Unknown Infection

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Unknown Infection, HJT Log

Options

fungusaur View Member Profile	Jan 5 2009, 01:14 AM Post #1
New Member Group: Members Posts: 2 Joined: 5-January 09 Member No.: 278,402	Howdy folks, I was hoping you could help. If had this little issue where clicking on a link goes directly to yahoo search results and puts me at a Dex Directory page or some other such crud instead of the link. Attached is the HJT log. Can you help me identify the intruder? Thanks much. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:05:19 PM, on 1/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qwest.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qwest.live.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF- 4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll (file missing) O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB- D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1- 64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74- 9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6 \bin\jusched.exe" O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL- VPN\NetExtender\NEGui.exe -hideGUI -clearReboot O4 - HKLM\..\Run: [QuickCare2.2] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QuickCare2.2 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134- 82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E- 00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Qwest Live - {CAB7AB9C-B59C-4F0F-AF44-5E66FF18DA63} - http://qwest.live.com (file missing) (HKCU) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6045C5E3-3653-4262-9E3E-0DA3A22A2C1D} (Crystal ActiveX Report Viewer Web Report Source 10.0) - https://dmhdowney1.co.la.ca.us/crystalrepor...XControls/Activ eXViewer.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat.../x86/client/wuw eb_site.cab?1187910102671 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat.../x86/client/muw eb_site.cab?1187910085015 O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://remote.olivecrest.org/NELX.cab O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://remote.olivecrest.org/MLWebCacheCleaner.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...mai.com/6712/pl ayer/install/installer.exe O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C86AD249-BEBE-4925-AAF7- 08777166977E}: NameServer = 85.255.115.76,85.255.112.149 O17 - HKLM\System\CCS\Services\Tcpip\..\{D75992ED-6628-422A-8467- A4A5D27486CA}: NameServer = 85.255.115.76,85.255.112.149 O17 - HKLM\System\CCS\Services\Tcpip\..\{DFEF4468-155B-4878-8A66- 22E1CD7C51B7}: NameServer = 85.255.115.76,85.255.112.149 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.76 85.255.112.149 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.76 85.255.112.149 O22 - SharedTaskScheduler: equiparant - {25b7d2fd-4f71-46d1-801a- 7de323e4ec82} - (no file) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL- VPN\NetExtender\NEService.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- End of file - 11005 bytes C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\sean-mcauley\Local Settings\Temporary Internet Files\Content.IE5\OOF77BEA\dds[1].scr ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://qwest.live.com uWindow Title = Windows Internet Explorer provided by Qwest uDefault_Page_URL = hxxp://qwest.live.com mDefault_Page_URL = hxxp://qwest.live.com mStart Page = hxxp://qwest.live.com uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://www.google.com/ie mWinlogon: System=kdxsm.exe BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo! \companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy- webprint\EWPBrowseLoader.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6 \bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll {b8c5186e-ec37-4889-9c2e-f73649ffb7bb} BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: NoExplorer - No File BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6 \bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6 \lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0 \yt.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll TB: {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - No File TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [SMSERIAL] sm56hlpr.exe mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [SonicWALLNetExtender] c:\program files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI -clearReboot mRun: [QuickCare2.2] c:\program files\qwest\quickcare\bin\sprtcmd.exe /P QuickCare2.2 mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe uPolicies-explorer: NoFavoritesMenu = 1 (0x1) uPolicies-explorer: NoRun = 1 (0x1) uPolicies-explorer: StartMenuLogoff = 1 (0x1) uPolicies-explorer: MaxRecentDocs = 99 (0x63) mPolicies-system: HideShutdownScripts = 0 (0x0) IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3 \office11\REFIEBAR.DLL TCP: NameServer = 85.255.115.76 85.255.112.149 TCP: {C86AD249-BEBE-4925-AAF7-08777166977E} = 85.255.115.76,85.255.112.149 TCP: {D75992ED-6628-422A-8467-A4A5D27486CA} = 85.255.115.76,85.255.112.149 TCP: {DFEF4468-155B-4878-8A66-22E1CD7C51B7} = 85.255.115.76,85.255.112.149 Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: {25b7d2fd-4f71-46d1-801a-7de323e4ec82}: equiparant ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\sean-m~1\applic~1\mozilla\firefox\profiles\fykfk6dd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-shkwav&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.alternet.org/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-shkwav&p= FF - plugin: c:\documents and settings\sean-mcauley\application data\mozilla\firefox\profiles\fykfk6dd.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86- msvc\plugins\npmnqmp071101000055.dll ============= SERVICES / DRIVERS =============== S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2007-4-25 19640] S4 Ql19rmaas;Ql19rmaas; [x] =============== Created Last 30 ================ 2009-01-04 21:49 <DIR> --d----- c:\program files\Trend Micro 2008-12-24 01:00 32,768 -------- c:\windows\system32\IJRMF.exe 2008-12-23 15:23 135,168 a------- c:\windows\system32\igfxres.dll 2008-12-23 15:18 57,344 a------- c:\windows\system32\igxprd32.dll 2008-12-23 15:18 5,854,752 a------- c:\windows\system32\drivers\igxpmp32.sys 2008-12-23 15:18 1,670,144 a------- c:\windows\system32\igxpdv32.dll 2008-12-23 15:18 151,040 a------- c:\windows\system32\igxpgd32.dll 2008-12-23 15:18 147,456 a------- c:\windows\system32\igfxCoIn_v4926.dll 2008-12-23 15:18 2,643,968 a------- c:\windows\system32\igxpdx32.dll 2008-12-23 15:18 176,128 a------- c:\windows\system32\igfxrsky.lrc 2008-12-23 15:18 172,032 a------- c:\windows\system32\igfxrslv.lrc 2008-12-23 15:18 920,088 a------- c:\windows\system32\igxpun.exe 2008-12-23 15:18 319,456 a------- c:\windows\system32\difxapi.dll 2008-12-23 15:18 <DIR> --d----- c:\windows\system32\Lang 2008-12-23 15:18 <DIR> --d----- C:\Intel 2008-12-23 14:15 <DIR> --d----- c:\program files\SystemRequirementsLab 2008-12-20 16:30 <DIR> --d----- c:\program files\City of Heroes 2008-12-14 11:46 410,984 a------- c:\windows\system32\deploytk.dll ==================== Find3M ==================== 2008-12-20 12:09 2,718 ac------ c:\windows\system32\ealregsnapshot1.reg 2008-11-21 13:47 524,288 a------- c:\windows\system32\DivXsm.exe 2008-11-21 13:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll 2008-11-21 13:46 1,044,480 a------- c:\windows\system32\libdivx.dll 2008-11-21 13:46 200,704 a------- c:\windows\system32\ssldivx.dll 2008-11-21 13:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe 2008-11-21 13:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll 2008-11-14 07:59 60,744 a------- c:\documents and settings\sean-mcauley\g2mdlhlpx.exe 2008-11-02 20:45 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-07-25 12:18 60,968 ac------ c:\documents and settings\sean- mcauley\GoToAssistDownloadHelper.exe ============= FINISH: 2:37:26.79 =============== This post has been edited by fungusaur: Jan 5 2009, 05:39 AM

fenzodahl512 View Member Profile	Jan 5 2009, 05:50 AM Post #2
Forum Addict Group: HJT Team Posts: 4,859 Joined: 4-December 07 Member No.: 174,482	Please open Notepad >> Go to Format tab >> untick Word Wrap Please download Malwarebytes' Anti-Malware from HERE or HERE Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan" Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. *NEXT* Please download RSIT by random/random and save it to your Desktop. Double click on RSIT.exe to run RSIT Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply. *NEXT* Please download GMER and unzip it to your Desktop. Open the program and click on the Rootkit tab. Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’. Click on Scan. When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread. Post me these logs in your next reply.. Post each log in separate post.. 1. Malwarebytes' 2. RSIT log.txt 3. RSIT info.txt 4. Attach GMER result.. -------------------- Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine.. Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson If you wish to donate for my cause, feel free to hit the button Currently away until further date.. Indonesia Tour (Java Island) 22 June - 2 July

fungusaur View Member Profile	Jan 6 2009, 02:42 AM Post #3
New Member Group: Members Posts: 2 Joined: 5-January 09 Member No.: 278,402	Thanks! Malwarebytes' Anti-Malware 1.32 Database version: 1616 Windows 5.1.2600 Service Pack 3 1/5/2009 11:36:21 PM mbam-log-2009-01-05 (23-36-21).txt Scan type: Full Scan (C:\\|D:\\|) Objects scanned: 165441 Time elapsed: 51 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 81 Registry Values Infected: 2 Registry Data Items Infected: 21 Folders Infected: 6 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\cerberus.enginelistener (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cerberus.enginelistener.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cerberus.scanner (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cerberus.scanner.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cerberus.threatcollection (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cerberus.threatcollection.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.backup (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.backup.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.ignorelist (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.ignorelist.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.log (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.log.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.logrecord (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.logrecord.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.paths (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.paths.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.quarantine (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.quarantine.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.runas (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.runas.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.searchitem (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.searchitem.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.threat (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.threat.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{27ed4ac2-b6d8-4079-9831-017a100b391e} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3f6d6c35-fb73-45e6-9473-bb4cc25ce019} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{715d709b-2b10-42fa-a069-297d25d93601} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{872c1b1e-3cf0-4d3a-95e5-a0c662d2854c} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{886b1d08-b404-40f0-aa18-4e416682a2e9} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8b5f65cf-0b0a-4291-8da2-86d7f7b0a6db} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{925b0211-a1c1-4712-8fca-5f5b8101736d} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b01e37c4-5497-4d58-9ffd-d5653b8dc866} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ccaa201c-c48d-48a8-a1e8-846562cbf1c1} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d483521b-d5cc-43ff-a45a-9be4a8e6606e} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ed2aff47-b7be-4273-a203-c796e87f72d2} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f0fa7ed9-5a0a-4374-b63e-bebafd52192e} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f5dee77c-87eb-4e00-bbf9-8cbf3bdea7af} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fb5ddab7-6aa5-4e97-9541-5a75addf4aba} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fddf521b-0ebe-4d15-838c-73e2d851161b} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ff609434-eb47-481b-ba0e-1d2b467629a5} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d06e2eae-1922-4a0b-6a7c-8d9e3de0e708} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/crviewer.dll (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0a97babb-7f1e-4da7-a5e5-ba2784a49406} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1f46d19f-292c-42c4-8c56-2a9d7477a5f1} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{54ccaee4-c899-49b2-90e8-56353f8843a5} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8a59e1d8-d586-4661-8b23-508f07273844} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{90c76ba9-ade5-4756-8ae9-f611af92ab7c} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a1b8a30b-8aaa-4a3e-8869-1da509e8a011} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a1b8a30b-8aaa-4a3e-8869-1da509e8a011} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f075fb59-00b1-4232-93a8-07b30b60f1b0} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f2d814df-5c5c-4b06-bf80-d699a8dafb70} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{020b1227-417d-4682-9ac3-61f43cb5b6b1} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{125494b2-acad-414c-98b9-452f3ef7703a} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3d00a39c-655b-428b-aeb2-2fba03dcc49c} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{408f660a-9465-44a3-b557-8709dfd992bc} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8ee6bf73-b370-4d13-9126-eb0071178f2e} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{97f56e12-c706-4aeb-9ffb-133c05ee5d38} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9bb7e700-4e48-476d-b75c-6f47606be988} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9cb478a2-ca39-0cfd-efac-db80710601d3} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cbcaca58-1aee-4600-8cf0-e8b30bff1535} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d6d64cdf-0363-4261-b723-29a3af365e1d} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{60f94d7d-563e-4942-b5ec-2de9c135c139} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{70f17c8c-1744-41b6-9d07-575db448dcc5} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31615d5c-5126-448a-818a-a7cdfee85a9b} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\Cerberus.EXE (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{25b7d2fd-4f71-46d1-801a-7de323e4ec82} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\CRViewer.dll (Trojan.Zlob) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdxsm.exe -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.76 85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{019bb413-8f7b-422b-b454-0f745d6c51d3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.76,85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c86ad249-bebe-4925-aaf7-08777166977e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.76,85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d75992ed-6628-422a-8467-a4a5d27486ca}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.76,85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d75992ed-6628-422a-8467-a4a5d27486ca}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.76,85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dfef4468-155b-4878-8a66-22e1cd7c51b7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.76,85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.76 85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{019bb413-8f7b-422b-b454-0f745d6c51d3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.76,85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c86ad249-bebe-4925-aaf7-08777166977e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.76,85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d75992ed-6628-422a-8467-a4a5d27486ca}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.76,85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d75992ed-6628-422a-8467-a4a5d27486ca}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.76,85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{dfef4468-155b-4878-8a66-22e1cd7c51b7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.76,85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.76 85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{019bb413-8f7b-422b-b454-0f745d6c51d3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.76,85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c86ad249-bebe-4925-aaf7-08777166977e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.76,85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d75992ed-6628-422a-8467-a4a5d27486ca}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.76,85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d75992ed-6628-422a-8467-a4a5d27486ca}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.76,85.255.112.149 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{dfef4468-155b-4878-8a66-22e1cd7c51b7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.76,85.255.112.149 -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Common Files\DriveCleaner Freeware (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Registry Backups (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\Downloaded Program Files\CRViewer.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\rs.dat (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Log\2007 Aug 23 - 01_19_44 PM_296.log (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Log\2007 Aug 23 - 01_19_45 PM_531.log (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Log\2007 Aug 23 - 02_02_38 PM_687.log (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Log\2007 Aug 23 - 02_03_04 PM_437.log (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Log\2007 Aug 23 - 02_56_36 PM_734.log (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Log\2007 Aug 23 - 03_01_56 PM_156.log (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Settings\CustomScan.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Settings\IgnoreList.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Settings\ScanInfo.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Settings\ScanResults.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Settings\SelectedFolders.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\sean-mcauley\Application Data\SpywareBot\Settings\Settings.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.

fenzodahl512 View Member Profile	Jan 6 2009, 05:37 AM Post #4
Forum Addict Group: HJT Team Posts: 4,859 Joined: 4-December 07 Member No.: 174,482	Waiting for your RSIT and GMER logs -------------------- Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine.. Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson If you wish to donate for my cause, feel free to hit the button Currently away until further date.. Indonesia Tour (Java Island) 22 June - 2 July

fenzodahl512 View Member Profile	Jan 12 2009, 03:14 AM Post #5
Forum Addict Group: HJT Team Posts: 4,859 Joined: 4-December 07 Member No.: 174,482	Due to the lack of feedback this Topic is closed. If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic -------------------- Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine.. Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson If you wish to donate for my cause, feel free to hit the button Currently away until further date.. Indonesia Tour (Java Island) 22 June - 2 July

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 4th July 2009 - 06:55 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List \| Virus Removal Guides
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides Archive