Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected with spyware. Help!


  • This topic is locked This topic is locked

#1
ckim

ckim

    Member

  • Member
  • PipPip
  • 29 posts
Hi,

As son as I open the internet, a lot of pop up windows comes up.
Please help!

Here is log files

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-23 12:09:14
PROTECTIONS: 0
MALWARE: 26
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00001888 adware/dyfuca Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer
00018457 adware/purityscan Adware No 0 Yes No c:\documents and settings\lupe diaz\local settings\temp\!update.exe
00034463 adware/wupd Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540013}
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\clsid\{205ff73b-ca67-11d5-99dd-444553540013}
00045952 spyware/media-motor Spyware No 1 Yes No hkey_local_machine\software\mm
00047660 adware/sqwire Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\tsa
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.036\FILE0060.CHK
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.041\FILE0001.CHK
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.036\FILE0067.CHK
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.025\FILE0001.CHK
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.024\FILE0006.CHK
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.042\FILE0000.CHK
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\FOUND.023\FILE0007.CHK
00204405 adware/searchresults Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\protocols\filter\text/html\CLSID\{3551784B-E99A-474f-B782-3EC814442918}
00213030 application/regclean32 HackTools No 0 Yes No c:\documents and settings\lupe diaz\application data\registry cleaner
00213030 application/regclean32 HackTools No 0 Yes No c:\program files\registry cleaner trial
00213030 application/regclean32 HackTools No 0 Yes No hkey_local_machine\software\registry cleaner
00217379 adware/dollarrevenue Adware No 0 No No c:\windows\drsmartload.dat
00217379 adware/dollarrevenue Adware No 0 No No hkey_local_machine\software\microsoft\drsmartload
00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\controlset001\enum\root\legacy_network_monitor
00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\controlset001\enum\root\legacy_cmdservice
00241963 adware/fchelp Adware No 0 Yes No hkey_current_user\software\fcman
01299001 Trj/Mailbot.DT Virus/Trojan No 1 Yes No C:\WINDOWS\SYSTEM32\Clearer.exe
01299001 Trj/Mailbot.DT Virus/Trojan No 1 Yes No C:\WINDOWS\Clearer.exe
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\YWHOXLBM.DLL
02893538 Adware/PurityScan Adware Yes 1 Yes No C:\DOCUMENTS AND SETTINGS\LUPE DIAZ\LOCAL SETTINGS\TEMP\!UPDATE.EXE
02893538 Adware/PurityScan Adware Yes 1 Yes No C:\DOCUMENTS AND SETTINGS\LUPE DIAZ\APPLICATION DATA\SУSTEM\NOTEPAD.EXE
02903391 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\DIDUNIKO.DLL
02903391 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\RKFGVYKM.DLL
02903391 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\NCETMAXV.DLL
02903391 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\AINOMIRG.DLL
02903391 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\TTRYASCO.DLL
02905020 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\WXRAATXC.DLL
02905027 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\ORRQKGDR.DLL
02906745 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\XLBKHDGX.DLL
02907724 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\BEHAMKEA.DLL
02909334 Rootkit/Agent.IKR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\DRIVERS\ASCC.SYS
02927671 Adware/TTC Adware No 0 Yes No C:\WINDOWS\POTA777444.exe
02927675 Adware/TTC Adware No 0 No No C:\WINDOWS\POTA777444.exe[TTC.dll]
02942076 Adware/PurityScan Adware Yes 1 Yes No C:\DOCUMENTS AND SETTINGS\LUPE DIAZ\APPLICATION DATA\ADOBE\WΥAUBOOT.EXE
02980234 Adware/Zenosearch Adware No 0 Yes No C:\WINDOWS\SYSTEM32\MCNTPSDM.EXE
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location mX
3i
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description mX
3i
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:44 PM, on 5/23/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Lupe Diaz\Application Data\Adobe\w?auboot.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\DOCUME~1\LUPEDI~1\APPLIC~1\SSTEM~1\notepad.exe
F:\Spyware Removal Tools\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0dd98dcc-3396-44a7-9292-e539d12b315d} - C:\WINDOWS\System32\pnadwgj.dll (file missing)
O2 - BHO: (no name) - {4F7D0787-6772-4195-B404-98478689B260} - (no file)
O2 - BHO: {b1df8cbd-d159-86eb-d124-b42746a12136} - {63121a64-724b-421d-be68-951ddbc8fd1b} - C:\WINDOWS\System32\hiyhcpci.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: (no name) - {BB94C508-1180-5CD9-68B3-7C191A37686F} - C:\WINDOWS\Ajxrycaj.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search - {A922F01A-8F81-E9EB-7C22-1B505071DF0C} - C:\WINDOWS\Ajxrycaj.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
O4 - HKCU\..\Run: [Ussimhnd] "C:\Documents and Settings\Lupe Diaz\Application Data\Adobe\w?auboot.exe"
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\LUPEDI~1\APPLIC~1\SSTEM~1\notepad.exe" -vt ndrv
O4 - HKCU\..\Policies\Explorer\Run: [osupsh] C:\WINDOWS\System32\osupsh.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\GetFlash.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farme...ctiveX/smsx.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://ml.sitexdata....ult/arview2.cab
O18 - Filter hijack: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
O20 - AppInit_DLLs: ?A?C C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: hggfccd - hggfccd.dll (file missing)
O20 - Winlogon Notify: wygsnnac - wygsnnac.dll (file missing)
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Access Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 5996 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Don't make multiple topics

You are already being helped
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP