Jump to content

Trouble deleting files


Recommended Posts

Hi, and thanks SO much for helping.

It's nice to know that there are good guys out there, as well as bad guys.

I'm afraid I'm a complete rookie with all this, so I'm not sure what info you need...

I have a Dell Inspiron 6000 with XP. I got the stupid "koobface" thing not long ago, and then the AntiVirus Response Lab 2009 popped up. I ran Symantec before I clicked it, so the pop-up screen has not returned, but it seems to have left some stragglers in my system, with the results that I can't run Symantec, and can't open IE and some other software except in Safe Mode. MBAM took care of some of it, but the ones that are left won't delete; every time I try, MBAM freezes.

As per the instructions, I ran MBAM and Panda, and I will post the logs below. I will run HJT later today and post ASAP.

Again, thanks so very much for being there. Really very much appreciated.

MBAM log:

Malwarebytes' Anti-Malware 1.31

Database version: 1464

Windows 5.1.2600 Service Pack 3

10/12/2008 1:34:40 AM

mbam-log-2008-12-10 (01-34-26).txt

Scan type: Quick Scan

Objects scanned: 58741

Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 4

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\Documents and Settings\Tony Antoniades\0E513D7E8235ADE0\0E513D7E8235ADE0.x86 (Rootkit.Zlob) -> No action taken.

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d695b871-8020-4041-a6d2-59f922e1b2e2} (Trojan.Zlob) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\avrlabs (Rogue.AntiVirusLab) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avrlabs (Rogue.AntiVirusLab) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Tony Antoniades\0E513D7E8235ADE0\0E513D7E8235ADE0.x86 (Rootkit.Zlob) -> No action taken.

PANDA log:

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-10 01:21:00

PROTECTIONS: 1

MALWARE: 98

SUSPECTS: 7

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Symantec Antivirus Corporate Edition 10.1 No Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\tony_antoniades@trafficmp[1].txt

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@trafficmp[1].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\tony_antoniades@casalemedia[2].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@casalemedia[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\tony_antoniades@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@doubleclick[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\tony_antoniades@atdmt[2].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@tradedoubler[2].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@247realmedia[2].txt

00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@targetnet[2].txt

00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@bfast[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@fastclick[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\tony_antoniades@fastclick[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@tribalfusion[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\tony_antoniades@mediaplex[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@mediaplex[1].txt

00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@sexlist[1].txt

00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@spylog[1].txt

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@anm.co[1].txt

00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@paycounter[2].txt

00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@clickbank[1].txt

00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@maxserving[2].txt

00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@ccbill[1].txt

00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@belnk[1].txt

00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@revenue[2].txt

00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@dist.belnk[2].txt

00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@www.myaffiliateprogram[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@com[2].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@yadro[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@xiti[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt

00167708 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@c2.gostats[2].txt

00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@hotlog[1].txt

00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@tickle[1].txt

00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@z1.adserver[1].txt

00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@gostats[1].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@toplist[1].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@statcounter[2].txt

00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@counter.hitslink[1].txt

00167761 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@counter8.sextracker[2].txt

00167765 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@hg1.hitbox[2].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@perf.overture[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@ad.yieldmanager[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\tony_antoniades@apmebf[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@apmebf[2].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@burstnet[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\tony_antoniades@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\tony_antoniades@bs.serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@bs.serving-sys[2].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@www.burstbeacon[2].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@weborama[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@adtech[2].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@server.iad.liveperson[4].txt

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@stat.onestat[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\tony_antoniades@advertising[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@advertising[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt

00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@sextracker[2].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@media.adrevolver[3].txt

00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@adopt.hbmediapro[1].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@statse.webtrendslive[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@ads.pointroll[2].txt

00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@fortunecity[2].txt

00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@hc2.humanclick[2].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@overture[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@realmedia[1].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@terra.com[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@questionmarket[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\tony_antoniades@questionmarket[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@zedo[1].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\tony_antoniades@bluestreak[1].txt

00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@cs.sexcounter[2].txt

00180153 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@counter2.sextracker[1].txt

00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@xxxcounter[1].txt

00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@phg.hitbox[2].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@adrevolver[2].txt

00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@stats1.reliablestats[2].txt

00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@bravenet[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\tony_antoniades@go[2].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@go[1].txt

00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@valueclick[2].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@searchportal.information[1].txt

00206953 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@counter14.sextracker[2].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@target[1].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@did-it[2].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@adviva[1].txt

00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@i.screensavers[2].txt

00217990 Cookie/WinFixer TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@winfixer[2].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@atwola[2].txt

00262021 Cookie/Kmpads TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@kmpads[2].txt

00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@www3.addfreestats[1].txt

00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@www6.addfreestats[1].txt

00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\tony_antoniades@ehg-dig.hitbox[2].txt

00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@ehg-dig.hitbox[1].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@ads.addynamix[2].txt

00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@citi.bridgetrack[2].txt

00335980 Application/MyWay HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0128776.dll

00472244 W32/Boface.H.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0128791.exe

00473024 Rootkit/Agent.LBM Virus/Trojan No 0 Yes No C:\Documents and Settings\Tony Antoniades\0E513D7E8235ADE0\0E513D7E8235ADE0

00473085 Trj/Agent.LBN Virus/Trojan No 0 Yes No C:\Documents and Settings\Tony Antoniades\0E513D7E8235ADE0\0E513D7E8235ADE0.x86

01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@enhance[2].txt

01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony_antoniades@adserver.easyad[1].txt

02261869 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Tony Antoniades\Cookies\tony antoniades@counter12.sextracker[1].txt

03419914 Trj/Rebooter.J Virus/Trojan No 0 Yes No C:\Program Files\Asistente Prodigy\ctrbt.exe

03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0128792.sys

04287476 Application/VirusHeat HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0128775.dll

04294455 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0128765.dll

04294455 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0127732.dll

04294455 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0128743.dll

04294455 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0128753.dll

04294455 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0128732.dll

04294455 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0128777.dll

04300924 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0128766.exe

04300924 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0127733.exe

04300924 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0128733.exe

04300924 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0128780.exe

04300924 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0128754.exe

04301005 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0128781.exe

04301356 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0128782.exe

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location z

;===============================================================================

================================================================================

=

===================

No C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\404Fix.exe z

No C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\IEDFix.C.exe z

No C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\VACFix.exe z

No C:\WINDOWS\system32\404Fix.exe z

No C:\WINDOWS\system32\IEDFix.C.exe z

No C:\WINDOWS\system32\o4Patch.exe z

No C:\WINDOWS\system32\VACFix.exe z

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description z

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Link to post
Share on other sites

Here's the HiJack This log:

(I forgot to mention, too - I'm not sure if this makes any difference but I ran all these scans in safe mode - does that invalidate the results? Sorry o be so stupid.)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:57:04, on 10/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wikipedia.org

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.ca.dell.com/content/default.as...;l=en&s=gen

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=71067

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB9579] command /c del "C:\Program Files\Enigma Software Group\SpyHunter\SHDS.mht"

O4 - HKCU\..\RunOnce: [spybotDeletingD4340] cmd /c del "C:\Program Files\Enigma Software Group\SpyHunter\SHDS.mht"

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://smms.sub.fulfillment.puretracks.com/onager_smms.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6A615BCC-676D-41AA-AB4E-C1860690FFB4} (CFXEngine Object) - http://www.blacksmemorables.com/RocketLife.cab

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/...tupv2.0.0.9.cab?

O18 - Protocol: rlfile - {F541A92B-CDC2-4B7C-BEF1-C7443070F3D8} - C:\WINDOWS\Downloaded Program Files\RocketEngine.dll

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: WLANKEEPER - Intel

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.