Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browsers Not Working. Whole computer running slow. [CLOSED]

Started by indulge. , May 19 2008 12:36 PM

  • This topic is locked This topic is locked

#1
indulge.
Posted 19 May 2008 - 12:36 PM

indulge.

    New Member

  • Member
  • Pip
  • 2 posts
I have no clue what I've got but Firefox and Opera don't work at all.
Internet Explorer has a bunch of pop ups advertising fake ways to get rid of malware which I've read is caused by Virtumonde but I've done the Virtumonde scan and nothing showed up.
So I'm using Safari which is running extremely slow.
I constantly run CCleaner which although deletes a lot of cookies doesn't seem to be helping.

Right now I'm running Panda Scan which will hopefully help me somewhat.

This is my HijackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:30 PM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\DesktopAuthority\RaMaint.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\DesktopAuthority\DesktopAuthority.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\slClient.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\DesktopAuthority\ragui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Altiris\AClient\AClntUsr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\AeXInvSoln.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\aexauditpls.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Trend Micro\HijackThis\kill.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://tkn.tcco.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Turner
O2 - BHO: (no name) - {608A73C0-D164-41D7-984B-4B1FD063D85F} - C:\WINDOWS\system32\mlJDvWpQ.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {f84a9f35-0b99-18ba-9654-ffd56556f56d} - {d65f6556-5dff-4569-ab81-99b053f9a48f} - C:\WINDOWS\system32\ijnfxmvj.dll
O2 - BHO: (no name) - {DD4A65C7-61D7-445F-BCF1-5065F765EAF9} - C:\WINDOWS\system32\khfFWPhF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [rmp] c:\windows\turner\baseapps\rmp.bat
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Desktop Authority GUI] "C:\Program Files\DesktopAuthority\ragui.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [e4550ae4] rundll32.exe "C:\WINDOWS\system32\tppbmkrb.dll",b
O4 - HKLM\..\Run: [BMe7663978] Rundll32.exe "C:\WINDOWS\system32\kqinkaru.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=https://tkn.tcco.com
O15 - Trusted Zone: *.0.0.0.0 (HKLM)
O15 - Trusted Zone: http://*.finance.turner (HKLM)
O15 - Trusted Zone: http://*.hochtief.com (HKLM)
O15 - Trusted Zone: http://*.tcco.com (HKLM)
O15 - Trusted Zone: http://*.turnerbenefits.com (HKLM)
O15 - Trusted Zone: http://www.turnerconstruction.com (HKLM)
O15 - Trusted Zone: http://*.turnerknowledge.com (HKLM)
O15 - Trusted Zone: http://www.turneruniversity.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tcco.org
O17 - HKLM\Software\..\Telephony: DomainName = tcco.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{54745E7B-3AEF-473F-923F-E0CDE26A8FDC}: NameServer = 172.19.8.20,172.19.8.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tcco.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tcco.org
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = tcco.org
O20 - AppInit_DLLs: DAINIT.DLL
O20 - Winlogon Notify: khfFWPhF - C:\WINDOWS\SYSTEM32\khfFWPhF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Desktop Authority Maintenance Service (DAMaint) - ScriptLogic Corporation - C:\Program Files\DesktopAuthority\RaMaint.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Desktop Authority Service (DesktopAuthority) - ScriptLogic Corporation - C:\Program Files\DesktopAuthority\DesktopAuthority.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Turner VPN\Extranet_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\system32\slClient.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12162 bytes



Hope you can help,
Mike.





Edit
Panda Scan:


;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-05-19 21:10:40
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 3
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Symantec AntiVirus Corporate Edition 10.1.5.5000 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\mlmurphy.TCCO\Cookies\mlmurphy@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\CSC\d6\80000A05
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\CSC\d8\80000AEF
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\mlmurphy.TCCO\Cookies\mlmurphy@atdmt[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\mlmurphy.TCCO\Cookies\mlmurphy@mediaplex[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\mlmurphy.TCCO\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\mlmurphy.TCCO\Cookies\mlmurphy@advertising[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\mlmurphy\Cookies\mlmurphy@adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\mlmurphy.TCCO\Cookies\[email protected][2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\mlmurphy\Cookies\[email protected][1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\mlmurphy\Cookies\mlmurphy@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\mlmurphy.TCCO\Cookies\mlmurphy@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\mlmurphy.TCCO\Cookies\mlmurphy@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\mlmurphy.TCCO\Cookies\mlmurphy@bluestreak[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\mlmurphy\Cookies\mlmurphy@adrevolver[1].txt
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\yerifxjy.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\sssasefo.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\kvpskfsh.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\yghrhirr.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\uwjjxjxh.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\xripwphd.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\chpktfuj.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\chysehal.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\cqfrjdvu.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\debqdxvk.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\jelrhatf.exe
02974848 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ljJBuvvS.dll
02975133 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C827B725-E6BD-43D0-8606-5D46AA3328B1}\RP312\A0066232.dll
02975133 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C827B725-E6BD-43D0-8606-5D46AA3328B1}\RP312\A0066240.dll
02976804 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{C827B725-E6BD-43D0-8606-5D46AA3328B1}\RP312\A0066239.dll
02976834 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\olmeqyso.dll
02978676 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\wsrhybdc.dll
02978676 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\hyhftprx.dll
02978725 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C827B725-E6BD-43D0-8606-5D46AA3328B1}\RP312\A0066241.dll
02978749 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\nvtawfab.dll
02980337 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\KQINKARU.DLL
02980347 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\IJNFXMVJ.DLL
02981052 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\gkjucsvc.dll
02981052 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ualqqaae.dll
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location I
;===============================================================================
================================================================================
=
===================
No C:\WINDOWS\SYSTEM32\JJONEXYY.DLL I
No C:\WINDOWS\SYSTEM32\TPPBMKRB.DLL I
No C:\WINDOWS\SYSTEM32\XHEMMUQN.DLL I
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description I
;===============================================================================
================================================================================
=
===================
184380 MEDIUM MS08-002 I
184379 MEDIUM MS08-001 I
182048 HIGH MS07-069 I
182046 HIGH MS07-067 I
182043 HIGH MS07-064 I
179553 HIGH MS07-061 I
176382 HIGH MS07-057 I
176383 HIGH MS07-058 I
170911 HIGH MS07-050 I
170907 HIGH MS07-046 I
170906 HIGH MS07-045 I
170904 HIGH MS07-043 I
157262 HIGH MS07-022 I
150249 HIGH MS07-013 I
150248 HIGH MS07-012 I
150247 HIGH MS07-011 I
150242 HIGH MS07-007 I
150241 MEDIUM MS07-006 I
141033 MEDIUM MS06-075 I
;===============================================================================
================================================================================
=
===================

Edited by indulge., 20 May 2008 - 01:41 PM.

  • 0

Advertisements

#2
indulge.
Posted 20 May 2008 - 01:42 PM

indulge.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Additional Info

Virtumonde(sp?)Begone Log:

[05/20/2008, 6:43:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe" )
[05/20/2008, 6:43:14] - Detected System Information:
[05/20/2008, 6:43:14] - Windows Version: 5.1.2600, Service Pack 2
[05/20/2008, 6:43:14] - Current Username: Administrator (Admin)
[05/20/2008, 6:43:14] - Windows is in NORMAL mode.
[05/20/2008, 6:43:14] - Searching for Browser Helper Objects:
[05/20/2008, 6:43:14] - BHO 1: {608A73C0-D164-41D7-984B-4B1FD063D85F} ()
[05/20/2008, 6:43:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2008, 6:43:14] - Checking for HKLM\...\Winlogon\Notify\mlJDvWpQ
[05/20/2008, 6:43:14] - Key not found: HKLM\...\Winlogon\Notify\mlJDvWpQ, continuing.
[05/20/2008, 6:43:14] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2008, 6:43:14] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/20/2008, 6:43:14] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/20/2008, 6:43:14] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/20/2008, 6:43:14] - BHO 6: {cb947b6c-8b4a-4177-8579-fada7b5447f6} ()
[05/20/2008, 6:43:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2008, 6:43:14] - Checking for HKLM\...\Winlogon\Notify\mkvblwrp
[05/20/2008, 6:43:15] - Key not found: HKLM\...\Winlogon\Notify\mkvblwrp, continuing.
[05/20/2008, 6:43:15] - BHO 7: {DD4A65C7-61D7-445F-BCF1-5065F765EAF9} ()
[05/20/2008, 6:43:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2008, 6:43:15] - Checking for HKLM\...\Winlogon\Notify\khfFWPhF
[05/20/2008, 6:43:15] - Found: HKLM\...\Winlogon\Notify\khfFWPhF - This is probably Virtumundo.
[05/20/2008, 6:43:15] - Assigning {DD4A65C7-61D7-445F-BCF1-5065F765EAF9} MSEvents Object
[05/20/2008, 6:43:15] - BHO list has been changed! Starting over...
[05/20/2008, 6:43:15] - BHO 1: {608A73C0-D164-41D7-984B-4B1FD063D85F} ()
[05/20/2008, 6:43:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2008, 6:43:15] - Checking for HKLM\...\Winlogon\Notify\mlJDvWpQ
[05/20/2008, 6:43:15] - Key not found: HKLM\...\Winlogon\Notify\mlJDvWpQ, continuing.
[05/20/2008, 6:43:15] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2008, 6:43:15] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/20/2008, 6:43:15] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/20/2008, 6:43:16] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/20/2008, 6:43:16] - BHO 6: {cb947b6c-8b4a-4177-8579-fada7b5447f6} ()
[05/20/2008, 6:43:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2008, 6:43:16] - Checking for HKLM\...\Winlogon\Notify\mkvblwrp
[05/20/2008, 6:43:16] - Key not found: HKLM\...\Winlogon\Notify\mkvblwrp, continuing.
[05/20/2008, 6:43:16] - BHO 7: {DD4A65C7-61D7-445F-BCF1-5065F765EAF9} (MSEvents Object)
[05/20/2008, 6:43:16] - ALERT: Found MSEvents Object!
[05/20/2008, 6:43:16] - Finished Searching Browser Helper Objects
[05/20/2008, 6:43:16] - *** Detected MSEvents Object
[05/20/2008, 6:43:16] - Trying to remove MSEvents Object...
[05/20/2008, 6:43:17] - Terminating Process: IEXPLORE.EXE
[05/20/2008, 6:43:17] - Terminating Process: RUNDLL32.EXE
[05/20/2008, 6:43:18] - Disabling Automatic Shell Restart
[05/20/2008, 6:43:18] - Terminating Process: EXPLORER.EXE
[05/20/2008, 6:43:19] - Suspending the NT Session Manager System Service
[05/20/2008, 6:43:19] - Terminating Windows NT Logon/Logoff Manager
[05/20/2008, 6:43:20] - Re-enabling Automatic Shell Restart
[05/20/2008, 6:43:20] - File to disable: C:\WINDOWS\system32\khfFWPhF.dll
[05/20/2008, 6:43:20] - Renaming C:\WINDOWS\system32\khfFWPhF.dll -> C:\WINDOWS\system32\khfFWPhF.dll.vir
[05/20/2008, 6:43:21] - File successfully renamed!
[05/20/2008, 6:43:21] - Removing HKLM\...\Browser Helper Objects\{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}
[05/20/2008, 6:43:22] - Removing HKCR\CLSID\{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}
[05/20/2008, 6:43:22] - Adding Kill Bit for ActiveX for GUID: {DD4A65C7-61D7-445F-BCF1-5065F765EAF9}
[05/20/2008, 6:43:22] - Deleting ATLEvents/MSEvents Registry entries
[05/20/2008, 6:43:22] - Removing HKLM\...\Winlogon\Notify\khfFWPhF
[05/20/2008, 6:43:24] - Searching for Browser Helper Objects:
[05/20/2008, 6:43:24] - BHO 1: {608A73C0-D164-41D7-984B-4B1FD063D85F} ()
[05/20/2008, 6:43:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2008, 6:43:24] - Checking for HKLM\...\Winlogon\Notify\mlJDvWpQ
[05/20/2008, 6:43:24] - Key not found: HKLM\...\Winlogon\Notify\mlJDvWpQ, continuing.
[05/20/2008, 6:43:24] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2008, 6:43:24] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/20/2008, 6:43:24] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/20/2008, 6:43:24] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/20/2008, 6:43:24] - BHO 6: {cb947b6c-8b4a-4177-8579-fada7b5447f6} ()
[05/20/2008, 6:43:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2008, 6:43:24] - Checking for HKLM\...\Winlogon\Notify\mkvblwrp
[05/20/2008, 6:43:24] - Key not found: HKLM\...\Winlogon\Notify\mkvblwrp, continuing.
[05/20/2008, 6:43:24] - Finished Searching Browser Helper Objects
[05/20/2008, 6:43:24] - Finishing up...
[05/20/2008, 6:43:24] - A restart is needed.
[05/20/2008, 6:44:59] - Attempting to Restart via STOP error (Blue Screen!



I've run a few cleaners and nothing seems to be working... :)

Edited by indulge., 20 May 2008 - 01:43 PM.

  • 0

#3
koko_crunch
Posted 25 May 2008 - 11:09 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello indulge Welcome to Geeks to Go!

Sorry for the long wait, busy week.

After checking your log, I found signs of malware on your system. Please stick with me until we get you cleaned up. :)
Please read this post completely before proceeding with the fix. If you have questions, don't hesitate to ask.

Let's start.

First,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next,

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Finally,

Post back with the following logs.

- MBAM log
- SuperAntispyware log
- New HijackThis log
  • 0

#4
koko_crunch
Posted 01 June 2008 - 06:22 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP