Jump to content

Logs - Am I Clean?

tmstired

By tmstired
in Resolved Malware Removal Logs

 Share

Recommended Posts

tmstired

tmstired

Posted
Posted

I originally contacted you yesterday afternoon. The AC -dapter on the laptop went out since that time and I had to go out and purchase a new one. I originally ran the Spybot and Anti-Malware yesterday afternoon before adapter problems. The laptop died during the Panda scan. This morning I started over again and have noticed that the problems have disappeared (no pop-ups, no black screen, and task manager is active again). I am including what I have thus far.

I am running the Panda scan again; it is taking forever.

Anti-Malware from yesterday:

Malwarebytes' Anti-Malware 1.31

Database version: 1568

Windows 5.1.2600 Service Pack 2

12/29/2008 2:42:06 PM

mbam-log-2008-12-29 (14-42-06).txt

Scan type: Quick Scan

Objects scanned: 60351

Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 29

Registry Values Infected: 2

Registry Data Items Infected: 5

Folders Infected: 2

Files Infected: 30

Memory Processes Infected:

C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{453f51e8-fef5-4c54-b136-944bf434360c} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f6e0ef5f-5f03-43f9-8e02-bbaaa95eaa9c} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

C:\WINDOWS\Xgeromucetuh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kmppifej.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ukntaj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dotxrdou.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\euiokf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jkse73hedfdgf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mgjoxx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nnnOffcD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cqmqqvjj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\eclalg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\efcBsQGV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fmdmjr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ibnykrbx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cnkxhpfj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tqrtlqsh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxyyaYqr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ybujoatd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yxpokchs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zbbmll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\aqpbouph.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\ekejy.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\oruocu.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\BM6340b67e.xml (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\BM6340b67e.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Anti-Malware from Today:

Malwarebytes' Anti-Malware 1.31

Database version: 1568

Windows 5.1.2600 Service Pack 2

12/30/2008 4:47:21 AM

mbam-log-2008-12-30 (04-47-21).txt

Scan type: Quick Scan

Objects scanned: 60509

Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HiJackThis from Today:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:06:59 AM, on 12/30/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Tawni\Desktop\HiJackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)

R3 - URLSearchHook: Yahoo!

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

You need to uninstall the Limewire Peer2Peer software which is more than likely one of the reasons your system is infected.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Update TrendMicro

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.