc32.dll

00437975 Trj/Tiny.AF Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1323\A0131752.exe

00438911 Trj/Tiny.AF Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1323\A0131768.exe

00441732 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130237.dll

00441732 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1313\A0130183.dll

00441732 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1314\A0130206.dll

00441738 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1316\A0130273.exe

00441748 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130236.exe

00441748 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1316\A0130268.exe

00441748 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1314\A0130205.exe

00441748 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130248.exe

00441748 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1313\A0130184.exe

00441776 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1313\A0130185.exe

00441776 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130238.exe

00441776 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1314\A0130207.exe

03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1323\A0131762.sys

03958670 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1323\A0131529.exe

03974388 Adware/SecurityError Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1323\A0131751.dll

04025193 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130242.exe

04025200 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1322\A0131499.exe

04025200 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1318\A0130661.exe

04025200 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130229.exe

04025200 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1323\A0131769.exe

04025200 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1319\A0130723.exe

04035723 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130251.dll

04044595 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1316\A0130274.exe

04049235 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\890166\890166.dll

04057360 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1313\A0130194.exe

04060465 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130243.exe

04081629 Adware/SecurityError Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130252.exe

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

184380 MEDIUM MS08-002

184379 MEDIUM MS08-001

182048 HIGH MS07-069

182046 HIGH MS07-067

182043 HIGH MS07-064

179553 HIGH MS07-061

176382 HIGH MS07-057

176383 HIGH MS07-058

170911 HIGH MS07-050

170907 HIGH MS07-046

170906 HIGH MS07-045

170904 HIGH MS07-043

164915 HIGH MS07-035

164913 HIGH MS07-033

164911 HIGH MS07-031

160623 HIGH MS07-027

157262 HIGH MS07-022

157261 HIGH MS07-021

157260 HIGH MS07-020

157259 HIGH MS07-019

156477 HIGH MS07-017

150253 HIGH MS07-016

150249 HIGH MS07-013

150248 HIGH MS07-012

150247 HIGH MS07-011

150243 HIGH MS07-008

150242 HIGH MS07-007

150241 MEDIUM MS07-006

141034 HIGH MS06-076

141033 MEDIUM MS06-075

141030 HIGH MS06-072

137571 HIGH MS06-070

137568 HIGH MS06-067

133387 MEDIUM MS06-065

133386 MEDIUM MS06-064

133385 MEDIUM MS06-063

133379 HIGH MS06-057

131654 HIGH MS06-055

129977 MEDIUM MS06-053

129976 MEDIUM MS06-052

126093 HIGH MS06-051

126092 MEDIUM MS06-050

126087 HIGH MS06-046

126086 MEDIUM MS06-045

126083 HIGH MS06-042

126082 HIGH MS06-041

126081 HIGH MS06-040

123421 HIGH MS06-036

123420 HIGH MS06-035

120825 MEDIUM MS06-032

120823 MEDIUM MS06-030

120818 HIGH MS06-025

120815 HIGH MS06-022

120814 HIGH MS06-021

117384 MEDIUM MS06-018

114666 HIGH MS06-015

114664 HIGH MS06-013

108744 MEDIUM MS06-008

108743 MEDIUM MS06-007

108742 MEDIUM MS06-006

104567 HIGH MS06-002

104237 HIGH MS06-001

96574 HIGH MS05-053

93395 HIGH MS05-051

93394 HIGH MS05-050

93454 MEDIUM MS05-049

;===============================================================================

================================================================================

=

===================

Link to post
Share on other sites
James R

James R

Posted
  • Author
Posted

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:17:29, on 24/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSSystem32SCardSvr.exe

C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

C:WINDOWSSystem32Ati2evxx.exe

C:Program FilesDellBluetooth Softwarebinbtwdins.exe

C:Program FilesSymantec_Client_SecuritySymantec AntiVirusDefWatch.exe

C:WINDOWSSYSTEM32DWRCS.EXE

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

C:Program FilesSymantec_Client_SecuritySymantec AntiVirusRtvscan.exe

C:WINDOWSSystem32wdfmgr.exe

C:WINDOWSSystem32alg.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSYSTEM32DWRCST.exe

C:Program FilesApointApoint.exe

C:Program FilesCommon FilesRealUpdate_OBrealsched.exe

C:PROGRA~1SYMANT~1SYMANT~1vptray.exe

C:Program FilesApointApntex.exe

C:Program FilesNapsternapster.exe

C:Program FilesiTunesiTunesHelper.exe

C:Program FilesMessengerMSMSGS.EXE

C:WINDOWSsystem32ctfmon.exe

C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

C:Program FilesAdobeAcrobat 5.0DistillrAcroTray.exe

C:Program FilesDellBluetooth SoftwareBTTray.exe

C:Program FilesGoogleGoogle Calendar SyncGoogleCalendarSync.exe

C:Program FilesLogitechSetPointKEM.exe

C:Program FilesMindjetMindManager 5sysPDFENUW2KPDFSaver.exe

C:Program FilesLogitechSetPointKHALMNPR.EXE

C:PROGRA~1DellBLUETO~1BTSTAC~1.EXE

C:Program FilesiPodbiniPodService.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:PROGRA~1MICROS~2Office12OUTLOOK.EXE

C:WINDOWSsystem32NOTEPAD.EXE

C:Documents and SettingsSteve.OrchardLocal SettingsTemporary Internet FilesContent.IE549UZG5U7HiJackThis[1].exe

C:WINDOWSSystem32wbemwmiprvse.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.bbc.co.uk/weather/5day.shtml

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:9090

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local;<local>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_219B3E1547538286.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll

O4 - HKLM..Run: [Apoint] C:Program FilesApointApoint.exe

O4 - HKLM..Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM..Run: [TkBellExe] C:Program FilesCommon FilesRealUpdate_OBrealsched.exe -osboot

O4 - HKLM..Run: [vptray] C:PROGRA~1SYMANT~1SYMANT~1vptray.exe

O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM..Run: [EPSON Stylus C86 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86"

O4 - HKLM..Run: [NapsterShell] C:Program FilesNapsternapster.exe /systray

O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe

O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"

O4 - HKLM..Run: [systray] C:windowsmstre8.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengerMSMSGS.EXE" /background

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

O4 - HKCU..Run: [ssAAD.exe] C:PROGRA~1SonySONICS~1SsAAD.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:Program FilesAdobeAcrobat 5.0DistillrAcroTray.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Google Calendar Sync.lnk = C:Program FilesGoogleGoogle Calendar SyncGoogleCalendarSync.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:Program FilesLogitechSetPointKEM.exe

O4 - Global Startup: MindManager PDF Writer.lnk = C:Program FilesMindjetMindManager 5sysPDFENUW2KPDFSaver.exe

O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: SfxXML - http://ada2004.capital/Download/SfxXMLData.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O17 - HKLMSystemCCSServicesTcpipParameters: Domain = uk.gwrgroup.com

O17 - HKLMSoftware..Telephony: DomainName = uk.gwrgroup.com

O17 - HKLMSystemCS1ServicesTcpipParameters: Domain = uk.gwrgroup.com

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:Player__CDS2.dll (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSSystem32Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM Inc. - C:Program FilesDellBluetooth Softwarebinbtwdins.exe

O23 - Service: DefWatch - Symantec Corporation - C:Program FilesSymantec_Client_SecuritySymantec AntiVirusDefWatch.exe

O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:WINDOWSSYSTEM32DWRCS.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:Program FilesSonyIMAGE CONVERTER 3ICScsiSV.exe

O23 - Service: IcVzMonLauncher - Sony Corporation - C:Program FilesSonyIMAGE CONVERTER 3IcVzMonLauncher.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:Program FilesSonyIMAGE CONVERTER 3IcVzMon.exe

O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe

O23 - Service: Windows Media (lrsman) - Unknown owner - C:WINDOWSsystemsvchost.exe (file missing)

O23 - Service: MSCSPTISRV - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:Program FilesSymantec_Client_SecuritySymantec AntiVirusRtvscan.exe

O23 - Service: PACSPTISVR - Unknown owner - C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe

--

End of file - 9394 bytes

Link to post
Share on other sites
James R

James R

Posted
  • Author
Posted
Hi James R and welcome to Malwarebytes. Please update MBAM, run a quick scan and post that log and and a new HJT log. Be sure you use the reply button at the bottom of the page and do not start a new topic. Post all responses into this topic.

Malwarebytes' Anti-Malware 1.30

Database version: 1423

Windows 5.1.2600 Service Pack 2

25/11/2008 19:50:56

mbam-log-2008-11-25 (19-50-35).txt

Scan type: Quick Scan

Objects scanned: 69088

Time elapsed: 11 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\z444.z444mgr (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{a48fe9ac-dd02-4ff7-9211-b7ba9a2c8bf2} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\z444.z444mgr.1 (Trojan.BHO) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systray (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\WINDOWS\system32\890166 (Trojan.BHO) -> No action taken.

Files Infected:

C:\WINDOWS\system32\890166\890166.dll (Trojan.BHO) -> No action taken.

Link to post
Share on other sites
James R

James R

Posted
  • Author
Posted
Hi James R and welcome to Malwarebytes. Please update MBAM, run a quick scan and post that log and and a new HJT log. Be sure you use the reply button at the bottom of the page and do not start a new topic. Post all responses into this topic.

Update after deleting quarantined items...

alwarebytes' Anti-Malware 1.30

Database version: 1423

Windows 5.1.2600 Service Pack 2

25/11/2008 19:54:11

mbam-log-2008-11-25 (19-54-11).txt

Scan type: Quick Scan

Objects scanned: 69088

Time elapsed: 11 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\z444.z444mgr (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a48fe9ac-dd02-4ff7-9211-b7ba9a2c8bf2} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\z444.z444mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systray (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\WINDOWS\system32\890166 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\890166\890166.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Link to post
Share on other sites
James R

James R

Posted
  • Author
Posted
Hi James R and welcome to Malwarebytes. Please update MBAM, run a quick scan and post that log and and a new HJT log. Be sure you use the reply button at the bottom of the page and do not start a new topic. Post all responses into this topic.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:58:25, on 25/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\SYSTEM32\DWRCS.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SYSTEM32\DWRCST.exe

C:\Program Files\Apoint\Apoint.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Napster\napster.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Dell\Bluetooth Software\BTTray.exe

C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Steve.Orchard\Local Settings\Temporary Internet Files\Content.IE5\41O387C3\HiJackThis[1].exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86"

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O4 - Global Startup: MindManager PDF Writer.lnk = C:\Program Files\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: SfxXML - http://ada2004.capital/Download/SfxXMLData.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = uk.gwrgroup.com

O17 - HKLM\Software\..\Telephony: DomainName = uk.gwrgroup.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = uk.gwrgroup.com

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe

O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Windows Media (lrsman) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--

End of file - 9820 bytes

Link to post
Share on other sites
Katana

Katana

Posted
Posted

Hi James R,

I'm sorry for the delay, Jean' isn't available at the moment

If you still require help, please do the following

Download and Run ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.