Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hijack log for emachine


  • Please log in to reply

#1
ranger9

ranger9

    New Member

  • Member
  • Pip
  • 3 posts
Machine: emachine T3104
OS: XP SP2
RAM: 192 MB

Machine was infected
ran ATF cleaner
set Restore point
ran Malwarebytes' Anti-Malware
ran SUPERAntiSpyware Home Edition
ran Panda Online scan

machine running better, but still quirky.
On boot-up complains that it can't find C:\windows\shell.exe

Here are the logs:


SUPERAntiSpyware Scan Log
Generated 05/11/2008 at 08:36 PM

Application Version : 3.6.1000

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 00:54:23

Memory items scanned : 339
Memory threats detected : 0
Registry items scanned : 5250
Registry threats detected : 35
File items scanned : 45851
File threats detected : 83

Adware.SBSoft
HKU\S-1-5-21-376849671-2428409633-4025966157-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{08BEC6AA-49FC-4379-3587-4B21E286C19E}

Browser Hijacker.Internet Explorer Zone Hijack
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#http
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#http
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#http
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#http
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#https

Trojan.Windows Overlay Components/SysMon
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#DeviceDesc

Browser Hijacker.Favorites
C:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url
C:\Documents and Settings\All Users\Favorites\NEW VIAGRA at Half Price!.url
C:\Documents and Settings\All Users\Favorites\Online Chat With Nude Girls.url
C:\Documents and Settings\All Users\Favorites\Order CIALIS online without leaving home..url
C:\Documents and Settings\Owner\Favorites\PC protection in under 2 minutes!.url
C:\Documents and Settings\All Users\Favorites\PC protection in under 2 minutes!.url
C:\Documents and Settings\All Users\Favorites\SEX Dating - Real Girls For Real SEX.url
C:\Documents and Settings\Owner\Favorites\Stop PopUps On Your Computer.url
C:\Documents and Settings\All Users\Favorites\Stop PopUps On Your Computer.url
C:\Documents and Settings\All Users\Favorites\VIAGRA at incredible low price. Bonus Pills!.url
C:\Documents and Settings\All Users\Favorites\View ADULT photos of REAL GIRLS!.url
C:\Documents and Settings\All Users\Favorites\Online Pharmacy\CHEAPEST VIAGRA ONLINE.url
C:\Documents and Settings\All Users\Favorites\Online Pharmacy\Cialis at HALF PRICE!.url
C:\Documents and Settings\All Users\Favorites\Online Pharmacy\Fast Way To Loose Your Weight!.url
C:\Documents and Settings\All Users\Favorites\Online Pharmacy\Guaranteed low price at Pills..url
C:\Documents and Settings\All Users\Favorites\Online Pharmacy\SOMA at Special LOW PRICE.url
C:\Documents and Settings\All Users\Favorites\Online Pharmacy\Tramadol Special Offer!.url
C:\Documents and Settings\All Users\Favorites\Online Pharmacy\Try New VIAGRA! Works Faster and Longer!.url
C:\Documents and Settings\All Users\Favorites\Online Pharmacy
C:\Documents and Settings\All Users\Favorites\Sex and Dating\Meet Girls Who Want To Get Laid!.url
C:\Documents and Settings\All Users\Favorites\Sex and Dating\Meet Horny Girls In Your Area!.url
C:\Documents and Settings\All Users\Favorites\Sex and Dating\Read profiles and Chat With Nude Girls!.url
C:\Documents and Settings\All Users\Favorites\Sex and Dating\SEX Dating - people looking for SEX.url
C:\Documents and Settings\All Users\Favorites\Sex and Dating\View XXX photos of Real Sexy Girls..url
C:\Documents and Settings\All Users\Favorites\Sex and Dating
C:\Documents and Settings\Owner\Favorites\Spyware Uninstall\Easy Detect and Uninstall Spyware..url
C:\Documents and Settings\Owner\Favorites\Spyware Uninstall\Free Spyware Scanner..url
C:\Documents and Settings\Owner\Favorites\Spyware Uninstall\Search & Destroy Annoying Adware..url
C:\Documents and Settings\Owner\Favorites\Spyware Uninstall\Stop PopUps on your PC..url
C:\Documents and Settings\Owner\Favorites\Spyware Uninstall
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall\Easy Detect and Uninstall Spyware..url
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall\Free Spyware Scanner..url
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall\Search & Destroy Annoying Adware..url
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall\Stop PopUps on your PC..url
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall

Rootkit.Unclassified/SysDamp-Traces
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISWON
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISWON#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISWON\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISWON\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISWON\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISWON\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISWON\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISWON\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISWON\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISWON\0000#Capabilities

Adware.Mirar/NetNucleus
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP665\A0043420.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP696\A0069452.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP680\A0043496.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP686\A0044500.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP686\A0044549.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP686\A0044561.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP686\A0046562.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP687\A0046573.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP687\A0047635.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP687\A0047877.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP687\A0047886.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP688\A0047907.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP689\A0048946.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP691\A0050971.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP691\A0051972.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP691\A0053985.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP691\A0055000.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP692\A0055061.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP695\A0067222.EXE

Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP681\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP682\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP683\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP684\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP685\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP688\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP689\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP690\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP692\SNAPSHOT\MFEX-1.DAT

Trojan.ZenoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP691\A0053978.EXE

Malware.Ultimate Defender
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP691\A0055005.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP692\A0055077.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP692\A0055106.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP692\A0055108.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP694\A0067189.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP695\A0067225.EXE

Adware.Search2Find
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP692\A0055070.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP692\A0055072.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP692\A0055074.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP692\A0055101.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP692\A0055103.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP692\A0055105.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP697\A0069497.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP697\A0069498.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP697\A0069499.LNK

Trojan.ZQuest
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP695\A0067223.DLL

Adware.E404 Helper/Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP695\A0067233.DLL

Adware.Downloader Mirar/NetNucleus
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP696\A0069466.EXE

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\WINPFZ32.SYS


++++++++++++++++++++++

PANDA LOG

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-11 21:54:29
PROTECTIONS: 2
MALWARE: 15
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.516 7.5.516 Yes No
Norton Internet Security 2005 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00029426 adware/sbsoft Adware No 0 Yes No c:\windows\rdt.ini
00145083 adware/mirar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
00145083 adware/mirar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00284465 application/kill&clean HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{BF69DF00-2734-477F-8257-27CD04F88779}
00514952 Adware/TTC Adware No 0 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP680\A0043497.exe
00520936 Application/ViewPoint HackTools No 0 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP695\A0067234.dll
00520936 Application/ViewPoint HackTools No 0 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP692\A0055022.dll
01174114 Trj/Downloader.OXI Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP696\A0069464.exe
01257446 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP696\A0069464.exe[b02FdUe1065.exe]
02105266 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP691\A0055004.exe
02820041 Adware/UltimateCleaner Adware No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP692\A0055107.dll
02820041 Adware/UltimateCleaner Adware No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP695\A0067224.dll
02820041 Adware/UltimateCleaner Adware No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP691\A0055003.dll
02885305 Adware/SpyShredder Adware No 0 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP695\A0067226.exe
02885332 Adware/SpyShredder Adware No 0 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP695\A0067228.exe
02891504 Adware/DriveCleaner Adware No 0 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP695\A0067232.exe
02897580 Application/UltimateCleaner HackTools No 0 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\A0059087.exe
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-16.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-17.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-18.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-19.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-15.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-20.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-21.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-22.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-14.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-24.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-25.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-26.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-27.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-3.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-5.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-6.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-7.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-8.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-9.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-13.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-12.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-11.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-10.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-1.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-23.DAT
02920527 Trj/Spambot.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP693\snapshot\MFEX-2.DAT
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location w
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description w
;===============================================================================
=================================================================================
===================
184380 MEDIUM MS08-002 w
184379 MEDIUM MS08-001 w
182048 HIGH MS07-069 w
182046 HIGH MS07-067 w
182043 HIGH MS07-064 w
179553 HIGH MS07-061 w
176382 HIGH MS07-057 w
176383 HIGH MS07-058 w
170911 HIGH MS07-050 w
170907 HIGH MS07-046 w
170906 HIGH MS07-045 w
170904 HIGH MS07-043 w
164915 HIGH MS07-035 w
164913 HIGH MS07-033 w
164911 HIGH MS07-031 w
160623 HIGH MS07-027 w
157262 HIGH MS07-022 w
157261 HIGH MS07-021 w
157260 HIGH MS07-020 w
157259 HIGH MS07-019 w
156477 HIGH MS07-017 w
150253 HIGH MS07-016 w
150249 HIGH MS07-013 w
150248 HIGH MS07-012 w
150247 HIGH MS07-011 w
150243 HIGH MS07-008 w
150242 HIGH MS07-007 w
150241 MEDIUM MS07-006 w
141034 HIGH MS06-076 w
141033 MEDIUM MS06-075 w
141030 HIGH MS06-072 w
137571 HIGH MS06-070 w
137568 HIGH MS06-067 w
133387 MEDIUM MS06-065 w
133386 MEDIUM MS06-064 w
133385 MEDIUM MS06-063 w
133379 HIGH MS06-057 w
131654 HIGH MS06-055 w
129977 MEDIUM MS06-053 w
129976 MEDIUM MS06-052 w
126093 HIGH MS06-051 w
126092 MEDIUM MS06-050 w
126087 HIGH MS06-046 w
126086 MEDIUM MS06-045 w
126083 HIGH MS06-042 w
126082 HIGH MS06-041 w
126081 HIGH MS06-040 w
123421 HIGH MS06-036 w
123420 HIGH MS06-035 w
120825 MEDIUM MS06-032 w
120823 MEDIUM MS06-030 w
120818 HIGH MS06-025 w
120815 HIGH MS06-022 w
120814 HIGH MS06-021 w
117384 MEDIUM MS06-018 w
114666 HIGH MS06-015 w
114664 HIGH MS06-013 w
108744 MEDIUM MS06-008 w
108743 MEDIUM MS06-007 w
108742 MEDIUM MS06-006 w
104567 HIGH MS06-002 w
104237 HIGH MS06-001 w
96574 HIGH MS05-053 w
93395 HIGH MS05-051 w
93394 HIGH MS05-050 w
93454 MEDIUM MS05-049 w
;===============================================================================
=================================================================================
===================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:42 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:
  • 0

Advertisements


#2
ranger9

ranger9

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
For some reason, the hijack this log was truncated in my initial post, so here it is again

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:42 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\AOL\1073002513\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R3 - URLSearchHook: (no name) - {084844EA-2529-6301-EA2A-F501746C98BF} - WhatsNewBot.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {72EC7DB0-D52F-43EC-B61E-74A4D8654274} - (no file)
O2 - BHO: (no name) - {C3217D2B-A992-4178-AB7F-EE59E9F23AB6} - C:\Program Files\Microsoft.NET\mesofi4444.dll (file missing)
O2 - BHO: 0 - {D9E09427-0142-4FA3-FE81-75FF5E4848C8} - C:\Program Files\BigFix\qufaxymi445.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1073002513\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3142CB42-CB25-4912-B779-0950E5A121B3}: NameServer = 85.255.116.46,85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.46 85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\..\{3142CB42-CB25-4912-B779-0950E5A121B3}: NameServer = 85.255.116.46,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.46 85.255.112.187
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: system2 - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5237 bytes
  • 0

#3
ranger9

ranger9

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here is the Unistall List

Adobe Reader 7.0.9
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
AVG 7.5
Caesar IV
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Digital Media Reader
Empty Temp Folders 2.8.3
Hijackthis 1.99.1
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 2
Logitech Harmony Remote Client
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Money 2005
Microsoft Office Standard Edition 2003
Microsoft Works
MySQL Connector/ODBC 3.51
Napster
Napster Burn Engine
Panda ActiveScan 2.0
PowerDVD
Pure Networks Port Magic
QuickTime
RealArcade
RealPlayer Basic
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Samsung ML-4500 Series Driver
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
SoftV92 Data Fax Modem with SmartCP
Spyware Terminator
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
VIA/S3G Display Driver
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
Windows Backup Utility
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP