Sign In
Create Account
0
This is a computer I haven't used much the last 3 months because of some problems. I doubt malware was the cause but am posting just in case. Thank you for your help.
MBAM LOG
Malwarebytes' Anti-Malware 1.28
Database version: 1172
Windows 5.1.2600 Service Pack 2
9/19/2008 1:11:15 AM
mbam-log-2008-09-19 (01-11-15).txt
Scan type: Quick Scan
Objects scanned: 49045
Time elapsed: 3 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
PANDA LOG
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-09-19 02:54:48
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Windows Defender 1.1.3704.0 No No
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\FACTORY\Cookies\factory@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\FACTORY\Cookies\factory@247realmedia[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\FACTORY\Cookies\factory@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[.tribalfusion.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[.com.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[ad.yieldmanager.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\FACTORY\Cookies\factory@advertising[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\FACTORY\Cookies\factory@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\FACTORY\Cookies\factory@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\FACTORY\Cookies\factory@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\LIMIT\Application Data\Mozilla\Firefox\Profiles\yzxyb38n.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\FACTORY\Cookies\factory@questionmarket[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\FACTORY\Cookies\factory@go[2].txt
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location ԩ
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description ԩ
;===============================================================================
================================================================================
=
===================
182048 HIGH MS07-069 ԩ
176382 HIGH MS07-057 ԩ
170907 HIGH MS07-046 ԩ
170906 HIGH MS07-045 ԩ
170904 HIGH MS07-043 ԩ
164913 HIGH MS07-033 ԩ
160623 HIGH MS07-027 ԩ
150253 HIGH MS07-016 ԩ
;===============================================================================
================================================================================
=
===================
HIJACKTHIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:22 AM, on 9/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\FACTORY\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\FACTORY\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209797183518
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A6C247E-71D0-4DF2-A13D-A6FD979483D3}: NameServer = 206.100.212.50 206.100.212.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EC5B21F-3C71-4764-85D6-7BE48C2B99F0}: NameServer = 216.163.195.101,216.163.192.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
--
End of file - 5737 bytes
-
This topic is locked
Back to top
#2
Posted 20 September 2008 - 08:46 AM
-
- Administrators
-
- 22,568 posts
Forum Deity
- Gender:Male
- Location:US
What issue are you having? Without doing a full analysis of the HJT log I don't see anything obviously Malware related in the logs.
What are you experiencing that makes you think you have an infection?
Please provide more details as to what issue you're having please.
Only thing that might be wrong without really searching around is the DNS servers you have listed.
Name: ns1.pyramid.net
Address: 206.100.212.10
Name: ns2.pyramid.net
Address: 206.100.212.50
These 2 don't resolve for me
216.163.195.101 and 216.163.192.1
Does that look right for you?
What are you experiencing that makes you think you have an infection?
Please provide more details as to what issue you're having please.
Only thing that might be wrong without really searching around is the DNS servers you have listed.
Name: ns1.pyramid.net
Address: 206.100.212.10
Name: ns2.pyramid.net
Address: 206.100.212.50
These 2 don't resolve for me
216.163.195.101 and 216.163.192.1
Does that look right for you?
#3
Posted 21 September 2008 - 06:35 AM
-
- Members
-
- 2 posts
New Member
Quote
What issue are you having? Without doing a full analysis of the HJT log I don't see anything obviously Malware related in the logs.
What are you experiencing that makes you think you have an infection?
What are you experiencing that makes you think you have an infection?
I had some blue screens and random shutdowns without blue screens. I don't think I have an infection, but didn't want to go for repairs or return parts if malware was the cause
Quote
Only thing that might be wrong without really searching around is the DNS servers you have listed.
Name: ns1.pyramid.net
Address: 206.100.212.10
Name: ns2.pyramid.net
Address: 206.100.212.50
These 2 don't resolve for me
216.163.195.101 and 216.163.192.1
Does that look right for you?
Name: ns1.pyramid.net
Address: 206.100.212.10
Name: ns2.pyramid.net
Address: 206.100.212.50
These 2 don't resolve for me
216.163.195.101 and 216.163.192.1
Does that look right for you?
I don't understand exactly what you are saying, but pyramid.net is my ISP. I use both dialup and DSL. The numbers you say don't resolve I think are for DSL.
#4
Posted 21 September 2008 - 08:19 PM
-
- Administrators
-
- 22,568 posts
Forum Deity
- Gender:Male
- Location:US
Okay, well if you like please post in the PC Help forum for regular PC issues and we can take a look at some things to see if we can determine what's going on.
Please provide all the details of your system such as MFG, MAKE, MODEL, RAM etc and we'll take a look.
Please provide all the details of your system such as MFG, MAKE, MODEL, RAM etc and we'll take a look.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
