Jump to content

Malwarebytes

MBAM Logs Now, Rest To Follow Soon

- - - - -
Started by Xypheri, Dec 11 2008 06:03 PM

2 replies to this topic

#1
Xypheri
Posted 11 December 2008 - 06:03 PM

    New Member

  • Members
  • Pip
  • 9 posts
Hello!

I have here probably one of the most infected computers I've worked on in recent memory. Its been a challenge, but I think I'm almost there. I had a piece of malware that would prevent anti-malware programs from operating. I stopped the service responsible for that, and was able to use Spybot and MBAM without issue, but I know this computer is still pretty infected and I'm having a difficult time cleaning it

Here are my MBAM results, and Panda is running now. Then I'll post the HJT log.

I thank you for your help in advance.

Malwarebytes' Anti-Malware 1.31
Database version: 1488
Windows 5.1.2600 Service Pack 2

12/11/2008 1:13:23 AM
mbam-log-2008-12-11 (01-13-22).txt

Scan type: Quick Scan
Objects scanned: 65379
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Gamma Display (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Clint and Karen\Start Menu\Programs\Startup\Rapid Antivirus.lnk (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.

#2
Xypheri
Posted 11 December 2008 - 06:34 PM

    New Member

  • Members
  • Pip
  • 9 posts
Here is the HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:59 AM, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O1 - Hosts: 217.20.175.74 www.review.2009softwarereviews.com
O1 - Hosts: 217.20.175.74 review.2009softwarereviews.com
O1 - Hosts: 217.20.175.74 www.a1.review.zdnet.com
O1 - Hosts: 217.20.175.74 a1.review.zdnet.com
O1 - Hosts: 217.20.175.74 www.d1.reviews.cnet.com
O1 - Hosts: 217.20.175.74 d1.reviews.cnet.com
O1 - Hosts: 217.20.175.74 www.reviews.toptenreviews.com
O1 - Hosts: 217.20.175.74 reviews.toptenreviews.com
O1 - Hosts: 217.20.175.74 www.reviews.download.com
O1 - Hosts: 217.20.175.74 reviews.download.com
O1 - Hosts: 217.20.175.74 www.reviews.pcadvisor.co.uk
O1 - Hosts: 217.20.175.74 reviews.pcadvisor.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.pcmag.com
O1 - Hosts: 217.20.175.74 reviews.pcmag.com
O1 - Hosts: 217.20.175.74 www.reviews.pcpro.co.uk
O1 - Hosts: 217.20.175.74 reviews.pcpro.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.reevoo.com
O1 - Hosts: 217.20.175.74 reviews.reevoo.com
O1 - Hosts: 217.20.175.74 www.reviews.riverstreams.co.uk
O1 - Hosts: 217.20.175.74 reviews.riverstreams.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.techradar.com
O1 - Hosts: 217.20.175.74 reviews.techradar.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\fix.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcr_device -   - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12690 bytes

#3
Xypheri
Posted 11 December 2008 - 06:37 PM

    New Member

  • Members
  • Pip
  • 9 posts
Panda Active Scan Log

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-12-11 10:36:01
PROTECTIONS: 1
MALWARE: 41
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description								  Version					   Active	Updated
;===============================================================================
================================================================================
=
===================
ESET NOD32 Antivirus 3.0					 3.0						   Yes	   Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id		Description						Type				Active	Severity  Disinfectable  Disinfected Location
;===============================================================================
================================================================================
=
===================
00139059  Cookie/Traffic Marketplace		 TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint_and_karen@trafficmp[1].txt
00139059  Cookie/Traffic Marketplace		 TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@trafficmp[1].txt
00139064  Cookie/Atlas DMT				   TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@atdmt[2].txt
00145405  Cookie/RealMedia				   TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint_and_karen@247realmedia[1].txt
00145731  Cookie/Tribalfusion				TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint_and_karen@tribalfusion[1].txt
00145732  Cookie/Falkag					  TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint_and_karen@as-eu.falkag[2].txt
00145738  Cookie/Mediaplex				   TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@mediaplex[2].txt
00167430  Cookie/myaffiliateprogram		  TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@www.myaffiliateprogram[1].txt
00167642  Cookie/Com.com					 TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@com[1].txt
00167704  Cookie/Xiti						TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@xiti[1].txt
00167749  Cookie/Toplist					 TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@toplist[1].txt
00168048  Cookie/Overture					TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@perf.overture[1].txt
00168090  Cookie/Serving-sys				 TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@serving-sys[1].txt
00168090  Cookie/Serving-sys				 TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint_and_karen@serving-sys[1].txt
00168093  Cookie/Serving-sys				 TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint_and_karen@bs.serving-sys[1].txt
00168106  Cookie/Weborama					TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@weborama[1].txt
00168106  Cookie/Weborama					TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint_and_karen@weborama[1].txt
00168109  Cookie/Adtech					  TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@adtech[2].txt
00168110  Cookie/Server.iad.Liveperson	   TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint_and_karen@server.iad.liveperson[1].txt
00168114  Cookie/onestat.com				 TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@stat.onestat[2].txt
00169190  Cookie/Advertising				 TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@advertising[2].txt
00169190  Cookie/Advertising				 TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint_and_karen@advertising[1].txt
00170495  Cookie/PointRoll				   TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@ads.pointroll[2].txt
00170554  Cookie/Overture					TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint_and_karen@overture[1].txt
00170556  Cookie/RealMedia				   TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@realmedia[1].txt
00171982  Cookie/QuestionMarket			  TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@questionmarket[2].txt
00171982  Cookie/QuestionMarket			  TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint_and_karen@questionmarket[1].txt
00172221  Cookie/Zedo						TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@zedo[2].txt
00172449  Cookie/MetriWeb					TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint_and_karen@metriweb[1].txt
00173520  Cookie/Bluestreak				  TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint_and_karen@bluestreak[2].txt
00194327  Cookie/Go						  TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@go[1].txt
00194327  Cookie/Go						  TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@go[3].txt
00207338  Cookie/Target					  TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint_and_karen@target[1].txt
00262020  Cookie/Atwola					  TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@atwola[1].txt
00286739  Cookie/Hitbox					  TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@ehg-dig.hitbox[1].txt
00293517  Cookie/AdDynamix				   TrackingCookie	  No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Cookies\clint and karen@ads.addynamix[2].txt
00413318  Application/Antivirus2010		  HackTools		   No		0		 Yes			No		   C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SO1VBJSS\svchost[1].exe
00413318  Application/Antivirus2010		  HackTools		   No		0		 Yes			No		   C:\system volume information\_restore{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP184\A0030223.EXE
00444112  Bck/Tdss.C						 Virus/Trojan		No		0		 Yes			No		   C:\system volume information\_restore{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP184\A0030220.SYS
00449733  Bck/Tdss.C						 Virus/Trojan		No		0		 Yes			No		   C:\system volume information\_restore{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP184\A0030216.DLL
00455834  Adware/RapidAntivirus			  Adware			  No		0		 Yes			No		   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W9MV4HIV\6002[1].exe
03939308  Adware/XPAntiSpyware2009		   Adware			  No		1		 Yes			No		   C:\system volume information\_restore{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP184\A0030217.DLL
03939310  Adware/UltimateDefender			Adware			  No		0		 Yes			No		   C:\system volume information\_restore{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP184\A0030218.DLL
04181111  Generic Trojan					 Virus/Trojan		No		0		 Yes			No		   F:\SYSTEM.EXE
04181111  Generic Trojan					 Virus/Trojan		No		0		 Yes			No		   C:\system volume information\_restore{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP184\A0030221.EXE
04181111  Generic Trojan					 Virus/Trojan		No		0		 Yes			No		   C:\Documents and Settings\Clint and Karen\Local Settings\Temporary Internet Files\Content.IE5\0HONGVWF\load[1].exe
04206933  Generic Trojan					 Virus/Trojan		No		0		 Yes			No		   C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\6DT9YZ01\AV2010[1].exe
04206933  Generic Trojan					 Virus/Trojan		No		0		 Yes			No		   C:\system volume information\_restore{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP184\A0030222.EXE
04224900  Generic Trojan					 Virus/Trojan		No		0		 Yes			No		   C:\system volume information\_restore{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP184\A0030219.DLL
04235143  Trj/Downloader.MDW				 Virus/Trojan		No		1		 Yes			No		   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GPABGHIZ\mmm[1].exe
04310274  Generic Trojan					 Virus/Trojan		No		0		 Yes			No		   C:\system volume information\_restore{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP184\A0030215.DLL
04310274  Generic Trojan					 Virus/Trojan		No		0		 Yes			No		   C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\F86M6LY6\IEDefender[1].dll
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent	  Location																																																																																																																											  }
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id		Severity   Description																																																																																																																								}
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================

Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us