1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malware issue, with logs

Discussion in 'Virus & Other Malware Removal' started by Damaddwebba, Oct 28, 2007.

Thread Status:
Not open for further replies.
  1. Damaddwebba

    Damaddwebba Thread Starter

    Joined:
    Aug 14, 2006
    Messages:
    37
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/27/2007 at 10:21 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3332
    Trace Rules Database Version: 1333

    Scan type : Complete Scan
    Total Scan Time : 01:48:47

    Memory items scanned : 389
    Memory threats detected : 1
    Registry items scanned : 5935
    Registry threats detected : 90
    File items scanned : 105117
    File threats detected : 212

    Trojan.Downloader-LDCORE
    C:\WINDOWS\SYSTEM32\LDCORE.DLL
    C:\WINDOWS\SYSTEM32\LDCORE.DLL

    Adware.SysMon
    [plite731] C:\WINDOWS\PLITE731.EXE
    C:\WINDOWS\PLITE731.EXE

    Trojan.ZenoSearch
    [ExploreUpdSched] C:\WINDOWS\SYSTEM32\TWINSLDQ.EXE
    C:\WINDOWS\SYSTEM32\TWINSLDQ.EXE
    C:\WINDOWS\system32\msnav32.ax
    C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ING7E121\DQ[1].EXE
    C:\WINDOWS\Prefetch\TWINSLDQ.EXE-0039728B.pf

    Adware.ZenoSearch-NVON
    [{BD-D0-06-60-ZN}] C:\WINDOWS\SYSTEM32\KRDSRNGS.EXE
    C:\WINDOWS\SYSTEM32\KRDSRNGS.EXE
    C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMP\T0CHD001.EXE
    C:\WINDOWS\SYSTEM32\DWDSRNGT.EXE

    Adware.AdSponsor/ISM
    HKLM\Software\Classes\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}
    HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}
    HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}
    HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}#AppID
    HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\Implemented Categories
    HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
    HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\InprocServer32
    HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\InprocServer32#ThreadingModel
    HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\ProgID
    HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\TypeLib
    HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\VersionIndependentProgID
    C:\PROGRAM FILES\ISM\BNDDRIVE5.DLL
    HKLM\Software\Classes\CLSID\{1ED6A320-8AF3-4f06-868A-9BA95585712E}
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}#AppID
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\ProgID
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\TypeLib
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\VersionIndependentProgID
    C:\PROGRAM FILES\ISM\BNDDRIVE7.DLL
    HKLM\Software\Classes\CLSID\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}
    HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}
    HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}
    HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}#AppID
    HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\InprocServer32
    HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\InprocServer32#ThreadingModel
    HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\ProgID
    HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\TypeLib
    HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\VersionIndependentProgID
    HKLM\Software\Classes\CLSID\{8FB5B012-E8CB-46cd-B6D2-ED428FAE9043}
    HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}
    HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}
    HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}#AppID
    HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}\InprocServer32
    HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}\InprocServer32#ThreadingModel
    HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}\ProgID
    HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}\TypeLib
    HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}\VersionIndependentProgID
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FB5B012-E8CB-46cd-B6D2-ED428FAE9043}
    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{11B97CF9-C40E-4127-801D-0FE00EB35705}
    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1ED6A320-8AF3-4f06-868A-9BA95585712E}
    HKU\.DEFAULT\Software\BndDrive
    HKU\S-1-5-18\Software\BndDrive
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.NATION\LOCAL SETTINGS\TEMP\TEMP.FR31C0\BNDDRIVE5.DLL
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.NATION\LOCAL SETTINGS\TEMP\TEMP.FR31C0\ISMMODULE8.EXE
    C:\PROGRAM FILES\ISM2\ISMPACK6.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP930\A0105099.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP930\A0105101.EXE

    Adware.AdBreak
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}

    411Ferret Toolbar
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7}

    Adware.AdBlaster
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}

    AdBars BHO
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}

    Adware.404Search
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}

    Unclassified.Unknown Origin
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}

    Adware.Accoona
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}

    Trojan.Downloader-FakeRX
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}
    HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}
    HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}
    HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\Implemented Categories
    HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
    HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\InprocServer32
    HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\InprocServer32#ThreadingModel
    HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\ProgID
    HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\Programmable
    HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\TypeLib
    HKCR\CLSID\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}\VERSION
    C:\WINDOWS\SYSTEM32\AIVSKURQ.DLL

    Trojan.PBar
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}

    Adware.Tracking Cookie
    C:\Documents and Settings\administrator.nation\Cookies\[email protected][1].txt
    C:\Documents and Settings\administrator.nation\Cookies\[email protected][1].txt
    C:\Documents and Settings\administrator.nation\Cookies\[email protected][2].txt
    C:\Documents and Settings\administrator.nation\Cookies\[email protected][2].txt
    C:\Documents and Settings\administrator.nation\Cookies\[email protected][2].txt
    C:\Documents and Settings\aarcinas\Cookies\[email protected][2].txt
    C:\Documents and Settings\aarcinas\Cookies\[email protected][2].txt
    C:\Documents and Settings\aarcinas\Cookies\[email protected][1].txt
    C:\Documents and Settings\aarcinas\Cookies\[email protected][1].txt
    C:\Documents and Settings\aarcinas\Cookies\[email protected][1].txt
    C:\Documents and Settings\aarcinas\Cookies\[email protected][2].txt
    C:\Documents and Settings\aarcinas\Cookies\[email protected][1].txt
    C:\Documents and Settings\aarcinas\Cookies\[email protected][2].txt
    C:\Documents and Settings\aarcinas\Cookies\[email protected][1].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][2].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
    C:\Documents and Settings\abrito\Cookies\[email protected][1].txt
    C:\Documents and Settings\cbuckley\Cookies\[email protected][1].txt
    C:\Documents and Settings\cbuckley\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected]tracking.tienda[2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][2].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\jfarias\Cookies\[email protected][1].txt
    C:\Documents and Settings\kcalhoun\Cookies\[email protected][2].txt
    C:\Documents and Settings\kcalhoun\Cookies\[email protected][1].txt
    C:\Documents and Settings\kcalhoun\Cookies\[email protected][1].txt
    C:\Documents and Settings\kcalhoun\Cookies\[email protected][1].txt
    C:\Documents and Settings\kcalhoun\Cookies\[email protected][2].txt
    C:\Documents and Settings\kcalhoun\Cookies\[email protected][1].txt
    C:\Documents and Settings\kcalhoun\Cookies\[email protected][1].txt
    C:\Documents and Settings\kcalhoun\Cookies\[email protected][2].txt
    C:\Documents and Settings\kcalhoun\Cookies\[email protected][1].txt
    C:\Documents and Settings\kcalhoun\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][2].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt
    C:\Documents and Settings\phughes\Cookies\[email protected][1].txt

    Adware.ClickSpring
    HKLM\Software\ClickSpring
    HKLM\Software\ClickSpring#UBWKR

    Trojan.NetMon/DNSChange
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

    Trojan.cmdService
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

    Trojan.SpySheriff
    C:\DOCUMENTS AND SETTINGS\JFARIAS\LOCAL SETTINGS\TEMP\CIASBTCO.EXE
    C:\DOCUMENTS AND SETTINGS\JFARIAS\LOCAL SETTINGS\TEMP\DFEBJXHO.EXE
    C:\DOCUMENTS AND SETTINGS\JFARIAS\LOCAL SETTINGS\TEMP\LPJIXFUF.EXE
    C:\DOCUMENTS AND SETTINGS\JFARIAS\LOCAL SETTINGS\TEMP\NDRLWVXV.EXE
    C:\DOCUMENTS AND SETTINGS\JFARIAS\QOIMMVVW.EXE

    Trojan.Downloader-SysMon
    C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMP\1003.EXE

    Malware.LocusSoftware Inc/BestSellerAntivirus
    C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMP\INSTALL_EN.EXE
    C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\QTCN6DO5\INSTALL_EN[1].EXE

    Trojan.Downloader-Gen/Multi-Dropper
    C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMP\LOADER.EXE

    Adware.WINSHOW
    C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMP\WINSHOW.EXE
    C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\Y90XC7W3\WINSHOW[1].EXE
    C:\WINDOWS\WINSHOW.EXE.VIR

    Adware.ClickSpring/Yazzle
    C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMP\YAZZLEBUNDLE-1549.EXE
    C:\DOCUMENTS AND SETTINGS\KCALHOUN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\Y90XC7W3\YAZZLEBUNDLE-1549[1].EXE

    Adware.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP929\A0105025.CFG

    Trojan.FakeDrop-764
    C:\WINDOWS\764.EXE

    Trojan.FakeDrop-7Search
    C:\WINDOWS\7SEARCH.DLL

    Trojan.Unknown Origin
    C:\WINDOWS\SM9OBIBMDWJRZW4\MA6CV21GXQLOTQB.VBS
    C:\WINDOWS\UNINSTALL_NMON.VBS

    Unclassified.Unknown Origin/System
    C:\WINDOWS\SYSTEM32\ESHOPEE.EXE

    Trojan.Fakespy-B
    C:\WINDOWS\SYSTEM32\MSOLE32.EXE

    Trojan.Downloader-Gen
    C:\WINDOWS\SYSTEM32\WINPFZ32.SYS

    Trace.Known Threat Sources
    C:\Documents and Settings\administrator.nation\Local Settings\Temporary Internet Files\Content.IE5\4PQ7052J\pcdocanim_170x200[1].gif


    Hijack log to follow.
     
  2. Damaddwebba

    Damaddwebba Thread Starter

    Joined:
    Aug 14, 2006
    Messages:
    37
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:13:22 PM, on 10/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\vvgeowbv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
    O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
    O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
    O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
    O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
    O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\krdsrngs.exe
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\twinsldq.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: OUTLOOK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1189129645174
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189129613036
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nationsfs.nfscom
    O17 - HKLM\Software\..\Telephony: DomainName = nationsfs.nfscom
    O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 9167 bytes
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    --------------------------------------------------------------------
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/645074

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice