Jump to content

Hidden Browser Hijacker


Recommended Posts

Malwarebytes' Anti-Malware 1.31

Database version: 1478

Windows 6.0.6001 Service Pack 1

12/9/2008 12:56:50 PM

mbam-log-2008-12-09 (12-56-50).txt

Scan type: Quick Scan

Objects scanned: 49059

Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

--------------------------------------------------

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-09 12:45:13

PROTECTIONS: 1

MALWARE: 20

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Windows Defender 1.1.4205.0 No Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@trafficmp[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@atdmt[3].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@atdmt[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@tribalfusion[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@mediaplex[2].txt

00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@7search[2].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@com[2].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@com[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@apmebf[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@bs.serving-sys[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@server.iad.liveperson[3].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@server.iad.liveperson[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@advertising[1].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@statse.webtrendslive[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@ads.pointroll[2].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@did-it[1].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@did-it[2].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@atwola[2].txt

00471463 HackTool/NTIllusion.A HackTools No 0 Yes No C:\Windows\System32\CF7FD9F41ACB5464\CF7FD9F41ACB5464

00471477 HackTool/NTIllusion.A HackTools Yes 0 Yes No C:\Windows\system32\CF7FD9F41ACB5464\CF7FD9F41ACB5464.x86

01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Users\Yesenia\AppData\Roaming\Microsoft\Windows\Cookies\yesenia@enhance[2].txt

03738686 Generic Malware Virus/Trojan No 0 No No C:\SDFix.exe[C:\SDFix.exe][sDFix\catchme.exe]

03738686 Generic Malware Virus/Trojan No 0 No No C:\SDFix.exe[C:\SDFix.exe][sDFix\apps\Cghtme.exe]

03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\catchme.exe

03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\apps\Cghtme.exe

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location ;

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description ;

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:59:10 PM, on 12/9/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Lexmark 2600 Series\lxdnmon.exe

C:\Windows\sttray.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe

C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"

O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F6E9A950-69C9-436D-9FBC-F0A5AA7056D7}: NameServer = 68.12.16.30,68.2.16.30

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe

O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe

O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)

O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)

O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: UStorage Server Service - OTi - C:\Windows\system32\UStorSrv.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9472 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.