Jump to content

Malwarebytes

Spyware Guard 2008

- - - - -
Started by ASF1nk, Dec 23 2008 05:17 PM

57 replies to this topic

#1
ASF1nk
Posted 23 December 2008 - 05:17 PM

    New Member

  • Members
  • Pip
  • 49 posts
Hello,

I was recently infected with Spyware Guard 2008, and after I removed it, I still can not use Task Manager,
and im sure there are still more problems.
Please help me.

Thank you for you time.

#2
ASF1nk
Posted 23 December 2008 - 05:19 PM

    New Member

  • Members
  • Pip
  • 49 posts
This is a Log for a full scan of MBAM after I removed it.

Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 3

12/23/2008 10:54:38 AM
mbam-log-2008-12-23 (10-54-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 162735
Time elapsed: 2 hour(s), 34 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khffyool (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\InternetConnection (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\khfFYool.dll (Trojan.Vundo.H) -> No action taken.
C:\Avenger\12dac513.sys (Rootkit.Agent) -> No action taken.
C:\Avenger\winscenter.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\SYSTEM32\ain\mesVNT4.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\SYSTEM32\cap2\JV21CA9.exe (Trojan.Agent) -> No action taken.

#3
ASF1nk
Posted 23 December 2008 - 05:19 PM

    New Member

  • Members
  • Pip
  • 49 posts
This the Panda scan

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-12-22 20:13:31
PROTECTIONS: 0
MALWARE: 45
SUSPECTS: 7
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00029434 spyware/virtumonde Spyware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
00029434 spyware/virtumonde Spyware No 1 Yes No hkey_classes_root\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@7search[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@yadro[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@target[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[2].txt
00471742 Trj/Downloader.VCI Virus/Trojan No 1 Yes No C:\WINDOWS\SYSTEM32\ain\mesVNT4.exe
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\shadow\Modules\hp.support\content.html
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\shadow\Modules\Shadow.Customize\customize.html
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\shadow\Modules\hp.music\content.html
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\shadow\Modules\hp.finance\content.html
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\InfoCenter.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\browser.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\ampxtest.html
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a60\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a5992\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599a\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599b\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599c\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599c\contentbig.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599d\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599d\contentbig.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599e\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599f\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a59a0\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a59a0\contentbig.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a798a\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a798b\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a798c\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a7991\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a7992\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a7993\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a799c\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a799d\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a799e\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a799f\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a79a0\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a79a1\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a79a2\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a79a3\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a79a4\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a79a5\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a79a6\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23bf\a18156b\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23bf\a18156c\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23bf\a18156d\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23bf\a18156e\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\2462\a1a5a21\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\2462\a1a5a23\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\2462\a1a5a24\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\2462\a1a5a25\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\2462\a1a5a27\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\2462\a1a5a28\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58dd\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58ef\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f0\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f1\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f2\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f3\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f4\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f5\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f6\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f7\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f8\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58fa\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58fb\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58fc\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58fd\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58fe\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58ff\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a5900\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a5901\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a4f\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a4f\default.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a4f\story1.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a50\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a51\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a52\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a52\default.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a52\story1.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a53\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a53\default.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a53\story1.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a54\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a54\default.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a54\story1.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a55\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a56\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a57\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a58\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a59\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5a\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5b\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5c\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5d\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5e\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5f\content.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5f\default.htm
00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5f\story1.htm
01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@enhance[1].txt
02897073 Cookie/Revenue TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adsrevenue[1].txt
02947949 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\25d09bb3-14b6014a
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\Startup\AutoPlay.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\hp\bin\AUTOPLAY.EXE
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe
03429845 Bck/Hupigon.AZG Virus/Trojan No 1 Yes No C:\Program Files\Image-Line\Toxic Biohazard\Toxic Biohazard.dll
03858877 Bck/Hupigon.AZG Virus/Trojan No 1 Yes No C:\Program Files\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll
03919078 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\Documents and Settings\Owner\Desktop\KeyGen [ BitDefender Internet Security 9.09 ].exe
04198043 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\SYSTEM32\cap2\JV21CA9.exe
04420284 Adware/AccesMembre Adware No 0 Yes No C:\WINDOWS\SYSTEM32\whSLD02\whSLD022328.exe
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location
;===============================================================================
================================================================================
=
===================
No C:\Documents and Settings\Owner\nview.exe
No C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BSNQ5I0T\aasuper1[1].htm
No C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EKAJ5BOC\mjstkxllm[1].txt
No C:\Documents and Settings\Owner\nview.exe
No C:\hp\bin\ProcessLogger.exe
No C:\RECYCLER\S-1-5-21-670770235-2681017343-4103935507-1003\Dc3.exe
No C:\RECYCLER\S-1-5-21-670770235-2681017343-4103935507-1003\Dc6.exe
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================

#4
ASF1nk
Posted 23 December 2008 - 05:20 PM

    New Member

  • Members
  • Pip
  • 49 posts
This is the hijack scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:07 PM, on 12/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Owner\nview.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - C:\WINDOWS\system32\khfFYool.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\jkse73hedfdgf.dll - {c5bf49a2-94f3-42bd-f434-3604812c897d} - C:\WINDOWS\system32\jkse73hedfdgf.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVIDIA nView] C:\Documents and Settings\Owner\nview.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM')

#5
ASF1nk
Posted 23 December 2008 - 10:53 PM

    New Member

  • Members
  • Pip
  • 49 posts
Can someone please help me??!!!!!

#6
Tigger93
Posted 23 December 2008 - 10:57 PM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 1,648 posts
  • Gender:Male
Please do not bump your topics. There are many more people out there that need help as well.

Please post a new HJT log, your old one seems to have gotten cut off.

#7
ASF1nk
Posted 23 December 2008 - 11:34 PM

    New Member

  • Members
  • Pip
  • 49 posts
Am i supposed to click on "Do a system scan and save a logfile?" and that's it?

#8
Tigger93
Posted 24 December 2008 - 12:18 AM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 1,648 posts
  • Gender:Male
Yes.

#9
ASF1nk
Posted 24 December 2008 - 02:00 AM

    New Member

  • Members
  • Pip
  • 49 posts
this is all i get

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:30 PM, on 12/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Owner\nview.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVIDIA nView] C:\Documents and Settings\Owner\nview.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoPlay.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.pandasecurity.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175931880888
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175974085015
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 6572 bytes

#10
ASF1nk
Posted 24 December 2008 - 02:00 AM

    New Member

  • Members
  • Pip
  • 49 posts
Am i supposed to fixe them?

#11
Tigger93
Posted 24 December 2008 - 02:05 AM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 1,648 posts
  • Gender:Male
No.

Open HijackThis and fix this one:
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe (file missing)

Then open Notepad and copy & paste in the following:
sc stop "Network helper Service"
sc delete "Network helper Service"

Save it as fix.bat to the desktop. Double-click on it to run it, after it completes you may delete this file.

Restart your computer and post a new HJT log please. :P

#12
ASF1nk
Posted 24 December 2008 - 03:26 AM

    New Member

  • Members
  • Pip
  • 49 posts
Doesnt work. Says another program is using the file.

#13
Tigger93
Posted 24 December 2008 - 03:38 AM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 1,648 posts
  • Gender:Male
Odd.

Download ComboFix from one of the locations below, and save it to your Desktop.
[indent] Link 1
Link 2
Link 3 [/indent]Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#14
ASF1nk
Posted 24 December 2008 - 03:41 AM

    New Member

  • Members
  • Pip
  • 49 posts
already tried that. same thing happens.

#15
ASF1nk
Posted 24 December 2008 - 03:45 AM

    New Member

  • Members
  • Pip
  • 49 posts
ok tried it again. now it says: "You cannot rename ComboFix as ComboFix[1]
Please use another name, preferbly made up of alphanumeric characters "

#16
ASF1nk
Posted 24 December 2008 - 03:51 AM

    New Member

  • Members
  • Pip
  • 49 posts
ok got it to kinda work. the blue window says:
"The process cannot acces the file because it is being used by another process.

Please wait.
ComboFix is preparing to run."

then a pop-up comes out asking me to install "Windows recovery console."

#17
Tigger93
Posted 24 December 2008 - 04:06 AM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 1,648 posts
  • Gender:Male
Ignore the thing to install the recovery console, and see if you can't get it to just run through.

#18
ASF1nk
Posted 24 December 2008 - 05:20 AM

    New Member

  • Members
  • Pip
  • 49 posts
the new hjk log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:05 PM, on 12/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Owner\nview.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVIDIA nView] C:\Documents and Settings\Owner\nview.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoPlay.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.pandasecurity.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175931880888
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175974085015
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 6404 bytes

#19
ASF1nk
Posted 24 December 2008 - 05:33 AM

    New Member

  • Members
  • Pip
  • 49 posts
OK, my bad this is the new one with the "fix.bat"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:10 PM, on 12/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Owner\nview.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVIDIA nView] C:\Documents and Settings\Owner\nview.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoPlay.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.pandasecurity.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175931880888
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175974085015
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 6404 bytes

#20
Tigger93
Posted 24 December 2008 - 03:05 PM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 1,648 posts
  • Gender:Male
My apologies that I just now noticed, but you must remove your cracked version of Bitdefender before we can continue.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us