• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
ChuckP

Trojan+/HiJack

4 posts in this topic

Recently MacAfee reported Trojan.Vundo affecting Windows\system32\oplmnm.dll and one other file, but was not able to delete or quarantine. Attempting to resolve, we removed MacAfee and added Norton Internet Security, but Auto Protect within Norton will not activate.

 

Adding to the problem, the system began running extremely slow ie: 5 minutes to boot up, 2-3 minutes to launch programs and to shut them down. IE Browers appears to have been affected in that while trying to communicate with Norton Tech Support, redirects appear taking us to unsolicited "Win 2007 AntiVirus" sites claiming that Norton is no good as evidenced by the redirect that just occured. No other pop up's have been noticed.

 

Before going to HiJack This, attempted Registry Mechanic, Spy Subract, CWshedder and Spybot, Ad-Aware and AVG as directed. However, I was not able to get AVG to run in safe mode - error msg indicated a failure to initialize and the need to reinstall. I also received a dedirect and request to e-mail what I was doing when I first attemtped to download HiJackThis. I do not recall if the msg included an e-mail address or just had a 'send' button.

 

Steps taken prior to opening this topic:

Registry Mechanic: Cleaned all items allowed by the trial version

CW Shredder: No issue found

SpyBot: Indicted (2) infections - opnlmnm.dll and one other - but could not quarantine

AdAware: found 104 infections - quarantined

AVG: found a number of infections - quarantined

***Added 06/14 @ 20:02: Scan log from Kaspersky

 

Requested logs are attached below. If you'd rather have these in files, please advise how to attach as files. I appreciate your help.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 7:47:05 AM, on 6/14/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\InterMute\SpySubtract\SpySub.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Downloads\HiJack This\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: (no name) - {2432F099-F8E2-43C9-B765-3AF002FFC6A7} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\usfnuroe.dll

O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\mfrbpnom.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\qtqutchy.dll",realset

O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135w.bay135.mail.live.com/mail/re...es/MsnPUpld.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1181265346234

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

O16 - DPF: {92F02779-6D88-4958-8AD3-83C12A16ADC7} - file://C:\WINDOWS\SYSTEM32\SearchBar\zpprf1sh.exe

O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandr...uncherSetup.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} -

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,21/mcgdmgr.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O20 - Winlogon Notify: opnlmnm - opnlmnm.dll (file missing)

O20 - Winlogon Notify: pmnll - C:\WINDOWS\system32\pmnll.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 9:33:26 PM 6/12/2007

 

+ Scan result:

 

 

 

HKLM\SOFTWARE\Classes\VoiceIPDll.VoiceIPDllObj.1 -> Adware.BetterInternet : Cleaned with backup (quarantined).

HKU\S-1-5-21-1413893678-856183715-2948274696-1008\Software\VoiceIP -> Adware.BetterInternet : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002238.exe -> Adware.NavExcel : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP13\A0004109.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

[1456] C:\WINDOWS\system32\pmnll.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

[648] C:\WINDOWS\system32\pmnll.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\vbfkymom.dll -> Adware.WurldMedia : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002225.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\T1QaSQ\T1QaSQ1065.exe -> Downloader.VB.awj : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002219.exe -> Hijacker.Small.mw : Cleaned with backup (quarantined).

:mozilla.10:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.11:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.12:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.13:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.14:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.15:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.16:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.17:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.18:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.19:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.20:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.21:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.22:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.23:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.24:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.25:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.6:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.7:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.8:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

:mozilla.9:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian devin@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@2o7[2].txt -> TrackingCookie.2o7 : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@edmc.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@aavalue[1].txt -> TrackingCookie.Aavalue : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@arn.aavalue[1].txt -> TrackingCookie.Aavalue : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@1.adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@4.adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@advertising[1].txt -> TrackingCookie.Advertising : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.

:mozilla.6:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Billboard : Ignored.

:mozilla.7:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Billboard : Ignored.

:mozilla.251:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Burstbeacon : Ignored.

:mozilla.33:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@www.burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.

:mozilla.39:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Centrport : Ignored.

:mozilla.40:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Centrport : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@clickbank[1].txt -> TrackingCookie.Clickbank : Ignored.

:mozilla.53:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Com : Ignored.

:mozilla.54:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Com : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@com[1].txt -> TrackingCookie.Com : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Ignored.

:mozilla.76:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Imrworldwide : Ignored.

:mozilla.77:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Imrworldwide : Ignored.

:mozilla.81:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Intelli-direct : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@search.live[2].txt -> TrackingCookie.Live : Ignored.

:mozilla.156:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Liveperson : Ignored.

:mozilla.114:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Masterstats : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored.

:mozilla.210:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Msn : Ignored.

:mozilla.118:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Netflame : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@perf.overture[1].txt -> TrackingCookie.Overture : Ignored.

:mozilla.106:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Paycounter : Ignored.

:mozilla.28:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Pointroll : Ignored.

:mozilla.29:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Pointroll : Ignored.

:mozilla.30:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Pointroll : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@realmedia[2].txt -> TrackingCookie.Realmedia : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@revsci[2].txt -> TrackingCookie.Revsci : Ignored.

:mozilla.114:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Serving-sys : Ignored.

:mozilla.115:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Serving-sys : Ignored.

:mozilla.116:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Serving-sys : Ignored.

:mozilla.117:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Serving-sys : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.

:mozilla.47:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.48:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.49:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.50:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.51:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.52:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.53:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.54:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.55:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.56:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.57:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.58:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.59:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.60:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.61:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.62:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.

:mozilla.27:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Specificclick : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@specificclick[1].txt -> TrackingCookie.Specificclick : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@statcounter[1].txt -> TrackingCookie.Statcounter : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.

:mozilla.122:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.

C:\Documents and Settings\Christian Devin\Cookies\christian_devin@m.webtrends[1].txt -> TrackingCookie.Webtrends : Ignored.

:mozilla.135:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.

:mozilla.136:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.

:mozilla.137:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.

:mozilla.138:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.

:mozilla.139:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.

:mozilla.140:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.

C:\WINDOWS\SYSTEM32\dwbaogla.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\ftepbrkb.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\iuquuaja.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\yofiwkab.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).

 

 

::Report end

 

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Thursday, June 14, 2007 7:55:35 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.93.0

Kaspersky Anti-Virus database last update: 15/06/2007

Kaspersky Anti-Virus database records: 346826

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - Critical Areas:

C:\WINDOWS

C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\

 

Scan Statistics:

Total number of scanned objects: 23953

Number of viruses found: 3

Number of infected objects: 3

Number of suspicious objects: 0

Duration of the scan process: 00:25:01

 

Infected Object Name / Virus Name / Last Action

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{4DA48535-DB4F-4F83-9BDF-B6EAB0B19DAE}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\awhnwjbj.dll Infected: Trojan.Win32.BHO.o skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\goqkqnbd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav18\Groove.x32 Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\yupfigsb.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Perflib_Perfdata_e4.dat Object is locked skipped

 

Scan process completed.

Edited by ChuckP

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Sorry for this delay. If you still need help please submit a fresh HijackThis log for my review.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0