lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Nafamamo.dll Error Windows/system32 and Virtumonde

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register


 Default 

Nafamamo.dll Error Windows/system32 and Virtumonde




Reply
Page 2 of 4 1 2 34
 
Thread Tools
  #11  
Old 16th Apr 2009, 21:30
Member Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

Well i think I will just post my logs tomorrow. It's too long and it's getting late and it won't upload for me for some reason. I'll try again tomorrow.
  #12  
Old 17th Apr 2009, 07:09
Moderator Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

Upload the file to File Dropper

Click Upload
Locate the file and double click it.
Copy the link under Share This Link: and post it back here.
__________________
  #13  
Old 17th Apr 2009, 18:25
Member Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

http://www.filedropper.com/ccleanerlog



SUPERAntiSpyware Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/16/2009 at 09:57 PM
Application Version : 4.26.1000
Core Rules Database Version : 3848
Trace Rules Database Version: 1802
Scan type : Complete Scan
Total Scan Time : 03:10:57
Memory items scanned : 558
Memory threats detected : 0
Registry items scanned : 7259
Registry threats detected : 28
File items scanned : 156466
File threats detected : 348
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\TUDEZAPI.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad#SSODL
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
Adware.IWinGames
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKU\S-1-5-21-3095785160-4041922383-2734342379-1008\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{8CA5ED52-F3FB-4414-A105-2E3491156990}
Unclassified.Unknown Origin
HKU\S-1-5-21-3095785160-4041922383-2734342379-1008\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
HKU\S-1-5-21-3095785160-4041922383-2734342379-1008\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C9C42510-9B21-41C1-9DCD-8382A2D07C61}
Trojan.Unclassified/Helper-DD
HKU\S-1-5-21-3095785160-4041922383-2734342379-1008\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
Adware.Tracking Cookie
C:\Documents and Settings\Jackie\Cookies\jackie@specificmedia[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@2o7[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@ads.pointroll[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@smartadserver[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@waterfrontmedia.112 .2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@invitemedia[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@ads.lucidmedia[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@affiliates.commissi onaccount[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@leeenterprises.112. 2o7[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@serving-sys[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@dmtracker[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@collective-media[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@adserver.adtechus[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@advertising[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@oasn04.247realmedia[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@homestore.122.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@fastclick[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@media6degrees[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@track.bestbuy[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@webstat[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@zedo[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@sales.liveperson[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@www.addfreestats[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@couponmountain[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@adopt.euroclick[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@media.adrevolver[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@atdmt[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@ehg-ctv.hitbox[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@banner.getyourglamt one[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@bonniercorp.122.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@interclick[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@ad.yieldmanager[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@nhl.112.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@yahooflickr.112.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@tour.sexsearchcom[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@statse.webtrendsliv e[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@casalemedia[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@www.epitrack[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@nikon.112.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@cache.trafficmp[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@www.hrsaccount[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@dc.tremormedia[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@socialmedia[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@ads.bridgetrack[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@a1.interclick[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@specificclick[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@cbs.112.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@newyorkandcompany.1 12.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@advertise.myspace[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@b5media[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@www.burstbeacon[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@track.claimfreerewa rds[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@tacoda[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@kanoodle[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@ads.parentsociety[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@ads.widgetbucks[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@chitika[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@bcinteractivemedia[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@nexstar.122.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@www.stopzilla[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@ads.mediageeks[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@e-2dj6wjlyelcpmdo.stats.esomniture[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@ads.associatedconte nt[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@shopica[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@adrevolver[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@ad.turn[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@tds.best-click-go[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@doubleclick[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@tds.checkclick-go[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@sales.liveperson[4].txt
C:\Documents and Settings\Jackie\Cookies\jackie@redirectclicks[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@overture[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@cdn4.specificclick[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@lfstmedia[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@sales.liveperson[3].txt
C:\Documents and Settings\Jackie\Cookies\jackie@wachovia.112.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@c7.zedo[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@insightexpressai[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@revsci[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@ads.youtube[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@www.findstuff[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@amfam.112.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@tribalfusion[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@247realmedia[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@112.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@stltoday.stats[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@www.burstnet[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@bonuspromooffer[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@adbrite[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@thomasvillefurnitur e.122.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@lynxtrack[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@flagcounter[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@stopzilla[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@www.directnetadvert ising[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@www.onlinespywaresc anner[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@at.atwola[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@www.shopica[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@hypertracker[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@kaboose.112.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@adinterax[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@track.freezinger[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@euroclick[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@tracking.gajmp[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@linksynergy[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@ads.nexstardigital[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@ge.112.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@tracking.realtor[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@bs.serving-sys[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@livedealcom.112.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@xiti[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@clickz.lonelycheati ngwives[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@adserve.internetgiv eawaygroup[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@draftfcb.112.2o7[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@bluestreak[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@mediaresponder[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@www.couponmountain[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@redirect.clickshiel d[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@ads.realtechnetwork[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@www.tracklead[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@sexsearchcom[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@clicks.smartbizsear ch[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@richmedia.yahoo[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@kontera[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@realmedia[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@ads.searchsystems[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@mediaplex[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@primetrafficsite[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@mediatraffic[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@yieldmanager[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@xml.trafficengine[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@questionmarket[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@statcounter[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@trafficmp[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@data.coremetrics[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@enhance[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@hornymatches[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@apmebf[1].txt
C:\Documents and Settings\Jackie\Cookies\jackie@burstnet[2].txt
C:\Documents and Settings\Jackie\Cookies\jackie@revenue[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@112.2o7[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@208.122.40[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@247realmedia[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@5527.49638448.cli ckshield[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@a1.interclick[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@ad.turn[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@ad.yieldmanager[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@adbrite[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@adbureau.traffic[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@adcentriconline[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@adinterax[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@adopt.euroclick[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@adopt.specificcli ck[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@adrevolver[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@ads.bluelithium[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@ads.bridgetrack[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@ads.crakmedia[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@ads.lucidmedia[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@ads.madisonavenue[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@ads.milkandcookie s[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@ads.ozonemedia.co[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@ads.pointroll[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@ads.us.e-planning[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@ads.uselessjunk[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@adsby.webtraffic[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@adserver.adtechus[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@adultadworld[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@adv.dmv[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@advertising[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@apmebf[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@atdmt[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@banners.bannersou rce[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@bonuspromooffer[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@bs.serving-sys[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@cache.trafficmp[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@casalemedia[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@cdn4.specificclic k[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@clicks.smartbizse arch[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@clickthrough.kano odle[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@clickz.lonelychea tingwives[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@collective-media[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@cracked[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@dc.tremormedia[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@dmtracker[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@doubleclick[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@e-2dj6wgkyghajwhp.stats.esomniture[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@e-2dj6whlignd5wdo.stats.esomniture[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@e-2dj6whliqjdjego.stats.esomniture[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@ehg-ctv.hitbox[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@euroclick[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@exittracking[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@fastclick[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@hornymatches[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@indexstats[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@indextools[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@insightexpressai[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@interclick[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@invitemedia[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@kanoodle[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@kontera[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@leeenterprises.11 2.2o7[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@linksynergy[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@livesex[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@magnet.traffic[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@maxis.112.2o7[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@medhelpinternatio nal.112.2o7[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@media.adrevolver[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@media.medhelp[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@media6degrees[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@mediafetcher[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@mediaplex[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@mediapromoter[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@mediaresponder[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@msnbc.112.2o7[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@msnportal.112.2o7[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@network.realmedia[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@nhl.112.2o7[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@oasn04.247realmed ia[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@overture[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@questionmarket[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@realmedia[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@redirectclicks[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@revsci[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@richmedia.yahoo[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@s.clickability[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@segainc.112.2o7[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@server.cpmstar[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@serving-sys[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@sexsearchcom[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@specificclick[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@specificmedia[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@statcounter[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@stats.adbrite[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@stats.filmofilia[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@stltoday.stats[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@stopzilla[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@toseeka[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@tour.sexsearchcom[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@track.bestbuy[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@tracking.keywordm ax[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@trafficmp[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@windowsmedia[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@www.stopzilla[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@www.toseeka[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@www.traffic[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@www.usa-traffic-signs[1].txt
C:\Documents and Settings\Frankie\Cookies\frankie@xml.trafficengine[2].txt
C:\Documents and Settings\Frankie\Cookies\frankie@zedo[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@2o7[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@ad.yieldmanager[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@adbrite[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@adrevolver[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@adrevolver[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@ads.asredas[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@adultadworld[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@adultfriendfinder[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@adultshack[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@advertising[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@as-eu.falkag[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@atdmt[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@belnk[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@bfast[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@burstnet[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@cbs.112.2o7[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@citi.bridgetrack[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@dist.belnk[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@doubleclick[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@edge.ru4[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@fastclick[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@hitbox[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@image.masterstats[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@kanoodle[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@leeenterprises.112.2 o7[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@maxserving[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@mediaplex[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@msnportal.112.2o7[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@newt1.adultadworld[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@questionmarket[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@realmedia[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@rotator.adjuggler[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@sexlist[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@sportsad.adbureau[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@stats[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@trafficmp[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@tribalfusion[2].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@tripod[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@tsn.112.2o7[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@www.burstnet[1].txt
C:\Documents and Settings\Frankie\Local Settings\Temp\Cookies\frankie@xiti[1].txt
C:\Documents and Settings\Guest\Cookies\guest@3.adbrite[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.scanmedios[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adbrite[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adinterax[2].txt
C:\Documents and Settings\Guest\Cookies\guest@admarketplace[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adopt.euroclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.awesomehouseparty[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.cartoonnetwork[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.quixsurf[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.revsci[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads2.drivelinemedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@analytics.clickpathme dia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@app.insightgrit[1].txt
C:\Documents and Settings\Guest\Cookies\guest@bfast[1].txt
C:\Documents and Settings\Guest\Cookies\guest@chitika[2].txt
C:\Documents and Settings\Guest\Cookies\guest@cpvfeed[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6whk4eoc5kkp.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6whliqpdpiep.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@insightexpressai[2].txt
C:\Documents and Settings\Guest\Cookies\guest@kanoodle[1].txt
C:\Documents and Settings\Guest\Cookies\guest@keywordmax[1].txt
C:\Documents and Settings\Guest\Cookies\guest@kontera[1].txt
C:\Documents and Settings\Guest\Cookies\guest@media.wii.ign[2].txt
C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@partner2profit[2].txt
C:\Documents and Settings\Guest\Cookies\guest@precisionclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@qksrv[2].txt
C:\Documents and Settings\Guest\Cookies\guest@revsci[2].txt
C:\Documents and Settings\Guest\Cookies\guest@server.cpmstar[1].txt
C:\Documents and Settings\Guest\Cookies\guest@track.bestbuy[1].txt
C:\Documents and Settings\Guest\Cookies\guest@track.searchignite[1].txt
C:\Documents and Settings\Guest\Cookies\guest@viamtvcom.112.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[3].txt
Trojan.Error Safe Free
HKLM\Software\Error Safe Free
HKLM\Software\Error Safe Free#EulUERS_0001_N82M1105
HKLM\Software\Error Safe Free#ProductCode
Rogue.XP AntiSpyware 2009
HKU\S-1-5-21-3095785160-4041922383-2734342379-1008\Control Panel\don't load#wscui.cpl [ No ]
Rogue.AntiSpywareXP2009
C:\Program Files\AntiSpywareXP2009\data\daily.cvd
C:\Program Files\AntiSpywareXP2009\data
C:\Program Files\AntiSpywareXP2009\htmlayout.dll
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\Microso ft.VC80.CRT.manifest
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcm80 .dll
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcp80 .dll
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcr80 .dll
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT
C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll
C:\Program Files\AntiSpywareXP2009
C:\Documents and Settings\Jackie\Start Menu\Programs\AntiSpywareXP2009
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N
Rogue.Component/Trace
HKLM\Software\Microsoft\6C290B2B
HKLM\Software\Microsoft\6C290B2B#6c290b2b
HKLM\Software\Microsoft\6C290B2B#Version
HKLM\Software\Microsoft\6C290B2B#6c29a6ab
HKLM\Software\Microsoft\6C290B2B#6c29cf4e
HKU\S-1-5-21-3095785160-4041922383-2734342379-1008\Software\Microsoft\FIAS4057
Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
Trace.Known Threat Sources
C:\Documents and Settings\Frankie\Local Settings\Temporary Internet Files\Content.IE5\IY1BVAPD\14[1].htm
C:\Documents and Settings\Frankie\Local Settings\Temporary Internet Files\Content.IE5\LUVWKEXY\engine[1].js
C:\Documents and Settings\Frankie\Local Settings\Temporary Internet Files\Content.IE5\YQOWSIXP\crypt[1].js
C:\Documents and Settings\Frankie\Local Settings\Temporary Internet Files\Content.IE5\IY1BVAPD\l.s.bg1z[1].gif
C:\Documents and Settings\Frankie\Local Settings\Temporary Internet Files\Content.IE5\Q8SA5ZCO\l.s.bg2z[1].gif
C:\Documents and Settings\Frankie\Local Settings\Temporary Internet Files\Content.IE5\8BAZ7F3L\favicon[4].ico
  #14  
Old 17th Apr 2009, 18:29
Member Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

MBam Scan Log

Malwarebytes' Anti-Malware 1.36
Database version: 1992
Windows 5.1.2600 Service Pack 3
4/16/2009 10:49:18 PM
mbam-log-2009-04-16 (22-49-18).txt
Scan type: Quick Scan
Objects scanned: 123341
Time elapsed: 31 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 28
Registry Values Infected: 8
Registry Data Items Infected: 6
Folders Infected: 1
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{b0917edb-1cb3-412c-bbf4-1d4325e0993b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0917edb-1cb3-412c-bbf4-1d4325e0993b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\6c2919a5 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\cpm6f1a2a39 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\getpack27 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\visijazaye (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\visijazaye (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.Data) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.Data) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.
  #15  
Old 18th Apr 2009, 20:22
Member Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

Any thoughts on how to get rid of this nafamamo.dll warning??? It popped up twice just while I was typing this short message.
  #16  
Old 18th Apr 2009, 20:51
Moderator Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

I'm still waiting on the last log from HijackThis
__________________
  #17  
Old 18th Apr 2009, 21:18
Member Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

Oh I'm sorry, i swear I read somewhere to only do that after posting the first 3 logs and getting a response. Of course now I don't see where I read it so I'm just imagining it. LOL I will run that tonight and post the log tomorrow.
  #18  
Old 18th Apr 2009, 21:19
Moderator Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

No problem. I'll be here.
__________________
  #19  
Old 18th Apr 2009, 21:24
Member Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

It's scanning now... if it doesn't take too long I may get the log posted tonight...
  #20  
Old 18th Apr 2009, 21:24
Member Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

O look at that... it just popped up... here ya go!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:14 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.ex e
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe
C:\Program Files\Corel\Corel Photo Album 6\Photo Album 6.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {6B614AB8-BFAD-4E71-8D15-C9E775B2F85D} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: {c005df30-bdf6-2139-20c4-fc47330df38a} - {a83fd033-74cf-4c02-9312-6fdb03fd500c} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs " /args //b startupdelay
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6172\SiteAdv.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -u
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://cccamera.lifepics.com/net/Upl...Uploader45.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.6.0.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/bar...webinstall.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://kmanywhere.kohls.com/Interna...WhlCompMgr.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://cccamera.lifepics.com/net/Upl...Uploader45.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/gh...ylomplayer.cab
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://cccamera.lifepics.com/net/Upl...Uploader57.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/G...onGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Filter hijack: text/html - {756c3454-c197-4fc3-ac6c-f6041ef9cb2b} - C:\WINDOWS\system32\mst122.dll
O20 - AppInit_DLLs: c:\windows\system32\ropusolo.dll c:\windows\system32\susosaju.dll C:\WINDOWS\system32\nafamamo.dll C:\WINDOWS\system32\fojonabe.dll c:\windows\system32\tudezapi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hgGyvvvS - hgGyvvvS.dll (file missing)
O20 - Winlogon Notify: ssqOHwXq - ssqOHwXq.dll (file missing)
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.ex e
--
End of file - 12974 bytes
Reply
Page 2 of 4 1 2 34

Register

Bookmarks

Similar Threads
Thread Thread Starter Forum Replies Last Post
usbhub.sys driver missing in C:\WINDOWS\system32\drivers mxmatt15 General Software Chat 5 4th Nov 2009 21:14
Can Not Find Script File C:\WINDOWS\system32\Lio.vbs blubla Virus, Spyware & Security 17 26th Oct 2009 16:39
RIS Problem "Windows\system32\config\system" alfred01 Windows Operating Systems 0 17th Jun 2009 14:12
\windows\system32\config\system missing or corrupt fenderdude Windows Operating Systems 1 23rd Dec 2008 07:47
Virtumonde.dll, vundo here is my hijack log... mason61391 Virus, Spyware & Security 5 22nd Sep 2008 19:46
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.