Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

url.adtrgt.com popups - pls help


  • This topic is locked This topic is locked
4 replies to this topic

#1 kaissiom

kaissiom

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 26 December 2008 - 03:26 PM

I'm getting multiple popups from url.trgt every few minutes and notice significant performance loss on my mahcine.

Please help, any help would be greatly appreciated.

Here's the DDS log and I'll attached the "Attach" file.


DDS (Version 1.1.0) - NTFSx86
Run by Admin at 12:14:37.11 on Fri 12/26/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1320 [GMT -8:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\stunnel\stunnel.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Admin\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: {63e4534f-87e2-48d5-96ac-c616fe8dd35b} - c:\windows\system32\ddcYrSMe.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\awtSIAPh.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar5.dll
BHO: {6e423a0f-2bb0-a188-de84-6ee1122c6aea}: {aea6c221-1ee6-48ed-881a-0bb2f0a324e6} - c:\windows\system32\fqbtgb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar5.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [RCSystem] "c:\program files\creative\shared files\module loader\DLLML.exe" RCSystem * -Startup
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [cc528e63] rundll32.exe "c:\windows\system32\oqounlxo.dll",b
mRunServicesOnce: [washindex] c:\program files\washer\washidx.exe "Admin"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: awtSIAPh - awtSIAPh.dll
AppInit_DLLs: fqbtgb.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\awtSIAPh.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ddcYrSMe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\o9uplhcv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.04.06c:\program files\mozilla firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9FC132B-096D-460B-B7D5-1DB0FAE0C062", "AllAccess");

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-12-24 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-12-24 39200]
R2 Maxtor Sync Service;Maxtor Service;"c:\program files\maxtor\sync\SyncServices.exe" [2007-9-28 156976]
R2 MLPTDR_Q;MLPTDR_Q;\??\c:\windows\system32\MLPTDR_Q.SYS [2003-7-21 18848]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\TFService.exe service []
R2 tmevtmgr;tmevtmgr;\??\c:\windows\system32\drivers\tmevtmgr.sys [2008-4-9 52240]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-15 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-1-10 24652]
R3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys [2008-12-24 33056]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-2-15 333328]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~3\TmPfw.exe [2008-4-9 488768]
R3 tmproxy;Trend Micro Proxy Service;"c:\program files\trend micro\internet security\TmProxy.exe" [2008-4-9 648456]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\ATHFMWDL.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys []
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\windows\system32\DNINDIS5.SYS [2005-6-23 17149]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys [2006-9-19 280344]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2008-12-25 16:40 5,749 a------- c:\windows\system32\vuglvhvu.dll
2008-12-25 16:31 5,751 a------- c:\windows\system32\hihnddxk.dll
2008-12-25 16:15 1,661,209 ---sh--- c:\windows\system32\oxlnuoqo.ini
2008-12-25 16:14 68,096 a------- c:\windows\system32\oqounlxo.dll
2008-12-25 16:12 103,424 a------- c:\windows\system32\fqbtgb.dll
2008-12-25 16:11 103,424 a------- c:\windows\system32\dnrivoef.dll
2008-12-24 19:04 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys
2008-12-24 19:04 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys
2008-12-24 19:04 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys
2008-12-24 19:04 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys
2008-12-24 14:30 143 a------- c:\windows\system32\mcrh.tmp
2008-12-23 14:30 5,749 a------- c:\windows\system32\rjwwyrit.dll
2008-12-23 14:27 5,751 a------- c:\windows\system32\oebfiqns.dll
2008-12-23 14:15 900,673 a--sh--- c:\windows\system32\eMSrYcdd.ini2
2008-12-23 14:15 900,673 a--sh--- c:\windows\system32\eMSrYcdd.ini
2008-12-23 14:15 235,520 a------- c:\windows\system32\ddcYrSMe.dll
2008-12-23 14:10 37,376 -------- c:\windows\system32\awtSIAPh.dll
2008-12-17 14:59 593,920 -------- c:\windows\system32\ati2sgag.exe
2008-12-17 14:59 <DIR> --d----- C:\ATI
2008-12-17 14:26 <DIR> --d----- c:\program files\ATI Technologies
2008-12-06 23:16 <DIR> --d----- c:\program files\Maxtor
2008-12-04 23:13 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-04 23:02 0 a------- c:\windows\ativpsrm.bin
2008-12-04 21:52 32,768 ac------ c:\windows\system32\dllcache\ativtmxx.dll
2008-12-04 21:52 11,264 ac------ c:\windows\system32\dllcache\atrace.dll
2008-12-04 21:52 32,768 a------- c:\windows\system32\ativtmxx.dll
2008-12-04 21:52 11,264 a------- c:\windows\system32\atrace.dll
2008-12-04 21:52 23,040 ac------ c:\windows\system32\dllcache\ativmvxx.ax
2008-12-04 21:52 23,040 a------- c:\windows\system32\ativmvxx.ax
2008-12-04 21:51 10 a------- c:\windows\WININIT.INI
2008-12-01 12:52 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2008-12-01 12:46 11,304,960 a------- c:\windows\system32\atioglxx.dll
2008-12-01 12:41 188,416 a------- c:\windows\system32\atipdlxx.dll
2008-12-01 12:40 147,456 a------- c:\windows\system32\Oemdspif.dll
2008-12-01 12:40 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2008-12-01 12:40 43,520 a------- c:\windows\system32\ati2edxx.dll
2008-12-01 12:40 143,360 a------- c:\windows\system32\ati2evxx.dll
2008-12-01 12:38 598,016 a------- c:\windows\system32\ati2evxx.exe
2008-12-01 12:37 53,248 a------- c:\windows\system32\ATIDDC.DLL
2008-12-01 12:19 307,200 a------- c:\windows\system32\atiiiexx.dll
2008-12-01 12:11 3,107,788 a------- c:\windows\system32\ativvaxx.dat
2008-12-01 12:11 3,107,788 a------- c:\windows\system32\ativva5x.dat
2008-12-01 12:11 887,724 a------- c:\windows\system32\ativva6x.dat
2008-12-01 12:11 69,112 a------- c:\windows\system32\ativvaxx.cap
2008-12-01 11:57 48,640 a------- c:\windows\system32\amdpcom32.dll
2008-12-01 11:53 401,408 a------- c:\windows\system32\atikvmag.dll
2008-12-01 11:53 45,056 a------- c:\windows\system32\amdcalrt.dll
2008-12-01 11:53 45,056 a------- c:\windows\system32\amdcalcl.dll
2008-12-01 11:52 86,016 a------- c:\windows\system32\atiadlxx.dll
2008-12-01 11:52 17,408 a------- c:\windows\system32\atitvo32.dll
2008-12-01 11:51 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2008-12-01 11:50 286,720 a------- c:\windows\system32\atiok3x2.dll
2008-12-01 11:50 3,252,224 a------- c:\windows\system32\Amdcaldd.dll

==================== Find3M ====================

2008-12-24 17:05 14,500 a------- c:\windows\system32\d3d9caps.dat
2008-12-05 21:47 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-01 14:13 3,452,928 a------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 12:51 318,464 a------- c:\windows\system32\ati2dvag.dll
2008-12-01 12:27 4,120,384 a------- c:\windows\system32\ati3duag.dll
2008-12-01 12:11 2,495,360 a------- c:\windows\system32\ativvaxx.dll
2008-12-01 11:45 577,536 a------- c:\windows\system32\ati2cqag.dll
2008-11-28 15:23 256 a------- c:\documents and settings\admin\pool.bin
2008-10-30 06:45 180,720 a------- c:\windows\system32\atiicdxx.dat
2008-10-23 04:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-21 10:51 118,784 a------- c:\windows\system32\atibrtmon.exe
2008-10-21 09:40 81,920 a------- c:\windows\system32\ATIODE.exe
2008-10-21 09:40 45,056 a------- c:\windows\system32\ATIODCLI.exe
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 12:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-03 02:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-02-21 18:07 87,608 a------- c:\docume~1\admin\applic~1\inst.exe
2008-02-21 18:07 47,360 a------- c:\docume~1\admin\applic~1\pcouffin.sys
2008-08-30 11:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083020080831\index.dat

============= FINISH: 12:17:42.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 05 January 2009 - 02:46 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 kaissiom

kaissiom
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 10 January 2009 - 02:06 AM

Thanks a lot for you help.

I installed and ran Malwarebytes last week, it found a few things and cleaned them. That has seemed to have helped a little, the popups have stopped, but now my computer freezes at random durations. I'm posting my first Malwarebytes log from 12/31/08 followed by the latest log from today:

*****************Here's my Malwarebytes log from 12/31/08:*************
Malwarebytes' Anti-Malware 1.31
Database version: 1587
Windows 5.1.2600 Service Pack 3

12/31/2008 3:29:36 PM
mbam-log-2008-12-31 (15-29-36).txt

Scan type: Quick Scan
Objects scanned: 75242
Time elapsed: 10 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 15
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ddcYrSMe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\oqounlxo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fqbtgb.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76ee77e1-d36a-4bfe-8d82-ca0f49d3d12a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{76ee77e1-d36a-4bfe-8d82-ca0f49d3d12a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aea6c221-1ee6-48ed-881a-0bb2f0a324e6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aea6c221-1ee6-48ed-881a-0bb2f0a324e6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aea6c221-1ee6-48ed-881a-0bb2f0a324e6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76ee77e1-d36a-4bfe-8d82-ca0f49d3d12a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cc528e63 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcyrsme -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcyrsme -> Delete on reboot.

Folders Infected:
C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Media Pass (Adware.Winad) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\ddcYrSMe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\eMSrYcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eMSrYcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fqbtgb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\oqounlxo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\oxlnuoqo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dnrivoef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32:myspacce.exe (Rootkit.ADS) -> Quarantined and deleted successfully.


************************Here's my Malwarebytes log from 01/09/09:**************
Malwarebytes' Anti-Malware 1.31
Database version: 1587
Windows 5.1.2600 Service Pack 3

1/9/2009 10:52:14 PM
mbam-log-2009-01-09 (22-52-14).txt

Scan type: Full Scan (C:\|)
Objects scanned: 332744
Time elapsed: 3 hour(s), 13 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 10 January 2009 - 04:13 PM

Post me the latest Malwarebytes' log and also RSIT and GMER logs :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 16 January 2009 - 04:15 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users