danlmuth Posted December 18, 2008 ID:40581 Share Posted December 18, 2008 Malwarebytes' Anti-Malware 1.31Database version: 1498Windows 5.1.2600 Service Pack 212/18/2008 11:16:24 AMmbam-log-2008-12-18 (11-16-24).txtScan type: Quick ScanObjects scanned: 64086Time elapsed: 7 minute(s), 25 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 5Registry Values Infected: 0Registry Data Items Infected: 2Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\opnOFXnn.dll (Trojan.Vundo.H) -> Delete on reboot.Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19047ee2-accd-440e-9a33-d0a424f9b377} (Trojan.Vundo.H) -> Delete on reboot.HKEY_CLASSES_ROOT\CLSID\{19047ee2-accd-440e-9a33-d0a424f9b377} (Trojan.Vundo.H) -> Delete on reboot.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{19047ee2-accd-440e-9a33-d0a424f9b377} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnofxnn -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnofxnn -> Delete on reboot.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\opnOFXnn.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\nnXFOnpo.ini (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\nnXFOnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.I am unable to update Malwarebytes and I am unable to run either of the Pandora or the other online scans but I was able to run Hijack here is the logs for that Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:23:55 AM, on 12/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\CTHELPER.EXEC:\WINDOWS\system32\CTXFIHLP.EXEC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXEC:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exeC:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeC:\WINDOWS\SYSTEM32\CTXFISPI.EXEC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\SiteAdvisor\6253\SiteAdv.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exeC:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\McAfee\Common Framework\UdaterUI.exeC:\WINDOWS\eHome\ehRecvr.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\CNN.com Desktop Alerter\CNNAlerter.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=usR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clarion.edu/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=usR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXEO4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeO4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /rO4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exeO4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - Startup: CNNAlerter.lnk = C:\Program Files\CNN.com Desktop Alerter\CNNAlerter.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cabO16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229580395718O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30299.www3.hp.com/ediags/hpnar/en/...hp.cab?1,0,0,94O20 - AppInit_DLLs: jqaafu.dll jxyqgc.dllO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel Link to post Share on other sites More sharing options...
danlmuth Posted December 18, 2008 Author ID:40584 Share Posted December 18, 2008 I wanted to update this I was able to finally get Malware to update and Panda to do a scan as soon as they are done I will post the new logs on here. Link to post Share on other sites More sharing options...
danlmuth Posted December 18, 2008 Author ID:40586 Share Posted December 18, 2008 Here is the updated Malware Scan...I have to go to a christmas party. When I get back I put up the panda scan results. Thank you so much for the helpMalwarebytes' Anti-Malware 1.31Database version: 1514Windows 5.1.2600 Service Pack 212/18/2008 12:14:27 PMmbam-log-2008-12-18 (12-14-27).txtScan type: Quick ScanObjects scanned: 65269Time elapsed: 11 minute(s), 30 second(s)Memory Processes Infected: 0Memory Modules Infected: 2Registry Keys Infected: 6Registry Values Infected: 0Registry Data Items Infected: 2Folders Infected: 0Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\opnOFXnn.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\jqaafu.dll (Trojan.Vundo) -> Delete on reboot.Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19047ee2-accd-440e-9a33-d0a424f9b377} (Trojan.Vundo.H) -> Delete on reboot.HKEY_CLASSES_ROOT\CLSID\{19047ee2-accd-440e-9a33-d0a424f9b377} (Trojan.Vundo.H) -> Delete on reboot.HKEY_CLASSES_ROOT\CLSID\{d22e1d73-0300-452b-b1c0-fc005bccf7c1} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{19047ee2-accd-440e-9a33-d0a424f9b377} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnofxnn -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnofxnn -> Delete on reboot.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\opnOFXnn.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\nnXFOnpo.ini (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\nnXFOnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\jqaafu.dll (Trojan.Vundo) -> Delete on reboot.C:\WINDOWS\system32\dwlqfjgl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
danlmuth Posted December 19, 2008 Author ID:40654 Share Posted December 19, 2008 Here is Panda Scan.;***********************************************************************************************************************************************************************************ANALYSIS: 2008-12-18 19:18:32PROTECTIONS: 1MALWARE: 34SUSPECTS: 2;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================McAfee VirusScan Enterprise 8.5.0.781 No Yes;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent33.zip00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms track system00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms juan00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@trafficmp[2].txt00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@doubleclick[1].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@atdmt[1].txt00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@247realmedia[2].txt00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@fastclick[1].txt00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@tribalfusion[2].txt00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@mediaplex[2].txt00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@com[1].txt00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@ehg.hitbox[2].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@ad.yieldmanager[2].txt00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@apmebf[2].txt00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@burstnet[2].txt00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@serving-sys[2].txt00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@bs.serving-sys[1].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Application Data\Netscape\Navigator\Profiles\bkn9xgdh.default\cookies.txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Application Data\Netscape\Navigator\Profiles\bkn9xgdh.default\cookies.txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Application Data\Netscape\Navigator\Profiles\bkn9xgdh.default\cookies.txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@advertising[2].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Application Data\Netscape\Navigator\Profiles\bkn9xgdh.default\cookies.txt[.advertising.com/]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@ads.pointroll[1].txt00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@overture[1].txt00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@realmedia[2].txt00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@questionmarket[2].txt00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@zedo[2].txt00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@adrevolver[2].txt00200583 adware/block-checker Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\cc-dt.com\00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@target[1].txt00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Cookies\daniel__muth@atwola[2].txt00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Application Data\Netscape\Navigator\Profiles\bkn9xgdh.default\cookies.txt[.atwola.com/]00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Muth\Application Data\Mozilla\Profiles\default\7ls016lg.slt\cookies.txt[.atwola.com/]00406774 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP893\A0082794.dll00456116 Adware/Antivirus2009 Adware No 0 Yes No C:\Documents and Settings\Daniel Muth\Local Settings\Temporary Internet Files\Content.IE5\VY74231F\freescan[1].htm00484925 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\jqaafu.dll04364771 Adware/Maxifiles Adware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP893\A0082793.dll04374039 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP882\A0078528.exe04380205 HackTools No 0 Yes No C:\WINDOWS\SYSTEM32\jxyqgc.dll04380205 HackTools No 0 Yes No C:\WINDOWS\System32\jxyqgc.dll04380205 HackTools No 0 Yes No C:\WINDOWS\system32\ijobdqlp.dll04380205 HackTools No 0 Yes No C:\WINDOWS\system32\jxyqgc.dll04380205 HackTools No 0 Yes No C:\WINDOWS\system32\jxyqgc.dll04396586 HackTools No 0 Yes No C:\Documents and Settings\Daniel Muth\Local Settings\Temp\rekwcyml.dll04396682 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Daniel Muth\Local Settings\Temp\aysvdhhl.dll;===================================================================================================================================================================================SUSPECTSSent Location B;===================================================================================================================================================================================No C:\Program Files\BAE\BAE.dll BNo C:\Program Files\BAE\BAE.dll B;===================================================================================================================================================================================VULNERABILITIESId Severity Description B;=================================================================================================================================================================================== 108742 MEDIUM MS06-006 B;=================================================================================================================================================================================== Link to post Share on other sites More sharing options...
Recommended Posts