Spyware Guard 2008

ASF1nk · December 23, 2008

Hello,

I was recently infected with Spyware Guard 2008, and after I removed it, I still can not use Task Manager,

and im sure there are still more problems.

Please help me.

Thank you for you time.

ASF1nk · December 23, 2008

This is a Log for a full scan of MBAM after I removed it.

Malwarebytes' Anti-Malware 1.31

Database version: 1528

Windows 5.1.2600 Service Pack 3

12/23/2008 10:54:38 AM

mbam-log-2008-12-23 (10-54-09).txt

Scan type: Full Scan (C:\|)

Objects scanned: 162735

Time elapsed: 2 hour(s), 34 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khffyool (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\InternetConnection (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\khfFYool.dll (Trojan.Vundo.H) -> No action taken.

C:\Avenger\12dac513.sys (Rootkit.Agent) -> No action taken.

C:\Avenger\winscenter.exe (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\SYSTEM32\ain\mesVNT4.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\SYSTEM32\cap2\JV21CA9.exe (Trojan.Agent) -> No action taken.

ASF1nk · December 23, 2008

This the Panda scan

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-22 20:13:31

PROTECTIONS: 0

MALWARE: 45

SUSPECTS: 7

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00029434 spyware/virtumonde Spyware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

00029434 spyware/virtumonde Spyware No 1 Yes No hkey_classes_root\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.trafficmp.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.casalemedia.com/]

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.doubleclick.net/]

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.atdmt.com/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.tradedoubler.com/]

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.fastclick.net/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt

00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@7search[2].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@yadro[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[ad.yieldmanager.com/]

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.advertising.com/]

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.questionmarket.com/]

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\ubixwope.slt\cookies.txt[.bluestreak.com/]

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[2].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@target[1].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[2].txt

00471742 Trj/Downloader.VCI Virus/Trojan No 1 Yes No C:\WINDOWS\SYSTEM32\ain\mesVNT4.exe

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\shadow\Modules\hp.support\content.html

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\shadow\Modules\Shadow.Customize\customize.html

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\shadow\Modules\hp.music\content.html

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\shadow\Modules\hp.finance\content.html

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\InfoCenter.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\browser.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\ampxtest.html

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a60\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a5992\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599a\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599b\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599c\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599c\contentbig.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599d\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599d\contentbig.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599e\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a599f\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a59a0\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b5\a1a59a0\contentbig.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a798a\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a798b\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a798c\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a7991\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a7992\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a7993\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a799c\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a799d\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a799e\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a799f\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a79a0\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a79a1\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a79a2\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a79a3\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a79a4\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a79a5\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23b8\a1a79a6\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23bf\a18156b\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23bf\a18156c\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23bf\a18156d\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\23bf\a18156e\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\2462\a1a5a21\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\2462\a1a5a23\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\2462\a1a5a24\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\2462\a1a5a25\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\2462\a1a5a27\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\2462\a1a5a28\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58dd\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58ef\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f0\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f1\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f2\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f3\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f4\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f5\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f6\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f7\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58f8\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58fa\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58fb\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58fc\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58fd\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58fe\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a58ff\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a5900\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\5069\a1a5901\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a4f\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a4f\default.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a4f\story1.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a50\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a51\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a52\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a52\default.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a52\story1.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a53\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a53\default.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a53\story1.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a54\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a54\default.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a54\story1.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a55\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a56\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a57\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a58\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a59\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5a\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5b\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5c\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5d\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5e\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5f\content.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5f\default.htm

00513943 HTML/Instancob.A Virus No 0 Yes No C:\Program Files\hp center\137903\Users\Default\Data\7a65\a1a7a5f\story1.htm

01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll

01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@enhance[1].txt

02897073 Cookie/Revenue TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adsrevenue[1].txt

02947949 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\25d09bb3-14b6014a

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\Startup\AutoPlay.exe

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\hp\bin\AUTOPLAY.EXE

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe

03429845 Bck/Hupigon.AZG Virus/Trojan No 1 Yes No C:\Program Files\Image-Line\Toxic Biohazard\Toxic Biohazard.dll

03858877 Bck/Hupigon.AZG Virus/Trojan No 1 Yes No C:\Program Files\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll

03919078 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\Documents and Settings\Owner\Desktop\KeyGen [ BitDefender Internet Security 9.09 ].exe

04198043 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\SYSTEM32\cap2\JV21CA9.exe

04420284 Adware/AccesMembre Adware No 0 Yes No C:\WINDOWS\SYSTEM32\whSLD02\whSLD022328.exe

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

No C:\Documents and Settings\Owner\nview.exe

No C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BSNQ5I0T\aasuper1[1].htm

No C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EKAJ5BOC\mjstkxllm[1].txt

No C:\Documents and Settings\Owner\nview.exe

No C:\hp\bin\ProcessLogger.exe

No C:\RECYCLER\S-1-5-21-670770235-2681017343-4103935507-1003\Dc3.exe

No C:\RECYCLER\S-1-5-21-670770235-2681017343-4103935507-1003\Dc6.exe

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

ASF1nk · December 23, 2008

This is the hijack scan

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:20:07 PM, on 12/22/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Documents and Settings\Owner\nview.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - C:\WINDOWS\system32\khfFYool.dll (file missing)

O2 - BHO: C:\WINDOWS\system32\jkse73hedfdgf.dll - {c5bf49a2-94f3-42bd-f434-3604812c897d} - C:\WINDOWS\system32\jkse73hedfdgf.dll (file missing)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NVIDIA nView] C:\Documents and Settings\Owner\nview.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM')

ASF1nk · December 23, 2008

Can someone please help me??!!!!!

Tigger93 · December 23, 2008

Please do not bump your topics. There are many more people out there that need help as well.

Please post a new HJT log, your old one seems to have gotten cut off.

ASF1nk · December 23, 2008

Am i supposed to click on "Do a system scan and save a logfile?" and that's it?

Tigger93 · December 24, 2008

Yes.

ASF1nk · December 24, 2008

this is all i get

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:59:30 PM, on 12/23/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Documents and Settings\Owner\nview.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NVIDIA nView] C:\Documents and Settings\Owner\nview.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: AutoPlay.exe (User 'Default user')

O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://www.pandasecurity.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175931880888

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175974085015

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe (file missing)

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--

End of file - 6572 bytes

ASF1nk · December 24, 2008

Am i supposed to fixe them?

Tigger93 · December 24, 2008

No.

Open HijackThis and fix this one:

O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe (file missing)

Then open Notepad and copy & paste in the following:

sc stop "Network helper Service"sc delete "Network helper Service"

Save it as fix.bat to the desktop. Double-click on it to run it, after it completes you may delete this file.

Restart your computer and post a new HJT log please.

ASF1nk · December 24, 2008

Doesnt work. Says another program is using the file.

Tigger93 · December 24, 2008

Odd.

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1

Link 2

Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

ASF1nk · December 24, 2008

already tried that. same thing happens.

ASF1nk · December 24, 2008

ok tried it again. now it says: "You cannot rename ComboFix as ComboFix[1]

Please use another name, preferbly made up of alphanumeric characters "

ASF1nk · December 24, 2008

ok got it to kinda work. the blue window says:

"The process cannot acces the file because it is being used by another process.

Please wait.

ComboFix is preparing to run."

then a pop-up comes out asking me to install "Windows recovery console."

Tigger93 · December 24, 2008

Ignore the thing to install the recovery console, and see if you can't get it to just run through.

ASF1nk · December 24, 2008

the new hjk log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:19:05 PM, on 12/23/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Documents and Settings\Owner\nview.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\internet explorer\iexplore.exe