|
-
July 5th, 2009, 09:24 PM
#1
Broni....... cleanup Gateway
Hey Broni........
I'm cleaning up a hard drive for my sister.......Have done all the pre-work per instructions, , SuperAnti-Spyware, Malware, and the Hijack This log.......Logs will follow in that order.......
Please advise per further actions to clean up/ tune up performance.......
MUCH APPRECIATED AS ALWAYS!!!!!!!!!!!!!!!!
Computer Info:
Gateway Desktop
Windows XP SP3
Total : 75GB Free: 39.4GB
Pentium 4 CPU 2.53GHz
1.00 GB RAM
Spyware Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/05/2009 at 03:05 PM
Application Version : 4.26.1006
Core Rules Database Version : 3952
Trace Rules Database Version: 1894
Scan type : Complete Scan
Total Scan Time : 03:32:21
Memory items scanned : 227
Memory threats detected : 0
Registry items scanned : 6031
Registry threats detected : 26
File items scanned : 125865
File threats detected : 85
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
C:\Documents and Settings\Owner\Cookies\owner@admarketplace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@1069512397[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@popunderadvertise[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificmedia[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@go[3].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@shopica[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@myroitracking[1].txt
C:\Documents and Settings\Owner\Cookies\owner@go[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@invitemedia[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
Trojan.DNS-Changer (Hi-Jacked DNS)
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{37C1550E-0041-423F-9678-136F8F846F50}#NAMESERVER
HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS\INTERFACES\{37C1550E-0041-423F-9678-136F8F846F50}#NAMESERVER
Rootkit.Agent/Gen-GXServ
HKLM\Software\gxvxc
HKLM\Software\gxvxc\disallowed
HKLM\Software\gxvxc\disallowed#avp.exe
HKLM\Software\gxvxc\disallowed#klif.sys
HKLM\Software\gxvxc\disallowed#mrt.exe
HKLM\Software\gxvxc\disallowed#spybotsd.exe
HKLM\Software\gxvxc\disallowed#sasdifsv.sys
HKLM\Software\gxvxc\disallowed#saskutil.sys
HKLM\Software\gxvxc\disallowed#sasenum.sys
HKLM\Software\gxvxc\disallowed#superantispyware.exe
HKLM\Software\gxvxc\disallowed#szkg.sys
HKLM\Software\gxvxc\disallowed#szserver.exe
HKLM\Software\gxvxc\disallowed#mbam.exe
HKLM\Software\gxvxc\disallowed#mbamswissarmy.sys
HKLM\Software\gxvxc\disallowed#pctssvc.sys
HKLM\Software\gxvxc\disallowed#pctcore.sys
HKLM\Software\gxvxc\disallowed#mchinjdrv.sys
HKLM\Software\gxvxc\disallowed#avgfwdx.sys
HKLM\Software\gxvxc\disallowed#avgldx86.sys
HKLM\Software\gxvxc\disallowed#avgmfx86.sys
HKLM\Software\gxvxc\disallowed#avgrkx86.sys
HKLM\Software\gxvxc\disallowed#avgtdix.sys
HKLM\Software\gxvxc\disallowed#hijackthis.exe
HKLM\Software\gxvxc\disallowed#combofix.exe
Application.PowerReg Scheduler
C:\DOCUMENTS AND SETTINGS\OWNER\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE
C:\WINNT\Prefetch\POWERREG SCHEDULER V3.EXE-1DAD6551.pf
Rootkit.Agent/Gen-RustockGx
C:\WINNT\SYSTEM32\DRIVERS\GXVXCJLKVYKVXEHTITHLKTLOBOTVKAIBHOVMY.SYS
Trojan.Agent/Gen
C:\WINNT\TEMP\TEMPO-436210937.TMP
Trace.Known Threat Sources
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OV3BAWPP\shopica_logo_bott[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2PR4TCVU\sp[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0LAJGPE7\style[1].css
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9YVKHM3\footer_dots[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\LKG7TH8T\shopica_logo_top[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0DE3G5UV\async_ads_rs[1].htm
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SLMZKXUZ\search[1].htm
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9YVKHM3\js[1].js
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M376N7Y3\1[1].htm
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BJCW7M5R\jquery[1].js
MALWARE LOG:
Malwarebytes' Anti-Malware 1.38
Database version: 2377
Windows 5.1.2600 Service Pack 3
07/05/2009 5:58:46 PM
mbam-log-2009-07-05 (17-58-46).txt
Scan type: Full Scan (C:\|)
Objects scanned: 206276
Time elapsed: 1 hour(s), 13 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinBlueSoft (Rogue.WinBlue) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.230,85.255.112.114 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.230,85.255.112.114 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.230,85.255.112.114 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{30f71744-7195-4a81-bc43-76afe6b4af0f}\RP1328\A0233865.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINNT\Temp\tempo-313890.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINNT\Temp\tempo-316093.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HIJACK THIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:11 PM, on 07/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\system32\PnkBstrB.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: blocker.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINNT\system32\PnkBstrB.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 6181 bytes
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
