Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Need help on Trojan.Vundo [RESOLVED]

Started by ipeh , Oct 30 2007 08:44 AM

This topic is locked

#16
ipeh

Posted 03 November 2007 - 09:17 AM

Member

Topic Starter
Member
32 posts

Hi greyknight17,

The StopSign didn't finish the scan. It stalled at 8% and didn't produce a log.

I downloaded and installed the evalutation Panda Anti Virus. However, it wouldn't allow me to update the definition. But I scanned my PC anyway and here's the log:

Panda Antivirus 2008 incident report

EVENT DATE RESULTS ADDITIONAL INFORMATION
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scan completed 11/03/07 22:05:39 Scan: All My Computer
Tracking program detected: Application/Processor 11/03/07 22:05:39 Eliminated Location: E:\Anti Virus SpyFalcon\smitRem.exe[smitRem/Process.exe]
Adware detected: adware/cws 11/03/07 22:03:29 Eliminated Location: c:\documents and settings\default user\favorites\shop
Update 11/03/07 22:02:37 OK New threat signatures: 1165890
Virus detected: Generic Malware 11/03/07 21:46:37 Disinfected Location: C:\Program Files\VisualRoute\PATCH.EXE
Spyware detected: Cookie/RealMedia 11/03/07 21:35:30 Eliminated Location: C:\Documents and Settings\IPEH\Application Data\eMusic\eMusic Download Manager\Profiles\fmvlh1vj.default\COOKIES.TXT[.realmedia.com/]
Spyware detected: Cookie/FastClick 11/03/07 21:35:30 Eliminated Location: C:\Documents and Settings\IPEH\Application Data\eMusic\eMusic Download Manager\Profiles\fmvlh1vj.default\COOKIES.TXT[.fastclick.net/]
Spyware detected: Cookie/RealMedia 11/03/07 21:35:30 Eliminated Location: C:\Documents and Settings\IPEH\Application Data\eMusic\eMusic Download Manager\Profiles\fmvlh1vj.default\COOKIES.TXT[.realmedia.com/]
Spyware detected: Cookie/RealMedia 11/03/07 21:35:30 Eliminated Location: C:\Documents and Settings\IPEH\Application Data\eMusic\eMusic Download Manager\Profiles\fmvlh1vj.default\COOKIES.TXT[.realmedia.com/]
Spyware detected: Cookie/YieldManager 11/03/07 21:35:30 Eliminated Location: C:\Documents and Settings\IPEH\Application Data\eMusic\eMusic Download Manager\Profiles\fmvlh1vj.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager 11/03/07 21:35:30 Eliminated Location: C:\Documents and Settings\IPEH\Application Data\eMusic\eMusic Download Manager\Profiles\fmvlh1vj.default\COOKIES.TXT[ad.yieldmanager.com/]
Tracking program detected: Application/NirCmd.A 11/03/07 21:34:34 Notified Location: C:\Documents and Settings\IPEH\Desktop\ComboFix.exe[nircmd.cfexe]
Tracking program detected: Application/NirCmd.A 11/03/07 21:34:31 Notified Location: C:\Documents and Settings\IPEH\Desktop\ComboFix.exe[nircmd.exe]
Tracking program detected: Application/NirCmd.A 11/03/07 21:34:17 Notified Location: C:\Documents and Settings\IPEH\My Documents\Fixing vundo Problems\ComboFix.exe[ComboFixT\nircmd.exe]
Spyware detected: Cookie/Adtech 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.adtech.de/]
Spyware detected: Cookie/Mediaplex 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.mediaplex.com/]
Spyware detected: Cookie/2o7 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.2o7.net/]
Spyware detected: Cookie/2o7 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.2o7.net/]
Spyware detected: Cookie/2o7 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.2o7.net/]
Spyware detected: Cookie/2o7 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.2o7.net/]
Spyware detected: Cookie/2o7 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.2o7.net/]
Spyware detected: Cookie/2o7 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.2o7.net/]
Spyware detected: Cookie/2o7 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.2o7.net/]
Spyware detected: Cookie/2o7 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.2o7.net/]
Spyware detected: Cookie/2o7 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.2o7.net/]
Spyware detected: Cookie/Yadro 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.yadro.ru/]
Spyware detected: Cookie/Yadro 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.yadro.ru/]
Spyware detected: Cookie/YieldManager 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware detected: Cookie/Serving-sys 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.serving-sys.com/]
Spyware detected: Cookie/Serving-sys 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.serving-sys.com/]
Spyware detected: Cookie/Serving-sys 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.serving-sys.com/]
Spyware detected: Cookie/Serving-sys 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.serving-sys.com/]
Spyware detected: Cookie/Serving-sys 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.serving-sys.com/]
Spyware detected: Cookie/Serving-sys 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware detected: Cookie/Humanclick 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[hc2.humanclick.com/]
Spyware detected: Cookie/Statcounter 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.statcounter.com/]
Spyware detected: Cookie/Statcounter 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.statcounter.com/]
Spyware detected: Cookie/Statcounter 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.statcounter.com/]
Spyware detected: Cookie/Statcounter 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.statcounter.com/]
Spyware detected: Cookie/WebtrendsLive 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[statse.webtrendslive.com/]
Spyware detected: Cookie/Com.com 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.com.com/]
Spyware detected: Cookie/Go 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.go.com/]
Spyware detected: Cookie/Zedo 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.zedo.com/]
Spyware detected: Cookie/Zedo 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.zedo.com/]
Spyware detected: Cookie/Apmebf 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.apmebf.com/]
Spyware detected: Cookie/Apmebf 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.apmebf.com/]
Spyware detected: Cookie/PointRoll 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware detected: Cookie/PointRoll 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware detected: Cookie/PointRoll 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware detected: Cookie/Falkag 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.as-us.falkag.net/]
Spyware detected: Cookie/YieldManager 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware detected: Cookie/WebtrendsLive 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[statse.webtrendslive.com/S109821]
Spyware detected: Cookie/WebtrendsLive 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[statse.webtrendslive.com/S152628]
Spyware detected: Cookie/Adtech 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.adtech.de/]
Spyware detected: Cookie/Advertising 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.advertising.com/]
Spyware detected: Cookie/Doubleclick 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.doubleclick.net/]
Spyware detected: Cookie/Atlas DMT 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.atdmt.com/]
Spyware detected: Cookie/Xiti 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.xiti.com/]
Spyware detected: Cookie/Adrevolver 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.adrevolver.com/]
Spyware detected: Cookie/Adrevolver 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.adrevolver.com/]
Spyware detected: Cookie/Toplist 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.toplist.cz/]
Spyware detected: Cookie/YieldManager 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware detected: Cookie/PointRoll 11/03/07 21:29:42 Eliminated Location: C:\Documents and Settings\GALEE\Application Data\Mozilla\Firefox\Profiles\4g8qbg1r.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware detected: Cookie/Doubleclick 11/03/07 21:24:26 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.doubleclick.net/]
Spyware detected: Cookie/Atlas DMT 11/03/07 21:24:26 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.atdmt.com/]
Spyware detected: Cookie/Doubleclick 11/03/07 21:24:24 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.doubleclick.net/]
Spyware detected: Cookie/Atlas DMT 11/03/07 21:24:24 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.atdmt.com/]
Spyware detected: Cookie/Doubleclick 11/03/07 21:22:52 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.doubleclick.net/]
Spyware detected: Cookie/Atlas DMT 11/03/07 21:22:52 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.atdmt.com/]
Spyware detected: Cookie/Doubleclick 11/03/07 21:22:24 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.doubleclick.net/]
Spyware detected: Cookie/Atlas DMT 11/03/07 21:22:24 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.atdmt.com/]
Spyware detected: Cookie/Atlas DMT 11/03/07 21:22:15 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.atdmt.com/]
Tracking program detected: Application/NirCmd.A 11/03/07 21:08:57 Eliminated Location: C:\WINNT\NirCmd.exe
Spyware detected: Cookie/YieldManager 11/03/07 21:08:18 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager 11/03/07 21:08:18 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/adultfriendfinder 11/03/07 21:08:18 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.adultfriendfinder.com/]
Spyware detected: Cookie/adultfriendfinder 11/03/07 21:08:18 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.adultfriendfinder.com/]
Spyware detected: Cookie/Tribalfusion 11/03/07 21:08:18 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.tribalfusion.com/]
Spyware detected: Cookie/Tribalfusion 11/03/07 21:08:18 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.tribalfusion.com/]
Spyware detected: Cookie/Tribalfusion 11/03/07 21:08:18 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.tribalfusion.com/]
Spyware detected: Cookie/Tribalfusion 11/03/07 21:08:18 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.tribalfusion.com/]
Spyware detected: Cookie/YieldManager 11/03/07 21:08:18 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[ad.yieldmanager.com/]
Update 11/03/07 21:08:02 Incorrect Error: Timeout period exceeded
Spyware detected: spyware/adclicker 11/03/07 21:07:49 Eliminated Location: c:\winnt\usta33.ini
Spyware detected: Cookie/Tribalfusion 11/03/07 21:07:36 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.tribalfusion.com/]
Spyware detected: Cookie/Tribalfusion 11/03/07 21:07:36 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.tribalfusion.com/]
Spyware detected: Cookie/YieldManager 11/03/07 21:07:36 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager 11/03/07 21:07:36 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager 11/03/07 21:07:36 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager 11/03/07 21:07:36 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/adultfriendfinder 11/03/07 21:07:36 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.adultfriendfinder.com/]
Spyware detected: Cookie/adultfriendfinder 11/03/07 21:07:36 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.adultfriendfinder.com/]
Spyware detected: Cookie/Tribalfusion 11/03/07 21:07:36 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.tribalfusion.com/]
Spyware detected: Cookie/Tribalfusion 11/03/07 21:07:36 Eliminated Location: c:\documents and settings\ipeh\application data\mozilla\firefox\profiles\tjuinfz7.default\cookies.txt[.tribalfusion.com/]
Scan started 11/03/07 21:06:51 Scan: All My Computer
Update 11/03/07 21:05:42 Incorrect Error: Timeout period exceeded
Update 11/03/07 21:03:28 OK Threat signatures
Update 11/03/07 21:03:20 Incorrect Error: Error connecting to the update server
====================================

About the web sites that I cannot visit, something new just came up today.
Everytime I tried to visit any of those sites, the Dial-Up Networking window came up and the message is:

Windows cannot access n4061ad.doubleclick.net
Would you like to connect to a network?

But for all the sites that I could visit, the dial-up networking box didn't show.

Do you know why this is?

Thx again!
Have a good weekend.

ipeh

#17
greyknight17

Posted 03 November 2007 - 04:00 PM

Malware Expert

Visiting Consultant
16,560 posts

Did Panda remove those threats? Check on some of the files manually to confirm they are removed.

Download SDFix at http://downloads.and...Tools/SDFix.exe and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum).
* Finally paste the contents of the Report.txt back on the forum with a new HijackThis log.

#18
ipeh

Posted 03 November 2007 - 07:09 PM

Member

Topic Starter
Member
32 posts

Hi greyknight17,

Panda removed those treats.

I'm attaching the SDFix log below:

SDFix: Version 1.113

Run by ipeh on Sun 11/04/2007 at 7:57a

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINNT\system32\TFTP764 - Deleted
C:\WINNT\system32\TFTP1556 - Deleted

Removing Temp Files...

ADS Check:

C:\WINNT
No streams found.

C:\WINNT\system32
No streams found.

C:\WINNT\system32\svchost.exe
No streams found.

C:\WINNT\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 08:04:05
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 16 Sep 1996 202,240 A..H. --- "C:\setup95.exe"
Tue 30 Oct 2007 107,905 ..SH. --- "C:\WINNT\system32\lmllm.tmp"
Fri 15 Jul 2005 27,648 A.SH. --- "C:\WINNT\system32\AVSredirect.dll"
Mon 27 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll"
Tue 10 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay Converter\drv23260.dll"
Tue 10 Dec 2002 94,208 A..HR --- "C:\Program Files\Replay Converter\drv33260.dll"
Tue 10 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay Converter\drv43260.dll"
Sun 4 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll"
Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\qtmlClient.dll"
Fri 20 Feb 2004 548,940 A..HR --- "C:\Program Files\Replay Converter\raac.dll"
Tue 10 Dec 2002 102,439 A..HR --- "C:\Program Files\Replay Converter\sipr3260.dll"
Tue 4 Jun 2002 84,992 A..HR --- "C:\Program Files\Replay Converter\14_43260.dll"
Tue 4 Jun 2002 44,032 A..HR --- "C:\Program Files\Replay Converter\28_83260.dll"
Tue 10 Dec 2002 73,766 A..HR --- "C:\Program Files\Replay Converter\atrc3260.dll"
Tue 10 Dec 2002 65,575 A..HR --- "C:\Program Files\Replay Converter\cook3260.dll"
Tue 4 Jun 2002 20,480 A..HR --- "C:\Program Files\Replay Converter\dnet3260.dll"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Mon 27 Nov 2006 4,908,872 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 10 Apr 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Finished!

Will post the HJT log on my next post.

#19
ipeh

Posted 03 November 2007 - 07:10 PM

Member

Topic Starter
Member
32 posts

And here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:07:54 AM, on 11/4/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv50.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\eAcceleration\Station\station.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Documents and Settings\ipeh\My Documents\Fixing vundo Problems\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\ipeh\LOCALS~1\Temp\{499B128C-5DBE-4D93-91C1-C69263F167A7}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(4).lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV04.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FreshDownload - {DE8A5E4B-EABA-48C8-8B88-C96DC7D70061} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{26357473-AAE8-432F-AE0D-F6E6C086A79F}: NameServer = 202.155.0.10,202.155.0.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{26357473-AAE8-432F-AE0D-F6E6C086A79F}: NameServer = 202.155.0.10,202.155.0.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{26357473-AAE8-432F-AE0D-F6E6C086A79F}: NameServer = 202.155.0.10,202.155.0.15
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINNT\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv50.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Thx!

ipeh

#20
greyknight17

Posted 03 November 2007 - 07:47 PM

Malware Expert

Visiting Consultant
16,560 posts

Delete this file:

C:\WINNT\system32\lmllm.tmp

Any problems remaining now?

#21
ipeh

Posted 03 November 2007 - 08:59 PM

Member

Topic Starter
Member
32 posts

greyknight17,

I couldn't find the file in that dir.
I searched it under the search menu and it didn't get any result.
I've also selected the 'Show hidden files and folders', but still couldn't find it.

Has it, by any chance, been removed by SDFix?

And yes, I still can't visit those web sites yet.

Thx.

ipeh

#22
greyknight17

Posted 04 November 2007 - 11:41 AM

Malware Expert

Visiting Consultant
16,560 posts

Something must have deleted if it really doesn't exist. I think it's hidden. Let's use KillBox to get rid of it.

Download KillBox at http://www.greyknigh...spy/KillBox.exe Run KillBox and check the box that says End Explorer Shell While Killing File. Next click on Delete on Reboot. Select the below lines. Right click on them once all are selected and choose Copy:

C:\WINNT\system32\lmllm.tmp

Go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes. If you get a PendingOperations message, just close it and restart your computer manually.

How is the computer running?

#23
ipeh

Posted 04 November 2007 - 07:53 PM

Member

Topic Starter
Member
32 posts

Hi greyknight17,

After running KillBox, I now can visit sites such as geekstogo.com and opera.com.
However I am still unable to visit many other sites (eg. toysrus.com, singaporeair.com, amazon.com, etc).
And some sites still don't load properly (no images) --> typepad.com, ebay.com, fedex.com.
I'm still confused

The dial-up networking window that I told you earlier doesn't show up anymore.

Thx

ipeh

#24
ipeh

Posted 04 November 2007 - 08:19 PM

Member

Topic Starter
Member
32 posts

Btw, I just installed Opera and tried opening those sites with it, but I am getting the same results.

The PC performance is okay now, but the Internet connection seems to be slower than before. The notebook that I am using now is connected to the same modem via wireless connetion (the infected PC is connected through cable to the router) but the Internet connection is much faster.

Just to give you additional info, I have also installed the SpywareBlaster, SpywareGuard; ran CleanUp! and RegSeeker ;and changed the HOSTS file by following the steps on your site.

Thx greyknight17!

ipeh

#25
greyknight17

Posted 05 November 2007 - 06:09 PM

Malware Expert

Visiting Consultant
16,560 posts

Run ATF Cleaner again. Delete the combofix log from the C: drive. Run a new scan and post the log here.

Also run a new Panda scan and post the log here along with a new HijackThis log.

#26
ipeh

Posted 05 November 2007 - 11:55 PM

Member

Topic Starter
Member
32 posts

Hi greyknight17,

Ran ATF and ComboFix.

And here's the ComboFix log:

ComboFix 07-11-01.1** - ipeh 11/06/2007 10:24:10.2 - FAT32x86
Running from: C:\Documents and Settings\ipeh\Desktop\Fix Vundo 112007\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))
.

2007-11-06 10:24 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_358.dat
2007-11-06 10:23 51,200 --a------ C:\WINNT\NirCmd.exe
2007-11-05 15:54 16,384 --a------ C:\WINNT\system32\Perflib_Perfdata_4e8.dat
2007-11-05 09:05 <DIR> d-------- C:\Program Files\Opera
2007-11-04 22:53 549,720 --a------ C:\WINNT\system32\wuapi.dll
2007-11-04 22:53 325,976 --a------ C:\WINNT\system32\wucltui.dll
2007-11-04 22:53 203,096 --a------ C:\WINNT\system32\wuweb.dll
2007-11-04 22:53 194,328 --a------ C:\WINNT\system32\wuaueng1.dll
2007-11-04 22:53 172,312 --a------ C:\WINNT\system32\wuauclt1.exe
2007-11-04 22:53 43,352 --a------ C:\WINNT\system32\wups2.dll
2007-11-04 22:53 33,624 --a------ C:\WINNT\system32\wups.dll
2007-11-04 10:23 <DIR> d-------- C:\Program Files\SpywareGuard
2007-11-04 10:07 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-04 07:56 <DIR> d-------- C:\WINNT\ERUNT
2007-11-03 07:11 <DIR> d-------- C:\WINNT\system32\PAV
2007-11-03 07:10 <DIR> d-------- C:\Program Files\Panda Security
2007-11-03 07:10 76,208 --a------ C:\WINNT\system32\drivers\PAVDRV50.SYS
2007-11-03 07:10 50,736 --a------ C:\WINNT\system32\avldr.dll
2007-11-02 09:55 <DIR> d---s---- C:\Documents and Settings\ipeh\UserData
2007-11-02 09:33 <DIR> dr-h----- C:\$VAULT$.AVG
2007-11-01 06:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-31 22:09 <DIR> d-------- C:\Documents and Settings\ipeh\Application Data\AVG7
2007-10-31 22:08 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\AVG7
2007-10-31 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-31 10:48 <DIR> d-------- C:\kav
2007-10-31 10:25 202,240 --ah----- C:\setup95.exe
2007-10-31 07:09 <DIR> d-------- C:\VundoFix Backups
2007-10-30 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-30 05:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-09 16:21 <DIR> d-------- C:\Documents and Settings\ipeh\Application Data\eMusic
2007-10-09 16:20 <DIR> d-------- C:\Program Files\eMusic Remote

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-31 13:45 78,415 ----a-w C:\WINNT\system32\drivers\klif.cab
2007-09-25 13:25 --------- d-----w C:\Program Files\Absolute Video to Audio Converter
2007-09-11 13:30 --------- d-----w C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2007-09-06 12:44 --------- d-----w C:\Program Files\DLDIrc
2007-08-08 09:45 673,546 ----a-w C:\WINNT\unins000.exe
2007-04-26 08:39 87,608 ----a-w C:\Documents and Settings\ipeh\Application Data\ezpinst.exe
2007-04-26 08:39 47,360 ----a-w C:\Documents and Settings\ipeh\Application Data\pcouffin.sys
2006-09-03 00:15 81,920 ----a-w C:\Documents and Settings\galee\Application Data\ezpinst.exe
2006-09-03 00:15 47,360 ----a-w C:\Documents and Settings\galee\Application Data\pcouffin.sys
2006-07-31 09:49 333,312 ----a-w C:\Program Files\pdfmark.exe
2005-07-18 02:33 271 ---h--w C:\Program Files\desktop.ini
2005-07-18 02:33 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 05:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
2005-07-14 19:31:20 27,648 --sha-w C:\WINNT\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p C:\WINNT\system32\mobsync.exe]
"RegistryMechanic"="" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [06/18/07 03:10p]
"nwiz"="nwiz.exe" [08/11/06 08:43p C:\WINNT\system32\nwiz.exe]
"NvCplDaemon"="RUNDLL32.exe" [12/07/99 12:00p C:\WINNT\system32\rundll32.exe]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [07/19/07 03:23p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\ipeh\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check(4).lnk - C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV04.EXE [2000-02-03 01:11:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 02/15/07 08:02p 50736 C:\WINNT\system32\avldr.dll

R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS
R0 viasraid;viasraid;C:\WINNT\system32\DRIVERS\viasraid.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
S1 cdawdm;cdawdm;C:\WINNT\system32\DRIVERS\cdawdm.sys
S3 FreshIO;FreshIO;\??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-06 10:27:14
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 11/06/2007 10:27:55
.
--- E O F ---

Will post the Panda and HJT logs on next posts.

#27
ipeh

Posted 06 November 2007 - 12:06 AM

Member

Topic Starter
Member
32 posts

Here's the Panda Log:

Panda Antivirus 2008 incident report

EVENT DATE RESULTS ADDITIONAL INFORMATION
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scan completed 11/06/07 12:04:59 Scan: All My Computer
Scan started 11/06/07 10:41:00 Scan: All My Computer
Update 11/06/07 10:30:38 OK Threat signatures
Update 11/06/07 10:30:29 OK New threat signatures: 6262
Tracking program detected: Application/NirCmd.A 11/06/07 10:25:01 Notified Location: c:\winnt\nircmd.exe
Tracking program detected: Application/NirCmd.A 11/06/07 10:24:57 Notified Location: c:\combofix\nircmd.exe
Update 11/05/07 22:29:26 OK Threat signatures
Update 11/05/07 18:59:23 OK Threat signatures
Update 11/05/07 18:50:24 OK Threat signatures
Tracking program detected: Application/NirCmd.A 11/05/07 14:56:30 Notified Location: C:\Documents and Settings\IPEH\Desktop\Fix Vundo 112007\ComboFix_exe.vir[nircmd.cfexe]
Tracking program detected: Application/NirCmd.A 11/05/07 14:56:29 Notified Location: C:\Documents and Settings\IPEH\Desktop\Fix Vundo 112007\ComboFix_exe.vir[nircmd.exe]
Scan started 11/05/07 14:38:01 Scan: All My Computer
Scan completed 11/05/07 14:37:37 Scan: Pop-up menu
Scan started 11/05/07 14:37:37 Scan: Pop-up menu
Update 11/05/07 12:01:18 OK Threat signatures
Update 11/05/07 10:46:26 OK Threat signatures
Update 11/05/07 10:11:28 OK Threat signatures
Update 11/05/07 09:15:57 OK Threat signatures
Update 11/05/07 09:15:49 OK New threat signatures: 300
Update 11/04/07 22:40:10 Incorrect Error: Error connecting to the update server
Tracking program detected: Application/Processor 11/04/07 07:49:34 Notified Location: c:\sdfix\apps\process.exe
Scan completed 11/04/07 07:37:16 Scan: All My Computer
Virus detected: Generic Malware 11/04/07 07:23:06 Disinfected Location: G:\Downloaded\digitalearv4.02lash[1].zip[Patcher.exe]
Hacking tool detected: Hacktool/RegPatch.A 11/04/07 07:05:09 Notified Location: E:\TEMP\GameHouse Installers\Crackz\gamehousesupersolitaire21.10crackperuviancrackers.zip[Gamehouse_SuperSolita
re2_1.10_crack.exe]
Virus detected: Generic Malware 11/04/07 06:51:21 Disinfected Location: E:\Backup PC Sunter\INDAH\BACKUP\Downloads\GameHouse Installers\Crackz\supercollapseiiplatinumv1.0fromgamehousecracknacho.zip[Super_Collapse_II_Pl
tinum_1.0_crack.exe]
Spyware detected: Cookie/WebtrendsLive 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[statse.webtrendslive.com/S130376]
Spyware detected: Cookie/WebtrendsLive 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[statse.webtrendslive.com/S148884]
Spyware detected: Cookie/WebtrendsLive 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[statse.webtrendslive.com/S148761]
Spyware detected: Cookie/WebtrendsLive 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[statse.webtrendslive.com/S148761]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.phg.hitbox.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.phg.hitbox.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.phg.hitbox.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.phg.hitbox.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.phg.hitbox.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.phg.hitbox.com/]
Spyware detected: Cookie/Traffic Marketplace 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.trafficmp.com/]
Spyware detected: Cookie/Enhance 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[c.enhance.com/]
Spyware detected: Cookie/Adtech 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.adtech.de/]
Spyware detected: Cookie/Adtech 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.adtech.de/]
Spyware detected: Cookie/Adviva 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.adviva.net/]
Spyware detected: Cookie/Falkag 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.as-eu.falkag.net/]
Spyware detected: Cookie/Bridgetrack 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[citi.bridgetrack.com/]
Spyware detected: Cookie/onestat.com 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[stat.onestat.com/]
Spyware detected: Cookie/onestat.com 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[stat.onestat.com/]
Spyware detected: Cookie/WebtrendsLive 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[statse.webtrendslive.com/S148884]
Spyware detected: Cookie/WebtrendsLive 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[statse.webtrendslive.com/S151261]
Spyware detected: Cookie/WebtrendsLive 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[statse.webtrendslive.com/S130376]
Spyware detected: Cookie/WebtrendsLive 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[statse.webtrendslive.com/S149247]
Spyware detected: Cookie/WebtrendsLive 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[statse.webtrendslive.com/S149247]
Spyware detected: Cookie/WebtrendsLive 11/04/07 06:49:27 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[statse.webtrendslive.com/S151261]
Spyware detected: Cookie/Adserver 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.z1.adserver.com/]
Spyware detected: Cookie/Adserver 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.z1.adserver.com/]
Spyware detected: Cookie/BurstBeacon 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[www.burstbeacon.com/]
Spyware detected: Cookie/Xmts 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.xmts.net/]
Spyware detected: Cookie/Yadro 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.yadro.ru/]
Spyware detected: Cookie/SpyLog 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.spylog.com/]
Spyware detected: Cookie/XXXtoolbar 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.xxxtoolbar.com/]
Spyware detected: Cookie/XXXtoolbar 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.xxxtoolbar.com/]
Spyware detected: Cookie/360i 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.ct.360i.com/]
Spyware detected: Cookie/360i 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.ct.360i.com/]
Spyware detected: Cookie/360i 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.ct.360i.com/]
Spyware detected: Cookie/YieldManager 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/Mammamediasolutions 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.targetnet.com/]
Spyware detected: Cookie/CentrPort 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.centrport.net/]
Spyware detected: Cookie/CentrPort 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.centrport.net/]
Spyware detected: Cookie/CentrPort 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.centrport.net/]
Spyware detected: Cookie/CentrPort 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.centrport.net/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.hg1.hitbox.com/]
Spyware detected: Cookie/Maxserving 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.maxserving.com/]
Spyware detected: Cookie/Maxserving 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.maxserving.com/]
Spyware detected: Cookie/Serving-sys 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.serving-sys.com/]
Spyware detected: Cookie/Serving-sys 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.serving-sys.com/]
Spyware detected: Cookie/Serving-sys 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.serving-sys.com/]
Spyware detected: Cookie/Serving-sys 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.serving-sys.com/]
Spyware detected: Cookie/Overture 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.overture.com/]
Spyware detected: Cookie/Overture 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.overture.com/]
Spyware detected: Cookie/Overture 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.perf.overture.com/]
Spyware detected: Cookie/Tradedoubler 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.tradedoubler.com/]
Spyware detected: Cookie/Kmpads 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.kmpads.com/]
Spyware detected: Cookie/Kmpads 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.kmpads.com/]
Spyware detected: Cookie/Valueclick 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.valueclick.com/]
Spyware detected: Cookie/Valueclick 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.valueclick.com/]
Spyware detected: Cookie/RealMedia 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.realmedia.com/]
Spyware detected: Cookie/Server.iad.Liveperson 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[server.iad.liveperson.net/]
Spyware detected: Cookie/RealMedia 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.realmedia.com/]
Spyware detected: Cookie/RealMedia 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.realmedia.com/]
Spyware detected: Cookie/RealMedia 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.realmedia.com/]
Spyware detected: Cookie/Apmebf 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.apmebf.com/]
Spyware detected: Cookie/Apmebf 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.apmebf.com/]
Spyware detected: Cookie/QkSrv 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.qksrv.net/]
Spyware detected: Cookie/QkSrv 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.qksrv.net/]
Spyware detected: Cookie/WebtrendsLive 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[statse.webtrendslive.com/]
Spyware detected: Cookie/Mediaplex 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.mediaplex.com/]
Spyware detected: Cookie/Adserver 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.z1.adserver.com/]
Spyware detected: Cookie/Adserver 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.z1.adserver.com/]
Spyware detected: Cookie/Adserver 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.z1.adserver.com/]
Spyware detected: Cookie/Adserver 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.z1.adserver.com/]
Spyware detected: Cookie/did-it 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.did-it.com/]
Spyware detected: Cookie/Hitslink 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[counter.hitslink.com/]
Spyware detected: Cookie/Hitslink 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[counter.hitslink.com/]
Spyware detected: Cookie/Hitslink 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[counter.hitslink.com/]
Spyware detected: Cookie/Hitslink 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[counter.hitslink.com/]
Spyware detected: Cookie/WebtrendsLive 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[statse.webtrendslive.com/S147721]
Spyware detected: Cookie/Zedo 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.zedo.com/]
Spyware detected: Cookie/Zedo 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.zedo.com/]
Spyware detected: Cookie/Kount 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.kount.com/]
Spyware detected: Cookie/myaffiliateprogram 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware detected: Cookie/myaffiliateprogram 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware detected: Cookie/Hitbox 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware detected: Cookie/Go 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.go.com/]
Spyware detected: Cookie/Go 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.go.com/]
Spyware detected: Cookie/Go 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.go.com/]
Spyware detected: Cookie/Statcounter 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.statcounter.com/]
Spyware detected: Cookie/Statcounter 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.statcounter.com/]
Spyware detected: Cookie/Statcounter 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.statcounter.com/]
Spyware detected: Cookie/Statcounter 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.statcounter.com/]
Spyware detected: Cookie/WUpd 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.revenue.net/]
Spyware detected: Cookie/Statcounter 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookies.txt[.statcounter.com/]
Spyware detected: Cookie/Bridgetrack 11/04/07 06:49:26 Eliminated Location: E:\Backup PC Sunter\galee\Application Data\Mozilla\Firefox\Profiles\dvrv38ab.default\cookie

#28
ipeh

Posted 06 November 2007 - 12:23 AM

Member

Topic Starter
Member
32 posts

Was the log for Panda too long? I think it got truncated.
Maybe I should've just sent you the one from the last scan, sorry about that.
I don't think it caught anything this time.

Anyway, here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:00:22 PM, on 11/6/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv50.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\ipeh\My Documents\Fixing vundo Problems\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(4).lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV04.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FreshDownload - {DE8A5E4B-EABA-48C8-8B88-C96DC7D70061} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{26357473-AAE8-432F-AE0D-F6E6C086A79F}: NameServer = 202.155.0.10,202.155.0.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{26357473-AAE8-432F-AE0D-F6E6C086A79F}: NameServer = 202.155.0.10,202.155.0.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{26357473-AAE8-432F-AE0D-F6E6C086A79F}: NameServer = 202.155.0.10,202.155.0.15
O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINNT\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv50.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Thx again!

ipeh

#29
greyknight17

Posted 06 November 2007 - 07:25 PM

Malware Expert

Visiting Consultant
16,560 posts

It's all clear now.

Do you still have any problems? If you still have the internet slowdown, do you remember what you might have installed before this slowdown issue arose? Perhaps Panda?

#30
ipeh

Posted 06 November 2007 - 07:59 PM

Member

Topic Starter
Member
32 posts

Ok, I've uninstall Panda just now.

But, Im still getting 'Server Not Found' on those sites.

I've tried to open those websites using IE 6.0, Firefox 2, Opera.. the problem persists.

Seems like the PC is clean from trojan, but this problem is what's left. What could this be?

Sorry for bugging you for so long and thanks a lot for your help.

ipeh