Jump to content


Photo

Trojan+/HiJack


  • This topic is locked This topic is locked
3 replies to this topic

#1 ChuckP

ChuckP

    Member

  • New Member
  • Pip
  • 1 posts

Posted 14 June 2007 - 08:26 AM

Recently MacAfee reported Trojan.Vundo affecting Windows\system32\oplmnm.dll and one other file, but was not able to delete or quarantine. Attempting to resolve, we removed MacAfee and added Norton Internet Security, but Auto Protect within Norton will not activate.

Adding to the problem, the system began running extremely slow ie: 5 minutes to boot up, 2-3 minutes to launch programs and to shut them down. IE Browers appears to have been affected in that while trying to communicate with Norton Tech Support, redirects appear taking us to unsolicited "Win 2007 AntiVirus" sites claiming that Norton is no good as evidenced by the redirect that just occured. No other pop up's have been noticed.

Before going to HiJack This, attempted Registry Mechanic, Spy Subract, CWshedder and Spybot, Ad-Aware and AVG as directed. However, I was not able to get AVG to run in safe mode - error msg indicated a failure to initialize and the need to reinstall. I also received a dedirect and request to e-mail what I was doing when I first attemtped to download HiJackThis. I do not recall if the msg included an e-mail address or just had a 'send' button.

Steps taken prior to opening this topic:
Registry Mechanic: Cleaned all items allowed by the trial version
CW Shredder: No issue found
SpyBot: Indicted (2) infections - opnlmnm.dll and one other - but could not quarantine
AdAware: found 104 infections - quarantined
AVG: found a number of infections - quarantined
***Added 06/14 @ 20:02: Scan log from Kaspersky

Requested logs are attached below. If you'd rather have these in files, please advise how to attach as files. I appreciate your help.



Logfile of HijackThis v1.99.1
Scan saved at 7:47:05 AM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HiJack This\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2432F099-F8E2-43C9-B765-3AF002FFC6A7} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\usfnuroe.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\mfrbpnom.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\qtqutchy.dll",realset
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135w.bay135...es/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1181265346234
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12A16ADC7} - file://C:\WINDOWS\SYSTEM32\SearchBar\zpprf1sh.exe
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildt...uncherSetup.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,21/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: opnlmnm - opnlmnm.dll (file missing)
O20 - Winlogon Notify: pmnll - C:\WINDOWS\system32\pmnll.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:33:26 PM 6/12/2007

+ Scan result:



HKLM\SOFTWARE\Classes\VoiceIPDll.VoiceIPDllObj.1 -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-1413893678-856183715-2948274696-1008\Software\VoiceIP -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002238.exe -> Adware.NavExcel : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP13\A0004109.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
[1456] C:\WINDOWS\system32\pmnll.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
[648] C:\WINDOWS\system32\pmnll.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\vbfkymom.dll -> Adware.WurldMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002225.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\T1QaSQ\T1QaSQ1065.exe -> Downloader.VB.awj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002219.exe -> Hijacker.Small.mw : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.11:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.12:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.13:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.14:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.15:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.16:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.17:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.18:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.19:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.20:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.21:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.22:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.23:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.24:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.25:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.6:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.7:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.8:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.9:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian devin@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@2o7[2].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@edmc.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@aavalue[1].txt -> TrackingCookie.Aavalue : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@arn.aavalue[1].txt -> TrackingCookie.Aavalue : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@1.adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@4.adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@advertising[1].txt -> TrackingCookie.Advertising : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.6:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Billboard : Ignored.
:mozilla.7:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Billboard : Ignored.
:mozilla.251:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Burstbeacon : Ignored.
:mozilla.33:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@www.burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.39:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Centrport : Ignored.
:mozilla.40:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Centrport : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@clickbank[1].txt -> TrackingCookie.Clickbank : Ignored.
:mozilla.53:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Com : Ignored.
:mozilla.54:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Com : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@com[1].txt -> TrackingCookie.Com : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Ignored.
:mozilla.76:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Imrworldwide : Ignored.
:mozilla.77:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Imrworldwide : Ignored.
:mozilla.81:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Intelli-direct : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@search.live[2].txt -> TrackingCookie.Live : Ignored.
:mozilla.156:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Liveperson : Ignored.
:mozilla.114:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Masterstats : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored.
:mozilla.210:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Firefox\Profiles\nuy388v1.default\cookies.txt -> TrackingCookie.Msn : Ignored.
:mozilla.118:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Netflame : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@perf.overture[1].txt -> TrackingCookie.Overture : Ignored.
:mozilla.106:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Paycounter : Ignored.
:mozilla.28:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.29:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.30:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Pointroll : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@realmedia[2].txt -> TrackingCookie.Realmedia : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@revsci[2].txt -> TrackingCookie.Revsci : Ignored.
:mozilla.114:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.115:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.116:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.117:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.47:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.48:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.49:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.50:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.51:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.52:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.53:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.54:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.55:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.56:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.57:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.58:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.59:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.60:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.61:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.62:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.27:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Specificclick : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@specificclick[1].txt -> TrackingCookie.Specificclick : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@statcounter[1].txt -> TrackingCookie.Statcounter : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.122:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
C:\Documents and Settings\Christian Devin\Cookies\christian_devin@m.webtrends[1].txt -> TrackingCookie.Webtrends : Ignored.
:mozilla.135:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.136:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.137:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.138:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.139:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.140:C:\Documents and Settings\Christian Devin\Application Data\Mozilla\Profiles\default\bqt0f6l2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
C:\WINDOWS\SYSTEM32\dwbaogla.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ftepbrkb.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\iuquuaja.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\yofiwkab.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).


::Report end


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, June 14, 2007 7:55:35 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 15/06/2007
Kaspersky Anti-Virus database records: 346826
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 23953
Number of viruses found: 3
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 00:25:01

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4DA48535-DB4F-4F83-9BDF-B6EAB0B19DAE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\awhnwjbj.dll Infected: Trojan.Win32.BHO.o skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\goqkqnbd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav18\Groove.x32 Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\yupfigsb.dll Infected: Trojan.Win32.BHO.bd skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Perflib_Perfdata_e4.dat Object is locked skipped

Scan process completed.

Edited by ChuckP, 14 June 2007 - 08:04 PM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 17 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 19 June 2007 - 12:56 PM

Hi,

Sorry for this delay. If you still need help please submit a fresh HijackThis log for my review.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 30 June 2007 - 07:41 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button