Jump to content

Recommended Posts

Guest trouttrout

Mate downloaded WinRAR and unzipped a file and this happened...

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.31

Database version: 1515

Windows 5.1.2600 Service Pack 2

18/12/2008 18:44:12

mbam-log-2008-12-18 (18-44-11).txt

Scan type: Quick Scan

Objects scanned: 66029

Time elapsed: 21 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 28

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 33

Files Infected: 57

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explore (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Adware.Starware) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\Starware349 (Adware.Starware) -> Quarantined and deleted successfully.

C:\Program Files\Starware349\bin (Adware.Starware) -> Quarantined and deleted successfully.

C:\Program Files\Starware349\icons (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349 (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\contexts (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\Games (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\Games\images (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\images (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\Movies (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Program Files\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Program Files\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349 (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\EbayKeyword (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\EbaySearch (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\Games (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\Horoscopes (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\Movies (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\VideoEgg\Loader\2364\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Program Files\Starware349\bin\Starware349.dll (Adware.Starware) -> Quarantined and deleted successfully.

C:\Program Files\Starware349\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaykeyword.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaykeyword.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaysearch.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaysearch.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\horoscopes.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\Horoscopes0.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Program Files\RegistrySmart\Log\log_2006_11_21_21_25_17.eklog (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Program Files\RegistrySmart\Log\log_2006_11_21_21_25_18.eklog (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Program Files\RegistrySmart\Log\log_2006_11_21_21_30_32.eklog (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Program Files\RegistrySmart\Registry Backups\2006-11-21_21-29-56.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Program Files\RegistrySmart\Registry Backups\2006-11-21_21-30-41.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\EbayKeyword\EbayKeywordOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\EbayKeyword\EbayKeywordOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\EbaySearch\EbaySearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\EbaySearch\EbaySearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\Horoscopes\HoroscopesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\Horoscopes\HoroscopesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Paul dont take off!\Application Data\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

Doing the PANDA one next...

Thanks

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.