Jump to content

Please Help with these logs


Recommended Posts

Hi

I have been asked by another forum to post here: See http://www.malwarebytes.org/forums/index.p...amp;#entry37050

Here is my Malwarebytes log and below is the HJT log.

I am still running the Panda scan and will post it shortly.

Thanks

Malwarebytes' Anti-Malware 1.30

Database version: 1439

Windows 5.1.2600 Service Pack 2

2008-11-30 4:23:48 PM

mbam-log-2008-11-30 (16-23-48).txt

Scan type: Quick Scan

Objects scanned: 70353

Time elapsed: 21 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.

________________________________________________________________________________

___________________

Logfile of HijackThis v1.99.1

Scan saved at 4:08:26 PM, on 2008-11-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\tlntsvr.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\Webshots\Webshots.scr

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\rsvp.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\Explorer.EXE

C:\MGtools.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\ntvdm.exe

C:\MGtools\vfind.exe

C:\HJT\Alice.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java

Link to post
Share on other sites

Ok here is the pandasecurity scan log as promised.

Hopefully someone will be able to offer help.

Thanks

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-11-30 23:43:00

PROTECTIONS: 1

MALWARE: 18

SUSPECTS: 27

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Avira AntiVir PersonalEdition 8.0.1.30 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@com[1].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Program Files\Common Files\Stationery\Internet Explorer\Cookies\alice@target[2].txt

00387058 W32/Flux.DP.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP311\A0079941.inf

00463279 Trj/Zlob.gen Virus/Trojan No 0 Yes No C:\Documents and Settings\Alice\My Documents\downloads\Maintenance\drivers\uniblue driver scanner\Keygen.Uniblue.Driver.Scanner.2009.2.0.0.26.c3222.exe

01010893 Adware/SaveNow Adware No 0 Yes No C:\Documents and Settings\Alice\My Documents\Old Computer\downloads\browsers and stuff\favsrch.exe

01010893 Adware/SaveNow Adware No 0 Yes No C:\Documents and Settings\Alice\My Documents\Emachine files\downloads\browsers and stuff\favsrch.exe

01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\All Users\Documents\My Docs from Emachine\Downloads\Maintenance\combofix\ComboFix.exe[C:\Documents and Settings\All Users\Documents\My Docs from Emachine\Downloads\Maintenance\combofix\ComboFix.exe][nircmd.exe]

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\ComboFix\nircmd.com

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\ComboFix\nircmd.cfexe

01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Alice\My Documents\downloads\Maintenance\combofix\ComboFix.exe[C:\Documents and Settings\Alice\My Documents\downloads\Maintenance\combofix\ComboFix.exe][nircmd.exe]

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\All Users\Documents\My Docs from Emachine\Business\ebooks\WBR.exe

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Alice\My Documents\Business\ebooks\WBR.exe

03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Documents and Settings\Alice\My Documents\downloads\Torrent Downloads\Ultimate Selling Point by Donald Moine and Ken.Llyod.rar[ultimate Selling Point by Donald Moine and Ken.Llyod.exe][info-text.exe]

03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Documents and Settings\Alice\My Documents\downloads\Torrent Downloads\ESET_NOD32_Antivirus_3.0.667_-_32_Bit\ESET_NOD32_Antivirus_3.0.667_-_32_Bit.rar[eav_nt32_enu_30667.msi][eav_nt32_enu_30667.msi][file.exe][payload.ex

e]

03255966 Adware/WinSpywareProtect Adware No 0 No No C:\Documents and Settings\Alice\My Documents\downloads\Torrent Downloads\ESET_NOD32_Antivirus_3.0.667_-_32_Bit\ESET_NOD32_Antivirus_3.0.667_-_32_Bit.rar[eav_nt32_enu_30667.msi][eav_nt32_enu_30667.msi][file.exe][MediaTubeC

odec_ver1.1504.0.exe]

03432039 Trj/Hino.F Virus/Trojan No 1 No No C:\Documents and Settings\Alice\My Documents\downloads\Torrent Downloads\ESET_NOD32_Antivirus_3.0.667_-_32_Bit\ESET_NOD32_Antivirus_3.0.667_-_32_Bit.rar[eav_nt32_enu_30667.msi][eav_nt32_enu_30667.msi][file.exe][mpxpaq.exe

][mpxu.exe]

03469190 Adware/SecurityError Adware No 0 No No C:\Documents and Settings\Alice\My Documents\downloads\Torrent Downloads\Version Tracker Pro 4.1 Serials Keygen Keymaker Crack Works Latest Version\VersionTracker_Pro_Windows_4_1.exe[setup_ver1.1482.0.exe]

03469674 Trj/Zlob.IS Virus/Trojan No 1 No No C:\Documents and Settings\Alice\My Documents\downloads\Torrent Downloads\ESET_NOD32_Antivirus_3.0.667_-_32_Bit\ESET_NOD32_Antivirus_3.0.667_-_32_Bit.rar[eav_nt32_enu_30667.msi][eav_nt32_enu_30667.msi][file.exe][mpxpaq.exe

][mpx.exe]

03541233 HackTool/Rebooter HackTools No 0 Yes No C:\Documents and Settings\All Users\Documents\My Docs from Emachine\Downloads\Maintenance\smitfraudfix\SmitfraudFix\Reboot.exe

03541233 HackTool/Rebooter HackTools No 0 Yes No C:\Documents and Settings\Alice\Desktop\SmitfraudFix\Reboot.exe

03541233 HackTool/Rebooter HackTools No 0 Yes No C:\Documents and Settings\Alice\My Documents\downloads\Maintenance\smitfraudfix\SmitfraudFix\Reboot.exe

03799468 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Alice\My Documents\Emachine files\DESIGN\SETUP.EXE

03799468 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Alice\My Documents\Emachine files\downloads\1stpage\setup.exe

03799468 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Alice\My Documents\Old Computer\downloads\1stpage\setup.exe

03799468 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Alice\My Documents\Emachine files\downloads\zipped downloads\1stpage2.zip[setup.exe]

03799468 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Alice\My Documents\Emachine files\downloads\chats\vplaces\downloads\1stpage2.zip[setup.exe]

03799468 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Alice\My Documents\Old Computer\downloads\chats\vplaces\downloads\1stpage2.zip[setup.exe]

03799468 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Alice\My Documents\Old Computer\downloads\zipped downloads\1stpage2.zip[setup.exe]

03799468 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Alice\My Documents\Old Computer\DESIGN\SETUP.EXE

03879004 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Alice\My Documents\Business\ebooks\codymoya nicheproducts\Insider.zip[insider.exe]

03899005 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Alice\My Documents\downloads\Maintenance\combofix\ComboFix.exe[C:\Documents and Settings\Alice\My Documents\downloads\Maintenance\combofix\ComboFix.exe][ntp.exe]

03899005 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\All Users\Documents\My Docs from Emachine\Downloads\Maintenance\combofix\ComboFix.exe[C:\Documents and Settings\All Users\Documents\My Docs from Emachine\Downloads\Maintenance\combofix\ComboFix.exe][ntp.exe]

03918965 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Alice\My Documents\Emachine files\downloads\pdfpassword remover\pdfpasswordremoverv2.2keygencafe\keygen.exe

03918965 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Alice\My Documents\Emachine files\downloads\pdfpassword remover\pdfpasswordremoverv2.2keygencafe.zip[keygen.exe]

03933950 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Alice\My Documents\downloads\Maintenance\spyware doctor\install.exe

04199390 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Documents and Settings\Alice\My Documents\downloads\evrsoft\fp2006-final-3.00-setup.zip[fp2006-final-3.00-setup.exe]

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

No C:\Documents and Settings\Alice\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (go 889\Sent items\048F024F-0000007D.eml[ColorSchemer_17.zip][Portable_Color_Schemer.exe]

No C:\Documents and Settings\Alice\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (go 889\Sent items\2FF97824-0000008E.eml[ColorSchemer_17.zip][Portable_Color_Schemer.exe]

No C:\Documents and Settings\Alice\My Documents\downloads\Maintenance\drivers\uniblue driver scanner\Keygen.Uniblue.Driver.Scanner.2009.2.0.0.26.c3222.exe[jah32220.exe]

No C:\Documents and Settings\Alice\My Documents\downloads\Maintenance\RegCure\regcure.1.x.x.xx-patch.exe

No C:\Documents and Settings\Alice\My Documents\downloads\produkey\RegCure.1.x.x.x-Patch_CiM.zip[regcure.1.x.x.xx-patch.exe]

No C:\Documents and Settings\Alice\My Documents\Emachine files\DESIGN\1STPAGE.EXE

No C:\Documents and Settings\Alice\My Documents\free leads\50 free\sent to jason\ColorSchemer_17.zip[Portable_Color_Schemer.exe]

No C:\Documents and Settings\Alice\My Documents\Emachine files\downloads\starter\start561.zip[starterSetup.exe]

No C:\Documents and Settings\Alice\My Documents\Emachine files\downloads\starter\start561.zip[starterSetup.exe][starter.exe]

No C:\Documents and Settings\Alice\My Documents\Emachine files\downloads\X fonter\X-Fonter-setup.exe

No C:\Documents and Settings\Alice\My Documents\free leads\50 free.zip[50 free/ColorSchemer_17.zip][Portable_Color_Schemer.exe]

No C:\Documents and Settings\Alice\My Documents\Old Computer\DESIGN\1STPAGE.EXE

No C:\Documents and Settings\Alice\My Documents\Old Computer\downloads\starter\start561.zip[starterSetup.exe][starter.exe]

No C:\Documents and Settings\Alice\My Documents\Old Computer\downloads\starter\start561.zip[starterSetup.exe]

No C:\Documents and Settings\Alice\My Documents\My PSP8 Files\Plugins\aetherize\Silver.v1.30.Keygen.exe

No C:\Documents and Settings\Alice\My Documents\My PSP8 Files\Plugins\aetherize\Swerve.v1.30.Keygen.exe

No C:\Documents and Settings\Alice\My Documents\My PSP8 Files\Plugins\aetherize\Twist.v1.30.Keygen.exe

No C:\Documents and Settings\Alice\My Documents\My PSP8 Files on emachine (Emachine)\Plugins\aetherize\Silver.v1.30.Keygen.exe

No C:\Documents and Settings\Alice\My Documents\My PSP8 Files on emachine (Emachine)\Plugins\aetherize\Swerve.v1.30.Keygen.exe

No C:\Documents and Settings\Alice\My Documents\My PSP8 Files on emachine (Emachine)\Plugins\aetherize\Twist.v1.30.Keygen.exe

No C:\Documents and Settings\Alice\My Documents\Old Computer\downloads\X fonter\X-Fonter-setup.exe

No C:\Documents and Settings\All Users\Documents\My Docs from Emachine\free leads\50 free\sent to jason\ColorSchemer_17.zip[Portable_Color_Schemer.exe]

No C:\Documents and Settings\All Users\Documents\My Docs from Emachine\free leads\50 free.zip[50 free/ColorSchemer_17.zip][Portable_Color_Schemer.exe]

No C:\Documents and Settings\All Users\Documents\Scott (To be copyed over to toshiba)\Gms\Enhancer\Starcraft\STAR-KEY.EXE

No C:\Documents and Settings\All Users\Start Menu\Programs\Weather Alarm Clock\WeatherClock.exe

No C:\Program Files\RegCure\regcure.1.x.x.xx-patch.exe

No H:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP314\A0080146.COM

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

108742 MEDIUM MS06-006

;===============================================================================

================================================================================

=

===================

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.