Malware issue, with logs

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Damaddwebba

Thread Starter
Joined
Aug 14, 2006
Messages
37
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/27/2007 at 10:21 AM

Application Version : 3.9.1008

Core Rules Database Version : 3332
Trace Rules Database Version: 1333

Scan type : Complete Scan
Total Scan Time : 01:48:47

Memory items scanned : 389
Memory threats detected : 1
Registry items scanned : 5935
Registry threats detected : 90
File items scanned : 105117
File threats detected : 212

Trojan.Downloader-LDCORE
C:\WINDOWS\SYSTEM32\LDCORE.DLL
C:\WINDOWS\SYSTEM32\LDCORE.DLL

Adware.SysMon
[plite731] C:\WINDOWS\PLITE731.EXE
C:\WINDOWS\PLITE731.EXE

Trojan.ZenoSearch
[ExploreUpdSched] C:\WINDOWS\SYSTEM32\TWINSLDQ.EXE
C:\WINDOWS\SYSTEM32\TWINSLDQ.EXE
C:\WINDOWS\system32\msnav32.ax
C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ING7E121\DQ[1].EXE
C:\WINDOWS\Prefetch\TWINSLDQ.EXE-0039728B.pf

Adware.ZenoSearch-NVON
[{BD-D0-06-60-ZN}] C:\WINDOWS\SYSTEM32\KRDSRNGS.EXE
C:\WINDOWS\SYSTEM32\KRDSRNGS.EXE
C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMP\T0CHD001.EXE
C:\WINDOWS\SYSTEM32\DWDSRNGT.EXE

Adware.AdSponsor/ISM
HKLM\Software\Classes\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}#AppID
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\Implemented Categories
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\InprocServer32
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\InprocServer32#ThreadingModel
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\ProgID
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\TypeLib
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\VersionIndependentProgID
C:\PROGRAM FILES\ISM\BNDDRIVE5.DLL
HKLM\Software\Classes\CLSID\{1ED6A320-8AF3-4f06-868A-9BA95585712E}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}#AppID
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32#ThreadingModel
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\ProgID
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\TypeLib
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\VersionIndependentProgID
C:\PROGRAM FILES\ISM\BNDDRIVE7.DLL
HKLM\Software\Classes\CLSID\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}
HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}
HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}
HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}#AppID
HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\InprocServer32
HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\InprocServer32#ThreadingModel
HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\ProgID
HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\TypeLib
HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{8FB5B012-E8CB-46cd-B6D2-ED428FAE9043}
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}#AppID
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}\InprocServer32
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}\InprocServer32#ThreadingModel
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}\ProgID
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}\TypeLib
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FB5B012-E8CB-46cd-B6D2-ED428FAE9043}
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{11B97CF9-C40E-4127-801D-0FE00EB35705}
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1ED6A320-8AF3-4f06-868A-9BA95585712E}
HKU\.DEFAULT\Software\BndDrive
HKU\S-1-5-18\Software\BndDrive
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.NATION\LOCAL SETTINGS\TEMP\TEMP.FR31C0\BNDDRIVE5.DLL
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.NATION\LOCAL SETTINGS\TEMP\TEMP.FR31C0\ISMMODULE8.EXE
C:\PROGRAM FILES\ISM2\ISMPACK6.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP930\A0105099.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP930\A0105101.EXE

Adware.AdBreak
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}

411Ferret Toolbar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7}

Adware.AdBlaster
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}

AdBars BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}

Adware.404Search
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}

Adware.Accoona
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}

Trojan.Downloader-FakeRX
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}
HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}
HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}
HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\Implemented Categories
HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\InprocServer32
HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\InprocServer32#ThreadingModel
HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\ProgID
HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\Programmable
HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\TypeLib
HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\VERSION
C:\WINDOWS\SYSTEM32\AIVSKURQ.DLL

Trojan.PBar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}

Adware.Tracking Cookie
C:\Documents and Settings\administrator.nation\Cookies\[email protected][1].txt
C:\Documents and Settings\administrator.nation\Cookies\[email protected][1].txt
C:\Documents and Settings\administrator.nation\Cookies\[email protected][2].txt
C:\Documents and Settings\administrator.nation\Cookies\[email protected][2].txt
C:\Documents and Settings\administrator.nation\Cookies\[email protected][2].txt
C:\Documents and Settings\aarcinas\Cookies\[email protected][2].txt
C:\Documents and Settings\aarcinas\Cookies\[email protected][2].txt
C:\Documents and Settings\aarcinas\Cookies\[email protected][1].txt
C:\Documents and Settings\aarcinas\Cookies\[email protected][1].txt
C:\Documents and Settings\aarcinas\Cookies\[email protected][1].txt
C:\Documents and Settings\aarcinas\Cookies\[email protected][2].txt
C:\Documents and Settings\aarcinas\Cookies\[email protected][1].txt
C:\Documents and Settings\aarcinas\Cookies\[email protected][2].txt
C:\Documents and Settings\aarcinas\Cookies\[email protected][1].txt
C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
C:\Documents and Settings\cbuckley\Cookies\[email protected][1].txt
C:\Documents and Settings\cbuckley\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
C:\Documents and Settings\kcalhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\kcalhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\kcalhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\kcalhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\kcalhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\kcalhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\kcalhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\kcalhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\kcalhoun\Cookies\[email protected][1].txt
C:\Documents and Settings\kcalhoun\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
C:\Documents and Settings\phughes\Cookies\[email protected][1].txt

Adware.ClickSpring
HKLM\Software\ClickSpring
HKLM\Software\ClickSpring#UBWKR

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Trojan.SpySheriff
C:\DOCUMENTS AND SETTINGS\JFARIAS\LOCAL SETTINGS\TEMP\CIASBTCO.EXE
C:\DOCUMENTS AND SETTINGS\JFARIAS\LOCAL SETTINGS\TEMP\DFEBJXHO.EXE
C:\DOCUMENTS AND SETTINGS\JFARIAS\LOCAL SETTINGS\TEMP\LPJIXFUF.EXE
C:\DOCUMENTS AND SETTINGS\JFARIAS\LOCAL SETTINGS\TEMP\NDRLWVXV.EXE
C:\DOCUMENTS AND SETTINGS\JFARIAS\QOIMMVVW.EXE

Trojan.Downloader-SysMon
C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMP\1003.EXE

Malware.LocusSoftware Inc/BestSellerAntivirus
C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMP\INSTALL_EN.EXE
C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\QTCN6DO5\INSTALL_EN[1].EXE

Trojan.Downloader-Gen/Multi-Dropper
C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMP\LOADER.EXE

Adware.WINSHOW
C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMP\WINSHOW.EXE
C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\Y90XC7W3\WINSHOW[1].EXE
C:\WINDOWS\WINSHOW.EXE.VIR

Adware.ClickSpring/Yazzle
C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMP\YAZZLEBUNDLE-1549.EXE
C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\Y90XC7W3\YAZZLEBUNDLE-1549[1].EXE

Adware.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP929\A0105025.CFG

Trojan.FakeDrop-764
C:\WINDOWS\764.EXE

Trojan.FakeDrop-7Search
C:\WINDOWS\7SEARCH.DLL

Trojan.Unknown Origin
C:\WINDOWS\SM9OBIBMDWJRZW4\MA6CV21GXQLOTQB.VBS
C:\WINDOWS\UNINSTALL_NMON.VBS

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\ESHOPEE.EXE

Trojan.Fakespy-B
C:\WINDOWS\SYSTEM32\MSOLE32.EXE

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\WINPFZ32.SYS

Trace.Known Threat Sources
C:\Documents and Settings\administrator.nation\Local Settings\Temporary Internet Files\Content.IE5\4PQ7052J\pcdocanim_170x200[1].gif


Hijack log to follow.
 

Damaddwebba

Thread Starter
Joined
Aug 14, 2006
Messages
37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:22 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\krdsrngs.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\twinsldq.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: OUTLOOK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1189129645174
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189129613036
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nationsfs.nfscom
O17 - HKLM\Software\..\Telephony: DomainName = nationsfs.nfscom
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 9167 bytes
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top