Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virtumonde! & maybe other problems too [CLOSED]

Started by Shelleyshel , May 25 2008 01:28 AM

  • This topic is locked This topic is locked

#1
Shelleyshel
Posted 25 May 2008 - 01:28 AM

Shelleyshel

    New Member

  • Member
  • Pip
  • 1 posts
HELP! This is the first time posting and first time with this problem. I've run all the malware / adware software and updates that this site reccomended before posting for first time... So here if the hijack and the malware software logs AND the antivirus logs.

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:38 AM, on 5/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {1fcbd12e-e9e6-c31b-97f4-d849b5e1ab60} - {06ba1e5b-948d-4f79-b13c-6e9ee21dbcf1} - C:\WINDOWS\system32\jtudltyn.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {A0EA32CE-C496-413A-9270-73C893417770} - C:\WINDOWS\system32\cbXRHYqP.dll (file missing)
O2 - BHO: (no name) - {D6640B76-75CC-4CAF-AB06-9E652EAF81EF} - C:\WINDOWS\system32\wvUmmMgD.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211654545953
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8351 bytes

Malwarebytes' Anti-Malware 1.12
Database version: 783

Scan type: Quick Scan
Objects scanned: 37174
Time elapsed: 19 minute(s), 51 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 23
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 19

Memory Processes Infected:
C:\Program Files\Svconr\Svconr.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\higltpwd.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\SYSTEM32\urqOGVMF.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\SYSTEM32\nnnlmKeD.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{152fade0-c26c-4566-8cfb-73b22d525a06} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{152fade0-c26c-4566-8cfb-73b22d525a06} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f50b3f5e-856e-4757-9bb1-b35d46ca7719} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f50b3f5e-856e-4757-9bb1-b35d46ca7719} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlmked (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\785b7763 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f50b3f5e-856e-4757-9bb1-b35d46ca7719} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Svconr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM7b6844ff (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqogvmf -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqogvmf -> Delete on reboot.

Folders Infected:
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xcsDd01 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Svconr (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\higltpwd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\dwptlgih.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\urqOGVMF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\FMVGOqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\FMVGOqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xasjvmwc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cwmvjsax.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\nnnlmKeD.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\b152.exe.bin (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu572.0xe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\CPV\CPV8.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster\asm.exe (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xcsDd01\xcsDd011065.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Svconr\Svconr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mbeipyal.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yayvSkjh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\b152.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b156.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log
Generated 05/24/2008 at 00:08 AM

Application Version : 3.6.1000

Core Rules Database Version : 3468
Trace Rules Database Version: 1459

Scan type : Complete Scan
Total Scan Time : 00:44:55

Memory items scanned : 551
Memory threats detected : 0
Registry items scanned : 4252
Registry threats detected : 9
File items scanned : 28086
File threats detected : 13

MyWay Search Assistant Computers
HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}

Adware.Tracking Cookie
C:\Documents and Settings\Mommy\Cookies\mommy@advertising[1].txt
C:\Documents and Settings\Mommy\Cookies\mommy@adnetserver[1].txt
C:\Documents and Settings\Mommy\Cookies\mommy@doubleclick[1].txt
C:\Documents and Settings\Mommy\Cookies\mommy@findwhat[1].txt
C:\Documents and Settings\Mommy\Cookies\mommy@atwola[1].txt
C:\Documents and Settings\Mommy\Cookies\[email protected][1].txt
C:\Documents and Settings\Mommy\Cookies\mommy@antispywaresuite[1].txt
C:\Documents and Settings\Mommy\Cookies\mommy@tacoda[2].txt
C:\Documents and Settings\Mommy\Cookies\mommy@atdmt[1].txt
C:\Documents and Settings\Mommy\Cookies\[email protected][1].txt
C:\Documents and Settings\Mommy\Cookies\[email protected][1].txt
C:\Documents and Settings\Mommy\Cookies\mommy@2o7[1].txt

Adware.ClickSpring
HKLM\Software\ClickSpring
HKLM\Software\ClickSpring#UBWKR


;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-24 11:21:40
PROTECTIONS: 1
MALWARE: 26
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Charter High-Speed Security Suite 7.03 7.03 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Mommy\Cookies\mommy@atwola[1].txt
02888175 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0024919.dll
02913728 Adware/Insider Adware No 0 Yes No C:\WINDOWS\b155.0xe
02923716 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0030171.exe
02930202 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\ldhvptju.dll
02930223 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0024911.exe
02930223 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP323\A0024969.exe
02932471 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP323\A0024954.dll
02935884 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP328\A0025971.dll
02935884 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP328\A0027072.DLL
02935905 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP323\A0024971.dll
02935950 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\rjnrkbyh.dll
02936016 Adware/Insider Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP329\A0027154.exe
02936327 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP328\A0025983.dll
02936549 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\pkylgaxt.dll
02936725 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP328\A0025988.dll
02936950 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\iidmyjjl.0ll
02936951 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\yqwbeoaf.dll
02936952 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\wotkpqwi.0ll
02936952 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\sgouvlgk.0ll
02936975 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\plhujguc.0ll
02936976 Adware/AntiSpywareMaster Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP328\A0025989.dll
02936978 Spyware/Vundo Spyware No 0 Yes No C:\Documents and Settings\Mommy\Local Settings\Temp\joaweprb.0ll
02937210 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\usfrwddd.0ll
02937212 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\ydemaudt.0ll
02937259 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\ojvfedqo.dll
02937261 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP328\A0025975.dll
02937264 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\phhmwovm.dll
02942076 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0024917.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
182048 HIGH MS07-069
;===============================================================================
=================================================================================
===================
  • 0

Advertisements

#2
miekiemoes
Posted 25 May 2008 - 03:11 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
miekiemoes
Posted 03 June 2008 - 05:16 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP