Jump to content

Malwarebytes

Logs

- - - - -
Started by Koheni, Jan 01 2009 11:19 PM

3 replies to this topic

#1
Koheni
Posted 01 January 2009 - 11:19 PM

    New Member

  • Members
  • Pip
  • 6 posts
I have ran all request scans...except was not able to get Panda log to save anywhere for me!

Malwarebytes' Anti-Malware 1.31
Database version: 1590
Windows 5.1.2600 Service Pack 3

1/1/2009 3:26:01 PM
mbam-log-2009-01-01 (15-26-01).txt

Scan type: Quick Scan
Objects scanned: 75844
Time elapsed: 12 minute(s), 5 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 58
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 27

Memory Processes Infected:
C:\Program Files\Fasoo DRM\fph.exe (Trojan.BHO) -> Unloaded process successfully.
C:\Program Files\Fasoo DRM\fpm.exe (Trojan.BHO) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\Fasoo DRM\f_blksc.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\Fasoo DRM\f_sps.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\Fasoo DRM\f_xlus.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{0b95b492-96de-4306-8abd-50a0a6f3f7a9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{685a6c0f-9079-4390-bcdd-496df41ba720} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7fc8dee9-ff74-4dea-adeb-67c58d670116} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7e7224ee-4744-4264-8fa1-c2ae4eedd418} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0c0205c6-d740-4d5b-ab69-15ef46f2560d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{92d53615-9019-4241-8776-fffd9debdf5f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1de3791c-e723-447a-a402-37fd2f133750} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d827611e-de82-4010-b6d6-1df3f63f5065} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a7e8de60-4dea-11d6-a03d-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a7e8de6c-4dea-11d6-a03d-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e705a09-557a-4ceb-8177-c94e0400c902} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b4c942e7-57d6-41fd-bb18-15c077179dcc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{72917d60-46aa-11d6-a038-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72917d6d-46aa-11d6-a038-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{72917d6e-46aa-11d6-a038-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f7e4275d-81cb-4cc9-bf45-cc3b86eb9570} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da74df6a-4b0b-4e42-9166-290b56239b69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1773a6ae-93d3-4ce2-9965-ae29f1e59db1} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{49086551-9514-11d5-9772-0090273528bb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dd846afe-9557-11d5-9772-0090273528bb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dd846b02-9557-11d5-9772-0090273528bb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3a48d2b8-2ea5-418a-a4d4-52b6bbfc7e95} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{81abbbb2-c869-4e35-ae7a-583b470d3ed9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a77c1658-358a-484a-ac86-bcfc0ef1d216} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{979e5fcf-eb94-4532-adc7-dcbe57dc1203} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{da3144f1-fce0-4012-a289-e4ceada25ee6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{d55001f0-20eb-11d6-a01a-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d55001fd-20eb-11d6-a01a-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e547fb26-f94d-4b3c-99cb-c65003542a0a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e9b499c0-539b-11d6-a044-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{952eb86c-14bf-4cff-bb1b-af65b473bc5d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a82eed52-7466-4fb6-b8b5-1107c1828b4f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e467ddd-f8a8-4845-acdf-775746a79725} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{934cefdc-e880-446f-880f-6560f613d8aa} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{934cefdc-e880-446f-880f-6560f613d8aa} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{d0ec0e13-653f-4179-a9f3-36fcc18ba1fe} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63fbeaea-c6e1-4459-86e4-89dbc80483a5} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{89b57bdb-76ab-4286-ba0b-e078b047917f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77f32d4b-4ebc-485c-beef-4a785c2de9ef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{977c2ab9-65ab-4fc5-ab27-6f75ae895ba5} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{99377556-8db4-40eb-80d0-9458aa9795a9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3afec45d-d276-4d52-8a97-7fe8404fd91d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bccc4a7e-b86b-4529-8ece-ba6ea51fefe0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7c6086a8-f0c9-4820-98e5-c1cae534964d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d8bebcf7-802b-46fa-bdaf-878c5e920fe8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4f1dd9f0-0291-47c2-806f-8797fab5733e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c6f0a2bb-0186-4e12-9efc-8706ae291c39} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7deec705-feca-4afb-ab22-032f7168693c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c2066a68-3498-4bc5-b6e9-c682f87e72f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{02994189-bf48-4e33-87c6-fae0ee3f75d2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7c2c8645-8e7d-4824-b1b7-d7ba35430b8a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f3c24f79-8632-48fe-8124-53cdfa288380} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f13a533-b5d4-41dd-94a2-b6a1029459d2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c05f5f13-88fa-424d-afcd-81c6e0e3c788} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67513a62-fd00-df8d-b04d-54d9b86acf2d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{67513a62-fd00-df8d-b04d-54d9b86acf2d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e201ebe-4408-bb99-d617-9ab1ed02b085} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9e201ebe-4408-bb99-d617-9ab1ed02b085} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fph exe (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fpm exe (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ppxirsvfvdkscpmpm (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Fasoo DRM (Trojan.BHO) -> Delete on reboot.
C:\Program Files\Fasoo DRM\Log (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Fasoo DRM\fasoo_license_manager.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\fasoo_license_manager2.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\fph.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\fpm.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\fsmLoader.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\f_agent.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\f_ai.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\f_blksc.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\f_cie.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\f_cm.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\f_dc.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\f_dm.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\f_dn.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\f_info.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\f_pm.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\f_ProductMgr.ini (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\f_sps.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\Fasoo DRM\f_ver.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\f_xlus.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\image_ocx.ocx (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\media_ocx.ocx (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\ms_license_manager.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\ms_license_manager2.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\SetParam.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fasoo DRM\Log\101.log (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ndsfelatju.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\eebdbslgouwxq.dll (Adware.BHO) -> Delete on reboot.

--------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:55 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [HncUpdate] C:\WINDOWS\system32\HncUpdate.exe /A
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-21-1644491937-1383384898-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'whoever')
O4 - HKUS\S-1-5-21-1644491937-1383384898-725345543-1004\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User 'whoever')
O4 - HKUS\S-1-5-21-1644491937-1383384898-725345543-1004\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'whoever')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: GPplayerActiveXCAB - http://music.godpeop...rActiveXCAB.CAB
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg7.cyworl...pload_10217.cab
O16 - DPF: {15AECD82-DA7D-4EC5-B57F-ED578D84C3F9} (DaumFileControl Control) - http://file.daum.net/down/DaumFile.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.conpia.co...On/AlwaysOn.CAB
O16 - DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} (XacsPop Control) - https://mpi.dacom.ne...js/xmpi2007.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - https://mpi.dacom.ne..._XPayMPIOCX.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1197583572046
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.n...stBGMPlayer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197583561062
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://cyimg7.cyworl...33.cab?20081124
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - http://file.naver.co...x/NaverFile.cab
O16 - DPF: {A42CEB64-1402-4FE1-B28D-E9BF29A15799} (zdn Control) - http://www.conpia.com/cab/zdn/zdn9.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanma...cab?ver=1,2,3,5
O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} (SKCInst1 Class) - http://cyimg7.cyworl...age/skcinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} (INIwallet60 Control) - http://plugin.inicis...INIwallet60.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanma...ersion=1,0,0,22
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co..../KVPISPCTLD.cab
O16 - DPF: {EACD6BE5-C0EE-4909-9B71-B2807C8A245C} (JukeOn Login Control) - http://dl.jukeon.co....01/jukeonax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\TransCore\3sixty Freight Match Prerequisites\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 14096 bytes

#2
Koheni
Posted 02 January 2009 - 12:24 PM

    New Member

  • Members
  • Pip
  • 6 posts
Got the Panda log to save after restarting system.

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2009-01-02 06:22:54
PROTECTIONS: 1
MALWARE: 32
SUSPECTS: 1
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
AVG Anti-Virus Free 8.0 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.mediaplex.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@xiti[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.bs.serving-sys.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@www.burstbeacon[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@ads.pointroll[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.bluestreak.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@bravenet[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.adultfriendfinder.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@searchportal.information[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[searchportal.information.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@atwola[1].txt
00431194 Adware/AdsRevenue Adware No 0 Yes No C:\Documents and Settings\Biff\Local Settings\Temporary Internet Files\Content.IE5\M11Z6M3U\mm[1].js
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.enhance.com/]
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@enhance[2].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Application Data\Mozilla\Firefox\Profiles\9w0z2po4.default\cookies.txt[.enhance.com/]
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Biff\Cookies\biff@adserver.easyad[1].txt
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location 7\
;===============================================================================
================================================================================
=
===================
No C:\WINDOWS\system32\httpcheck.dll 7\
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description 7\
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================

#3
Koheni
Posted 02 January 2009 - 08:07 PM

    New Member

  • Members
  • Pip
  • 6 posts

View PostManiac, on Jan 2 2009, 09:35 AM, said:

Change the name of HiJackThis.exe, for example MF.exe, but the name should be different from HiJackThis.exe . After the name change, make a new log file and paste it into your next post here.

Renamed file as HJT. Here is the new scan as requested.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:10 PM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [HncUpdate] C:\WINDOWS\system32\HncUpdate.exe /A
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: GPplayerActiveXCAB - http://music.godpeop...rActiveXCAB.CAB
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg7.cyworld.com/ImageUpload/CyIm...pload_10217.cab
O16 - DPF: {15AECD82-DA7D-4EC5-B57F-ED578D84C3F9} (DaumFileControl Control) - http://file.daum.net/down/DaumFile.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.conpia.co...On/AlwaysOn.CAB
O16 - DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} (XacsPop Control) - https://mpi.dacom.ne...js/xmpi2007.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - https://mpi.dacom.net/XPayMPI/Xecure_LiveUp..._XPayMPIOCX.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197583572046
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.n...stBGMPlayer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197583561062
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://cyimg7.cyworld.com/ImageUpload/CyPi...33.cab?20081124
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/dmcc2.c...ersion=1,0,0,10
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - http://file.naver.co...x/NaverFile.cab
O16 - DPF: {A42CEB64-1402-4FE1-B28D-E9BF29A15799} (zdn Control) - http://www.conpia.com/cab/zdn/zdn9.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanma...cab?ver=1,2,3,5
O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} (SKCInst1 Class) - http://cyimg7.cyworl...age/skcinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} (INIwallet60 Control) - http://plugin.inicis...INIwallet60.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanma...ersion=1,0,0,22
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co..../KVPISPCTLD.cab
O16 - DPF: {EACD6BE5-C0EE-4909-9B71-B2807C8A245C} (JukeOn Login Control) - http://dl.jukeon.co.kr/jukeon/jukeon2/2008...01/jukeonax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\TransCore\3sixty Freight Match Prerequisites\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 12610 bytes

#4
AdvancedSetup
Posted 04 January 2009 - 08:42 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,574 posts
  • Gender:Male
  • Location:US
Okay well a LOT was removed. Please run the following and post back.


    Download and install CCleaner
  • CCleaner
    [indent]
  • Double-click on the downloaded file "ccsetup215.exe" and install the application.
  • Keep the default installation folder "C:\Program Files\CCleaner"
  • Uncheck "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser"
  • Click finish when done and close ALL PROGRAMS
  • Start the CCleaner program.
  • Click on Registry and Uncheck Registry Integrity so that it does not run
  • Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  • Click back to Cleaner and click on the Run Cleaner button on the bottom right side of the program.
  • Click OK to any prompts[/indent]

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.


Then run this
Malwarebytes' Anti-Malware
  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

The RESTART the computer again and AFTER the restart run HJT Scan and Save log and post back all NEW logs.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us