Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

winspywareprotect virus

Register Points Site Spy New Posts Donate Unanswered Posts Search Forum Rules


Reply
1 2 >
 
LinkBack Thread Tools
  #1  
Old 26th Jul 2008, 09:03 PM
No Avatar
reddd  Abu Dhabi
New Member Group
Intel ATi
reddd is offline
 
Join Date: 26th Jul 2008
Last Online: 19th Aug 2008 01:50 PM
Posts: 9
iTrader: (0)
reddd is on a distinguished road
Default winspywareprotect virus
<edit for merge>
Last edited by evilfantasy : 26th Jul 2008 at 09:16 PM.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #2  
Old 26th Jul 2008, 09:09 PM
No Avatar
reddd  Abu Dhabi
New Member Group
Intel ATi
reddd is offline
 
Join Date: 26th Jul 2008
Last Online: 19th Aug 2008 01:50 PM
Posts: 9
iTrader: (0)
reddd is on a distinguished road
Default winspywareprotect virus
Hello. Somehow I got the winspywareprotect virus and was hoping you could help me get rid of it.

Superantispyware Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/26/2008 at 09:09 PM
Application Version : 4.15.1000
Core Rules Database Version : 3517
Trace Rules Database Version: 1507
Scan type : Complete Scan
Total Scan Time : 01:28:27
Memory items scanned : 482
Memory threats detected : 12
Registry items scanned : 7034
Registry threats detected : 77
File items scanned : 25271
File threats detected : 331
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\THEXYUTX.DLL
C:\WINDOWS\SYSTEM32\THEXYUTX.DLL
C:\WINDOWS\SYSTEM32\MVEFWYQQ.DLL
C:\WINDOWS\SYSTEM32\MVEFWYQQ.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP726\A0075827.DLL
C:\WINDOWS\SYSTEM32\FPRTSESO.DLL
Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\YAYAYRQO.DLL
C:\WINDOWS\SYSTEM32\YAYAYRQO.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{8361777F-3DF6-40DC-87D5-30035848F47D}
HKCR\CLSID\{8361777F-3DF6-40DC-87D5-30035848F47D}
HKCR\CLSID\{8361777F-3DF6-40DC-87D5-30035848F47D}\InprocServer32
HKCR\CLSID\{8361777F-3DF6-40DC-87D5-30035848F47D}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C}
HKCR\CLSID\{E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C}
HKCR\CLSID\{E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C}\InprocServer32
HKCR\CLSID\{E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks#{E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\yayaYrqO
C:\WINDOWS\SYSTEM32\PMNKICYX.DLL
Trojan.Unclassified/Dropper-WinNT32
C:\WINDOWS\SYSTEM32\WINCTRL32.DLL
C:\WINDOWS\SYSTEM32\WINCTRL32.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\URQRKABR.DLL
C:\WINDOWS\SYSTEM32\URQRKABR.DLL
Adware.VideoAccessCodec/Gen
C:\WINDOWS\EQVWAMKL.DLL
C:\WINDOWS\EQVWAMKL.DLL
Adware.Vundo-Variant/J
C:\WINDOWS\WNSLVXTF.DLL
C:\WINDOWS\WNSLVXTF.DLL
Trojan.Downloader-CREW
C:\WINDOWS\SYSTEM32\TSAKSFXX.DLL
C:\WINDOWS\SYSTEM32\TSAKSFXX.DLL
HKLM\Software\Classes\CLSID\{B46BD0F4-521A-41DC-A2EA-600893581DFc}
HKCR\CLSID\{B46BD0F4-521A-41DC-A2EA-600893581DFC}
HKCR\CLSID\{B46BD0F4-521A-41DC-A2EA-600893581DFC}\InprocServer32
HKCR\CLSID\{B46BD0F4-521A-41DC-A2EA-600893581DFC}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{FFF3FAB3-2AD4-4618-BDDA-502E512F8E94}
HKCR\CLSID\{FFF3FAB3-2AD4-4618-BDDA-502E512F8E94}
HKCR\CLSID\{FFF3FAB3-2AD4-4618-BDDA-502E512F8E94}\InprocServer32
HKCR\CLSID\{FFF3FAB3-2AD4-4618-BDDA-502E512F8E94}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{B46BD0F4-521A-41DC-A2EA-600893581DFc}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{FFF3FAB3-2AD4-4618-BDDA-502E512F8E94}
C:\WINDOWS\SYSTEM32\GHSMJAOC.DLL
C:\WINDOWS\SYSTEM32\OBLPMRXI.DLL
Rogue.WinSpywareProtect
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECURISOFT SARL\WINSPYWAREPROTECT\WSPWPRTCT.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECURISOFT SARL\WINSPYWAREPROTECT\WSPWPRTCT.EXE
[s9201] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECURISOFT SARL\WINSPYWAREPROTECT\WSPWPRTCT.EXE
C:\WINDOWS\Prefetch\WSPWPRTCT.EXE-25252D54.pf
Trojan.Unclassified/GTS
C:\WINDOWS\FDKOWVBP.DLL
C:\WINDOWS\FDKOWVBP.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{72585F60-1D5F-4B66-8806-53E3973D64B5}
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}\InprocServer32
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}\InprocServer32#ThreadingModel
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}\ProgID
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}\Programmable
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}\TypeLib
HKCR\CLSID\{72585F60-1D5F-4B66-8806-53E3973D64B5}\VersionIndependentProgID
HKCR\fdkowvbp.1
HKCR\fdkowvbp
HKCR\TypeLib\{EA71FA48-8F6A-41BA-B797-7104B6250E39}
HKCR\TypeLib\{EA71FA48-8F6A-41BA-B797-7104B6250E39}\1.0
HKCR\TypeLib\{EA71FA48-8F6A-41BA-B797-7104B6250E39}\1.0\0
HKCR\TypeLib\{EA71FA48-8F6A-41BA-B797-7104B6250E39}\1.0\0\win32
HKCR\TypeLib\{EA71FA48-8F6A-41BA-B797-7104B6250E39}\1.0\FLAGS
HKCR\TypeLib\{EA71FA48-8F6A-41BA-B797-7104B6250E39}\1.0\HELPDIR
Trojan.Net-MSV/VPS-Variant
C:\WINDOWS\NFAVXWDBMFE.DLL
C:\WINDOWS\NFAVXWDBMFE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}\InprocServer32
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}\InprocServer32#ThreadingModel
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}\ProgID
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}\Programmable
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}\TypeLib
HKCR\CLSID\{B468D36D-C8CB-4A82-B0E0-393A2FA0256C}\VersionIndependentProgID
Unclassified.Unknown Origin
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O1ER4HUV\3077AHNTDKSR[1].DLL
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O1ER4HUV\3077AHNTDKSR[1].DLL
HKLM\Software\Classes\CLSID\{5B6B5426-02DD-4241-A65C-6A9D15460E27}
HKCR\CLSID\{5B6B5426-02DD-4241-A65C-6A9D15460E27}
HKCR\CLSID\{5B6B5426-02DD-4241-A65C-6A9D15460E27}\InprocServer32
HKCR\CLSID\{5B6B5426-02DD-4241-A65C-6A9D15460E27}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{C1B4DEC2-2623-438e-9CA2-C9043AB28508}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{5B6B5426-02DD-4241-A65C-6A9D15460E27}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{C1B4DEC2-2623-438e-9CA2-C9043AB28508}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{C1B4DEC2-2623-438e-9CA2-C9043AB28508}
C:\DOCUMENTS AND SETTINGS\RYAN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\IH5KPE52\3077AHNTDKSR[1].DLL
C:\DOCUMENTS AND SETTINGS\RYAN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\IH5KPE52\3077AHNTDKSR[2].DLL
Adware.Tracking Cookie
C:\Documents and Settings\Ryan\Cookies\ryan@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@cbs.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@pornstarslikeitbig[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@affiliate1.ticketcity[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjlyunajwco.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bluestreak[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.monster[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@zedo[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.blankdvdmedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.freearcade[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@247realmedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@112.2o7[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@livenation.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@nike.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@questionmarket[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-deltatre.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@reduxads.valuead[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@statse.webtrendslive[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@trafficmp[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adtech[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@fastclick[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfl4uicpmcq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@realmedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@server.cpmstar[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@statcounter[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ticketsnow[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@data.coremetrics[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ad.lookery[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.ticketsnow[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ticketsnow.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfkoggczghq.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@4.adbrite[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@mediaplex[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@revsci[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-adidas.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.countytimes.co[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@casalemedia[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjnygidzeko.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@stats.paypal[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-twi.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@uk.sitestat[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bet.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@wildbluffmedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@tradedoubler[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@tremor.adbureau[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-aha.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.adrevolver[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bellglobemediapublishin g.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-iwantoneofthose.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@leveragemarketing.112.2 o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjkokmd5gfo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@tribalfusion[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ad.yieldmanager[3].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ticketcity[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-gamespyinc.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@overture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@zillow.adbureau[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-yellowpages.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgmywmajkbo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@doubleclick[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@clicktorrent[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wblykgdjsgp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@honoluluadvertiser[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.us.e-planning[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@richmedia.yahoo[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-theactivenetwork.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@everykilowattcounts[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@advertising[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.pointroll[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ad.uk.tangozebra[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adecn[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@login.tracking101[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adrevolver[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfmichdjgeq.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.as4x.tmcs.ticketmas ter[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjnyelczmhp.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.telegraph.co[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wbk4uncjseo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@counter.surfcounters[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@burstnet[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@paypal.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.stars.ign[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www2.addfreestats[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgl4snc5gdo.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@msnportal.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@blankdvdmedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@vitamine.networldmedia[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@specificclick[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.revsci[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@collective-media[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-theviptour.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@interclick[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adopt.euroclick[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@xiti[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@pro-market[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bs.serving-sys[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@atdmt[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@vitamine.networldmedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@apmebf[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-reed.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@stat.dealtime[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.ticketcity[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@prospect.adbureau[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjk4ckcpchp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@networldmedia[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wflialdjeho.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdl4kgczgeq.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adidascanada.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgkokiazgho.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@countingdown[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjny-1nczik.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.ps3.ign[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adopt.specificclick[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-cardomain.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@maxis.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgmiahcpmfp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.neoedge[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfl4umcjaap.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.burstnet[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@server.iad.liveperson[3].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjkysgajkko.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@chitika[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjmikndzibq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@sonyscei.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bizrate[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgk4upc5afo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.county.oxford.on[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@tacoda[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@rogersmedia[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@counter.hitslink[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bbfadnet[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-triseptsolutions.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-hyundaicanada.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wbligod5ago.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adcentriconline[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjmiqgd5mcq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wbl4oicpmep.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@server.iad.liveperson[4].txt
C:\Documents and Settings\Ryan\Cookies\ryan@vortexmediagroup[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdl4ekc5igp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjkycmcpsfq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@socialmedia[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@s.clickability[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.widgetbucks[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.cardomain[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@dealtime[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-ctv.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.usercash[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@accounts.pkr[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfmiqgajmbq.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@workopolis.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdl4uiajgkp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgkionajwcp.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjnycicpkho.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@indextools[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.blankdvdmedia[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@dynamic.media.adrevolve r[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdl4gnajaco.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@server.iad.liveperson[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@rotator.adjuggler[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@test.koadserver[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@uk.sitestat[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@insightexpressai[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgl4wgajglq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@partygaming.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@citi.bridgetrack[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdlyupdzafo.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfk4alcjilo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@test.coremetrics[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@kontera[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media6degrees[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.adrevolver[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@tracker.shop[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@msnaccountservices.112. 2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6whk4wldjolq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.mtvnservices[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@partner2profit[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdlyepdzcfp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@list[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfkyaldpiao.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjlikjdjmhp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@optimize.indieclick[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdlowmczidp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@roiservice[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@pornhub[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjloakcpsao.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@dmtracker[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfloakczikp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjkyqmazidq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@nextag[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wblywoazafp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@azjmp[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bizrate.co[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjmicod5wdo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ad1.king[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdkiumd5icp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@rambler[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@cgm.adbureau[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfl4gldzklo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@toplist[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@gomyhit[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wdl4emdjaao.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.emedtv[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@uk.sitestat[3].txt
C:\Documents and Settings\Ryan\Cookies\ryan@linksynergy[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@lotsofads.smilingtraffi c[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@weborama[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjliqpcjadq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adinsert.buddymedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@trinitymirror.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-mgnlimited.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.addesktop[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgk4qhd5kkp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6whkikodzcao.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6whmikkdjgdq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.react2media[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjny-1jczwg.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjliagdjmgp.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjmiuhdzsdo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@serving-sys[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@aimfar.solution.weboram a[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjkyohdzadp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjny-1kd5gg.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.popuptraffic[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@homedepotca.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjliamc5cep.stats.esomniture[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.googleadservices[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@gomyhit[3].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6whkienazwfp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@partypoker[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.toseeka[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adlegend[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjnyqndzeeq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@trafficrotator[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adbrite[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@anad.tacoda[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@imrworldwide[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@indexstats[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wbmiandpgkp.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.advertising-department[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wblyeod5gbo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@nhl.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@trvlnet.adbureau[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@a.websponsors[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@yadro[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@chumtv.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@account.live[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfliqhazwdo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wbkisjdpsco.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ehg-allegisgroup.hitbox[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@www.burstbeacon[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjnysgczefq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@toseeka[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@videoegg.adbureau[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjliskazwho.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ad1.clickhype[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wgkoglcjseq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.addynamix[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wbkikhdzeaq.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@msnbc.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adsrevenue[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wfkoulcpwbo.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@media.wii.ign[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@e-2dj6wjnygkdpeko.stats.esomniture[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@goal.adbureau[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@torstardigital.122.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@wmvmedialease[1].txt
C:\Documents and Settings\LocalService\Cookies\system@revenue[2].txt
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@tribalfusion[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@serving-sys[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ad.yieldmanager[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@zedo[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@doubleclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@atdmt[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@2o7[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@msnportal.112.2o7[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@specificclick[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@adopt.euroclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@msnaccountservices.112.2o7[2].txt
Adware.Toolbar888
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32#ThreadingModel
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\ProgID
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\Programmable
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\TypeLib
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\VersionIndependentProgID
Trojan.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run #advap32 [ C:\DOCUME~1\Ryan\LOCALS~1\Temp\scksexde.exe/r ]
C:\WINDOWS\system32\WinCtrl32.dl_
C:\DOCUMENTS AND SETTINGS\RYAN\LOCAL SETTINGS\TEMP\SMCHK.EXE
C:\WINDOWS\SYSTEM32\WAPITR.EXE
Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-1335142754-2142497010-1476782021-1006\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 ]
Adware.IPWins
C:\Program Files\ipwindows\pop12.tmp
C:\Program Files\ipwindows\pop15.tmp
C:\Program Files\ipwindows
Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger
C:\Documents and Settings\Ryan\Desktop\Error Cleaner.url
C:\Documents and Settings\Ryan\Desktop\Privacy Protector.url
C:\Documents and Settings\Ryan\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Ryan\Favorites\Error Cleaner.url
C:\Documents and Settings\Ryan\Favorites\Privacy Protector.url
C:\Documents and Settings\Ryan\Favorites\Spyware&Malware Protection.url
Trojan.Net-MU/Gen
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\WebVideo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\WebVideo#uninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\WebVideo#DisplayName
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-1335142754-2142497010-1476782021-1006\Software\Microsoft\rdfa
Rogue.AntiSpywareExpert
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#DLLNam e
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#StartS hell
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#Impers onate
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WinCtrl32#Asynch ronous
Trojan.Unclassified/BindSRV
C:\DOCUMENTS AND SETTINGS\RYAN\LOCAL SETTINGS\TEMP\BINDSRV2.EXE
Adware.IWinGames
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP677\A0068371.DLL
Trojan.Dropper/Gen
C:\WINDOWS\GRSWPTDL.EXE


Anti-malware Log

Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.1.2600 Service Pack 2
12:26:16 AM 27/07/2008
antimalwarelog
Scan type: Full Scan (C:\|)
Objects scanned: 165869
Time elapsed: 1 hour(s), 56 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 18
Registry Values Infected: 8
Registry Data Items Infected: 18
Folders Infected: 6
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\urqRKaBr.dll (Trojan.Vundo) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06551ab2-4cda-44b3-ae6b-b990817ccf75} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{06551ab2-4cda-44b3-ae6b-b990817ccf75} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplu gin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplu gin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.bwfa (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.FakeAlert) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqrkabr -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqrkabr -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76477-OEM-0011903-00102) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoStartMenuMoreProgram s (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> No action taken.
Files Infected:
C:\WINDOWS\system32\urqRKaBr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rBaKRqru.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rBaKRqru.ini2 (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Ryan\My Documents\Ranch Rush\ijl15.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072954.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\erfn.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Adobe\Acrobat 6.0\Reader\PDF417Encoder.dll (Trojan.Downloader) -> No action taken.
C:\Program Files\Oberon Media\Ranch Rush\ijl15.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080725122728062.log (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080725123301656.log (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080725125438578.log (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080725163046312.log (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080726143723640.log (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080726191643578.log (Rogue.WinSpywareProtect) -> No action taken.
C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\BM9325910c.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM9325910c.txt (Trojan.Vundo) -> No action taken.


Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:48 AM, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC AA.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Ryan\Desktop\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\Ryan\Desktop\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC AA.EXE /FU "C:\WINDOWS\TEMP\E_S1722.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Ryan\Desktop\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Documents and Settings\Ryan\Desktop\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Documents and Settings\Ryan\Desktop\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Magic%20F...es/stg_drm.ocx
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104w.bay104.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Fairy%20G.../armhelper.ocx
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 9829 bytes


To the mod, sorry for double post.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #3  
Old 26th Jul 2008, 09:13 PM
evilfantasy's Avatar
Moderator Group
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 15th Jul 2007
Last Online: Today 06:46 PM
Posts: 5,338
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default winspywareprotect virus
Welcome to Computer Juice.

Your posts will not show up right away as you are a new member so any posts with links in them have to be approved by a moderator. Just post once, well get them when we see it.

I'm looking at the logs now, be right back.....
__________________
.
.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #4  
Old 26th Jul 2008, 09:21 PM
evilfantasy's Avatar
Moderator Group
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 15th Jul 2007
Last Online: Today 06:46 PM
Posts: 5,338
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default winspywareprotect virus
In the MalwareBytes log everything says No action taken.? Did you copy the log before you finished cleaning?

Can you post the log after cleaning please. Open MBAM then click the Logs tab to view and post it here.
__________________
.
.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #5  
Old 27th Jul 2008, 06:46 AM
No Avatar
reddd  Abu Dhabi
New Member Group
Intel ATi
reddd is offline
 
Join Date: 26th Jul 2008
Last Online: 19th Aug 2008 01:50 PM
Posts: 9
iTrader: (0)
reddd is on a distinguished road
Default winspywareprotect virus
I ran Anti-Malware again. Here is the log.

Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.1.2600 Service Pack 2
10:41:52 AM 27/07/2008
mbam-log-7-27-2008 (10-41-52).txt
Scan type: Full Scan (C:\|)
Objects scanned: 159397
Time elapsed: 1 hour(s), 48 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0077902.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #6  
Old 27th Jul 2008, 01:31 PM
evilfantasy's Avatar
Moderator Group
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 15th Jul 2007
Last Online: Today 06:46 PM
Posts: 5,338
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default winspywareprotect virus
Disable Spybot's TeaTimer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.

First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident
Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)
  • 02 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  • O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  • O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
  • O24 - Desktop Component 0: Privacy Protection - (no file)
Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Go to Start > Run and type Notepad.exe then click OK.

Copy and paste the following text within the code box into the new Notepad file.

Code:
@ECHO OFF
sc stop BOONTY
sc delete BOONTY
exit
In Notepad select File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files.

Next double click fixservice.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservice.bat from the Desktop.

----------

Download OTMoveIt2 by OldTimer
  • Save it to your desktop.
Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.
  • Double-click OTMoveIt2.exe to run it.
  • Copy the lines in the codebox below.
Code:
[kill explorer]
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) and paste it in your next reply.
  • Close OTMoveIt2
----------

Be sure to restart the computer and then let me know how everything is now.
__________________
.
.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #7  
Old 27th Jul 2008, 04:58 PM
No Avatar
reddd  Abu Dhabi
New Member Group
Intel ATi
reddd is offline
 
Join Date: 26th Jul 2008
Last Online: 19th Aug 2008 01:50 PM
Posts: 9
iTrader: (0)
reddd is on a distinguished road
Default winspywareprotect virus
Explorer killed successfully
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe moved successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07272008_204543


My desktop is still not the same as before the virus. The wall paper is from about a year ago but the wallpaper before the virus shows up when I shut doiwn the computer and all the Labels on the desktop icons have a white background. Other than that it seems ok.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #8  
Old 27th Jul 2008, 05:20 PM
evilfantasy's Avatar
Moderator Group
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 15th Jul 2007
Last Online: Today 06:46 PM
Posts: 5,338
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default winspywareprotect virus
I'm not sure what all damage the virus did but I think we should take a closer look. You may have to change all of your settings back manually.

This is a quick scan but will contain a lot of information. Please be sure to post both logs.

Download Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.
Vista users Right click DSS and Run as Administrator.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open.
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply.
__________________
.
.
Last edited by evilfantasy : 27th Jul 2008 at 05:21 PM.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #9  
Old 28th Jul 2008, 10:32 AM
No Avatar
reddd  Abu Dhabi
New Member Group
Intel ATi
reddd is offline
 
Join Date: 26th Jul 2008
Last Online: 19th Aug 2008 01:50 PM
Posts: 9
iTrader: (0)
reddd is on a distinguished road
Default winspywareprotect virus
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Celeron(R) CPU 2.80GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 1021.98 MiB / 597.47 MiB
Pagefile Memory (total/avail): 1696.32 MiB / 1331.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.79 MiB
C: is Fixed (NTFS) - 71.46 GiB total, 19.49 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - SAMSUNG SP0802N/P - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 71.46 GiB - C:
\PARTITION2 - Unknown - 3 GiB

-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntivirusOverride is set.
AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:E nabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\\Program Files\\Infogrames\\Roller Coaster Tycoon 2\\rct2.exe"="C:\\Program Files\\Infogrames\\Roller Coaster Tycoon 2\\rct2.exe:*:Disabled:rct2"
"C:\\Documents and Settings\\Ryan\\Desktop\\nestc042\\NESTCL95.EXE"=" C:\\Documents and Settings\\Ryan\\Desktop\\nestc042\\NESTCL95.EXE:*: Disable