Jump to content

Also have multiple problems


Recommended Posts

Hi,

My wife's computer has been very compromised by multiple types of malware, trojens and such.

I ran Malware, Panda scan and Hijack this (in that order). I have all the logs and was wondering if someone could

help me clean this mess up.

I'm assuming you'll want the log files I've collected but will not post them until requested.

Thank you for any assistance.

worldview

Link to post
Share on other sites

Here are my log files in the order of Malware, Pandascan and Hijackthis:

Malwarebytes' Anti-Malware 1.31

Database version: 1499

Windows 5.1.2600 Service Pack 2

12/14/2008 10:18:55 AM

mbam-log-2008-12-14 (10-18-55).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 113197

Time elapsed: 38 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 4

Registry Keys Infected: 41

Registry Values Infected: 2

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 65

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\efccYRjJ.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\mbgeagdk.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\jkublg.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\ovrwij.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45fb83eb-2650-4537-9604-c2e24c338333} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{45fb83eb-2650-4537-9604-c2e24c338333} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6885d80-b695-444e-ab8c-86ebcee6b373} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a6885d80-b695-444e-ab8c-86ebcee6b373} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f04fcb0b-8814-4a7f-9215-b2da3dc99f19} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f04fcb0b-8814-4a7f-9215-b2da3dc99f19} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a6885d80-b695-444e-ab8c-86ebcee6b373} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{45fb83eb-2650-4537-9604-c2e24c338333} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f04fcb0b-8814-4a7f-9215-b2da3dc99f19} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.tb (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0cb66ba8-5e1f-4963-93d1-e1d6b78fe9a2} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f10de2b-e923-4548-b524-4d9c5fa80777} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusheat 4.3.exe 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusheat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\virusheat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b43342b9 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efccyrjj -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efccyrjj -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\efccYRjJ.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\JjRYccfe.ini (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\JjRYccfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jkublg.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\ovrwij.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\eeenkpwy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ywpkneee.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mbgeagdk.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\kdgaegbm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ofsqxyul.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\luyxqsfo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rmroxori.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iroxormr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\snxhuxho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ohxuhxns.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vfwffowl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lwoffwfv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vgwjtgnu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ungtjwgv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wwquysih.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hisyuqww.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xkigetri.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\irtegikx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1V6SUZWZ\zc113432[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DX9WRHAM\index[2] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DX9WRHAM\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VMUXUWYB\zc113432[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\blxnqbij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\buulzo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cduqdjiy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\derxsl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dfrwxu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dnjiywqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\euarlj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\flhxuwsy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\icmebm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\imwxqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jpcxry.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kyitihyg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lmbagf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\maoaeexx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mbshax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\momyzs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\oqrtwd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\oxvmrdpc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rmkqrigc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rnhtyycp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rrmaqfvy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\telnjpci.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ufdotehm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ujlqgsds.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uocamtvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vbnmxtdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wfkddgjv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wnpxku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ijmifppo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ijtuha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msywjv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xbykheoh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yndpaa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zohnqp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ENCounterSpyConsumer.2.5.1040.0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.

Panda Scan

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-14 12:50:08

PROTECTIONS: 0

MALWARE: 49

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00065327 adware/coolsavings Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{549f957e-2f89-11d6-8cfe-00c04f52b225}

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt

00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@as-eu.falkag[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt

00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@linksynergy[2].txt

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@anm.co[2].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@com[1].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@yadro[1].txt

00167681 Cookie/Dbbsrv TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@dbbsrv[1].txt

00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ehg.hitbox[2].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt

00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@web.tickle[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adtech[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[3].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt

00172447 Cookie/Inet-Traffic TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@inet-traffic[1].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@searchportal.information[1].txt

00205140 Cookie/Research-int TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@research-int[1].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@target[1].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@did-it[2].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt

00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@www3.addfreestats[1].txt

00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@www6.addfreestats[1].txt

00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@www1.addfreestats[1].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt

00456116 Adware/Antivirus2009 Adware No 0 Yes No C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WK97E6EJ\freescan[1].htm

00462839 Adware/XPAntivirusPro Adware No 0 Yes No C:\WINDOWS\system32\epmvkjlk.dll

00462839 Adware/XPAntivirusPro Adware No 0 Yes No C:\WINDOWS\system32\nkogix.dll

01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@enhance[2].txt

01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adserver.easyad[2].txt

02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@advancedcleaner[2].txt

02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@h.starware[2].txt

04316284 Adware/Xpantivirus2008 Adware No 0 Yes No C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8VOVMVX4\InstallAVg_880757[1].exe

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location İ

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description İ

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Hijack this scan

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:51:24 PM, on 12/14/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.a...mp;bm=ho_search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cgi.verizon.net/bookmarks/bmredir.a...&bm=ho_home

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll

O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe

O4 - HKCU\..\Run: [sFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O20 - AppInit_DLLs: jkublg.dll

O20 - Winlogon Notify: awtuUNeC - awtuUNeC.dll (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe

--

End of file - 4282 bytes

Computer: emachine Celeron CPU 2.80 GHs with 240 MB RAM Windows XP SP2.

This computer is using the Windows XP firewall with updates being set to 'Notify'.

I'm still having an issue with the false pop-up about virus infections. Also, I have Counter Spy installed and all it wants to do now is update it's signature but when try to do this it goes to the Document\Temp folder. This makes

me believe it's been compromised too.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.