Jump to content

Can't remove trojan.BHO.H


Recommended Posts

Have not been able to remove a trojan from one of our machines. Even when I reboot after running Malwarebytes' Anti-Malware, the trojan is still there. Requested logs are posted below. Appreciate any help I can get.

Malwarebytes' Anti-Malware 1.31

Database version: 1506

Windows 5.1.2600 Service Pack 2

12/16/08 12:00:07 PM

mbam-log-2008-12-16 (12-00-07).txt

Scan type: Quick Scan

Objects scanned: 69020

Time elapsed: 13 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f084bff7-2bed-4850-bf91-8c2be85fa65e} (Trojan.BHO.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{f084bff7-2bed-4850-bf91-8c2be85fa65e} (Trojan.BHO.H) -> Delete on reboot.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\adsnd.dll (Trojan.BHO.H) -> Delete on reboot.

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-16 13:39:28

PROTECTIONS: 1

MALWARE: 67

SUSPECTS: 3

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Symantec Antivirus Corporate Edition 9.0 No Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@trafficmp[5].txt

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@trafficmp[4].txt

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@trafficmp[3].txt

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@trafficmp[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@doubleclick[4].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@doubleclick[3].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@atdmt[4].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@atdmt[5].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@atdmt[6].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@atdmt[7].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@atdmt[3].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@atdmt[1].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@tradedoubler[2].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@247realmedia[3].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@247realmedia[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@247realmedia[4].txt

00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@bfast[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@fastclick[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@fastclick[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@tribalfusion[3].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@tribalfusion[2].txt

00145734 Cookie/Affiliate fuel TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@www.affiliatefuel[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@mediaplex[3].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@mediaplex[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@mediaplex[1].txt

00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@linksynergy[1].txt

00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@linksynergy[2].txt

00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@clickbank[3].txt

00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@clickbank[1].txt

00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@maxserving[2].txt

00149104 Cookie/Date TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@date[2].txt

00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\office\Cookies\office@belnk[1].txt

00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@findwhat[1].txt

00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\office\Cookies\office@dist.belnk[2].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@com[3].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@com[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@com[4].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@com[2].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@xiti[1].txt

00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@hotlog[1].txt

00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@hotlog[2].txt

00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@tickle[2].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@azjmp[3].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@azjmp[4].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@azjmp[2].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@azjmp[1].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@toplist[1].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@toplist[2].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@statcounter[1].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@statcounter[4].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@statcounter[2].txt

00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@counter.hitslink[1].txt

00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@counter.hitslink[2].txt

00167765 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@hg1.hitbox[2].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@perf.overture[2].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@perf.overture[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@ad.yieldmanager[7].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@apmebf[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@apmebf[5].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@apmebf[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@apmebf[3].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@burstnet[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@serving-sys[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@serving-sys[3].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@bs.serving-sys[4].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@bs.serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@bs.serving-sys[3].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@bs.serving-sys[2].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@www.burstbeacon[2].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@www.burstbeacon[1].txt

00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@as-us.falkag[1].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@weborama[2].txt

00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@web.tickle[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@adtech[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@server.iad.liveperson[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@server.iad.liveperson[4].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@server.iad.liveperson[6].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@server.iad.liveperson[3].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@server.iad.liveperson[2].txt

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@stat.onestat[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@advertising[4].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@advertising[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@advertising[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@advertising[3].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@adrevolver[4].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@adrevolver[5].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@adrevolver[6].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@adrevolver[2].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@statse.webtrendslive[3].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@statse.webtrendslive[2].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@statse.webtrendslive[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@ads.pointroll[3].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@ads.pointroll[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@ads.pointroll[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@ads.pointroll[4].txt

00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@fortunecity[2].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@overture[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@overture[2].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@overture[3].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@realmedia[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@realmedia[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@questionmarket[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@questionmarket[5].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@questionmarket[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@questionmarket[3].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@questionmarket[4].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@zedo[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@zedo[3].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@zedo[2].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@bluestreak[3].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@bluestreak[2].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@adrevolver[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@adrevolver[3].txt

00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@bravenet[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@go[2].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@go[1].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@searchportal.information[1].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@target[2].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@target[1].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@did-it[3].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@did-it[1].txt

00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@i.screensavers[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@atwola[4].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@atwola[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@atwola[2].txt

00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@cgi-bin[1].txt

00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@ehg-dig.hitbox[2].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@ads.addynamix[2].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@ads.addynamix[1].txt

00367121 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@90594700[2].txt

00478666 Application/AdwareAlert HackTools No 0 Yes No C:\Documents and Settings\ksmith\Local Settings\Temporary Internet Files\Content.IE5\GPIVG1I3\setupxv[1].exe

02883618 Adware/AVSystemCare Adware No 0 Yes No C:\WINDOWS\system32\adsnd.dll

02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@advancedcleaner[1].txt

02897170 Rootkit/Agent.HWS HackTools No 0 Yes No C:\WINDOWS\system32\drivers\aoatavju.dat

02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@h.starware[2].txt

02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\ksmith\Cookies\ksmith@h.starware[1].txt

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\system32\adsnd.1

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location Z

;===============================================================================

================================================================================

=

===================

No C:\WINDOWS\Installer\10b4170.msi[unk_0100] Z

No C:\WINDOWS\system32\adsnd.4 Z

No C:\WINDOWS\system32\adsnd.5 Z

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description Z

;===============================================================================

================================================================================

=

===================

184380 MEDIUM MS08-002 Z

184379 MEDIUM MS08-001 Z

182048 HIGH MS07-069 Z

182046 HIGH MS07-067 Z

182043 HIGH MS07-064 Z

179553 HIGH MS07-061 Z

176382 HIGH MS07-057 Z

176383 HIGH MS07-058 Z

170911 HIGH MS07-050 Z

170907 HIGH MS07-046 Z

170906 HIGH MS07-045 Z

170904 HIGH MS07-043 Z

;===============================================================================

================================================================================

=

===================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:41:57 PM, on 12/16/08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Novell\ZENworks\nalntsrv.exe

C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe

C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Novell\ZENworks\wm.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\Novell\XTAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\WINDOWS\system32\ltmsg.exe

C:\Program Files\Java\j2re1.4.2_01\bin\jucheck.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\Program Files\PDF Complete\pdfsty.exe

C:\WINDOWS\System32\dpmw32.exe

C:\WINDOWS\system32\NWTRAY.EXE

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\PDF Complete\pdfsaver.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\lotus\organize\easyclip.exe

C:\lotus\smartctr\smartctr.exe

C:\lotus\smartctr\suitest.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {F084BFF7-2BED-4850-BF91-8C2BE85FA65E} - C:\WINDOWS\system32\adsnd.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"

O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe

O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE

O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\System32\zentray.exe

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - Global Startup: GroupWise Notify.lnk = C:\NOVELL\GroupWise\Notify.exe

O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?

O4 - Global Startup: Lotus QuickStart.lnk = ?

O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe

O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

O20 - Winlogon Notify: xxywtuu - xxywtuu.dll (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Novell ZfD Wake on LAN Status Agent (Prometheus Wake-On-LAN Status Agent) - Novell Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe

O23 - Service: Novell ZfD Remote Management (Remote Management Agent) - Novell Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe

O23 - Service: Workstation Manager (ZFDWM) - Novell, INC. - C:\Program Files\Novell\ZENworks\wm.exe

--

End of file - 9166 bytes

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.