Spyguard 2008

yesineedhelp · December 27, 2008

Malwarebytes' Anti-Malware 1.31

Database version: 1550

Windows 5.1.2600 Service Pack 2

12/27/2008 2:00:06 AM

mbam-log-2008-12-27 (02-00-06).txt

Scan type: Quick Scan

Objects scanned: 50683

Time elapsed: 12 minute(s), 11 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 6

Registry Keys Infected: 124

Registry Values Infected: 9

Registry Data Items Infected: 3

Folders Infected: 12

Files Infected: 144

Memory Processes Infected:

C:\WINDOWS\system32\winscenter.exe (Trojan.FakeAlert) -> Unloaded process successfully.

C:\Program Files\Batco\X_bat.exe (Adware.Batco) -> Unloaded process successfully.

C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.Spyguard) -> Unloaded process successfully.

Memory Modules Infected:

C:\WINDOWS\system32\urqqPffg.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\kbpqjf.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\nods32.dll (Trojan.Banker) -> Delete on reboot.

C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\cxslshsblt.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c973dd6a-fd97-4f86-9f88-a951fe42158e} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{c973dd6a-fd97-4f86-9f88-a951fe42158e} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dad3733f-adf8-4f5f-8a2c-451f07dc8f19} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{dad3733f-adf8-4f5f-8a2c-451f07dc8f19} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dad3733f-adf8-4f5f-8a2c-451f07dc8f19} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c973dd6a-fd97-4f86-9f88-a951fe42158e} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bat.batbho (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{b80a3586-caa5-41c8-89bf-e617f0b6cfbf} (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e080e19-80fa-4aa6-95c7-a45be90a781e} (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{63f7460b-c831-4142-a4aa-5ec303ec4343} (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63f7460b-c831-4142-a4aa-5ec303ec4343} (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bat.batbho.1 (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{2a52f970-1166-437b-8bc7-79d03cf1492c} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3786a03b-108d-48f4-b09c-60262531e895} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8e015787-b1e3-404a-95de-3e71e1fa0305} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8e015787-b1e3-404a-95de-3e71e1fa0305} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.tb (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.tb.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{733716e1-76d2-4003-ac39-845281c0ef85} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{79f562e5-768c-4494-8e6c-824ada4a9c2c} (Adware.SuperiorAds) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f6e0ef5f-5f03-43f9-8e02-bbaaa95eaa9c} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f6e0ef5f-5f03-43f9-8e02-bbaaa95eaa9c} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6e0ef5f-5f03-43f9-8e02-bbaaa95eaa9c} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{e81cf86b-f683-422a-b742-3f2427ea9d6a} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{f663b917-591f-4172-8d87-3d7d729007ca} (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82e5e2ff-9260-4d88-b0c6-7cc358c5d418} (Adware.SearchAid) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{029e02f0-a0e5-4b19-b958-7bf2db29fb13} (Adware.AdGoblin) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695bc-a811-4a9d-8cdf-ba8c795f261e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a4a435cf-3583-11d4-91bd-0048546a1450} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2680e10-1655-4a0e-87f8-4259325a84b7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9306072-417e-43e3-81d5-369490beef7c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271} (Adware.AdBreak) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} (Adware.AdBlaster) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51641ef3-8a7a-4d84-8659-b0911e947cc8} (Adware.AdBlaster) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9147a0a-a866-4214-b47c-da821891240f} (Adware.AdBlaster) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54645654-2225-4455-44a1-9f4543d34546} (Trojan.Clicker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0} (Adware.Aconti) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06dfedaa-6196-11d5-bfc8-00508b4a487d} (Adware.7Search) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3} (Adware.7Search) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c4ca6559-2cf1-48b6-96b2-8340a06fd129} (Adware.AdBar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca1d1b05-9c66-11d5-a009-000103c1e50b} (Adware.4Arcade) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d8efadf1-9009-11d6-8c73-608c5dc19089} (Adware.AccessPlugin) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{733716e1-76d2-4003-ac39-845281c0ef85} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fc3c36d-7635-4d43-ba62-0d9d2f2cd06e} (Adware.Fotomoto) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{79f562e5-768c-4494-8e6c-824ada4a9c2c} (Adware.SuperiorAds) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d7fd6c15-4927-4aae-bf12-fbdabd287eb1} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53c330d6-a4ab-419b-b45d-fd4411c1fef4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bb936323-19fa-4521-ba29-eca6a121bc78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864a5-3916-46e2-96a9-a2e84f3f1208} (Adware.Accoona) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000012-890e-4aac-afd9-eff6954a34dd} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1adbcce8-cf84-441e-9b38-afc7a19c06a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5af2622-8c75-4dfb-9693-23ab7686a456} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySidesearchSearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{a471012f-e2e5-48eb-9a8b-9d4090b1d0c7} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b5533239-2826-4fa8-bcfb-a9a44008ff4b} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{dfb574f4-1846-42f5-9694-1f09223800f9} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1648e328-3e5a-4ea5-a9c6-e5f09ee272da} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1648e328-3e5a-4ea5-a9c6-e5f09ee272da} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{315108e4-e3af-460f-b264-f2acc9e1aceb} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{315108e4-e3af-460f-b264-f2acc9e1aceb} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b5533239-2826-4fa8-bcfb-a9a44008ff4b} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssearchassistant (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\BATCO (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Batco (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\bat.DLL (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bat (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bat (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\xflock (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b443190a-946e-42bd-a3bb-f50687d840a7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{89b51154-b88d-4db9-95cb-7f8e87b88799} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\spyware guard (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareguard (Rogue.Spyguard) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxocatekud (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\izasediq (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\internetconnection (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\iemodule (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Performance Center (Rogue.PCSpeedScan) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqqpffg -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqpffg -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Installer (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Installer\bin (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\e-zshopper (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\acespy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully.

C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.

C:\Program Files\Batco (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.

C:\Documents and Settings\Portia Wise`\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\urqqPffg.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\gffPqqru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gffPqqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kbpqjf.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\afknosou.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uosonkfa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fltaxwme.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\emwxatlf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hvpncupb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bpucnpvh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\icakxgys.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sygxkaci.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nyofdevh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hvedfoyn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tbsnkjkv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vkjknsbt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wmiadrxg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gxrdaimw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xihoibmh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hmbiohix.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winscenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\Batco\X_bat.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.

C:\Program Files\Batco\bat.dll (Adware.Batco) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spads.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nods32.dll (Trojan.Banker) -> Quarantined and deleted successfully.

C:\WINDOWS\POTA777444.exe (Adware.TTC) -> Quarantined and deleted successfully.

C:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\000070.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\catbuakk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\grrnfy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gzhify.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hufszc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lwwtqdqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\oonvim.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ouivspik.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pswewfmy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rvceylaf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sosqlu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sxpdkdkq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSnrsr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSoeqh.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSoixh.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSosvn.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wgbfrlwb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wpv891229157196.cpx (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wsvkmefb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ynfqjlol.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ywngga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wvqfujow.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Drivers\TDSSmqlt.sys (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\svhost.exe (Backdoor.Hupigon) -> Quarantined and deleted successfully.

C:\Documents and Settings\Portia Wise`\Local Settings\Temp\TDSS7a40.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\queue.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\e-zshopper\BarLcher.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\acespy\systune.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\acespy\__acelog.ndx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program Files\Batco\bat.dll.intermediate.manifest (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Batco\bat.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Batco\bat.info (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Batco\bat.original (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Batco\info.dll (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Batco\un_BatSetup_15073.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Batco\un_BatSetup_15073.txt (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Batco\X_bat.log (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\NoDNS\UnInstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\Bquwopo.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\eqayafiseq.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\NVee040B.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cmd.com (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ping.com (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mysidesearch_sidebar.dll (Adware.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dcads_sidebar.dll (Adware.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dcads_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\Program Files\outlook\p.zip (Worm.Alcra) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\netstat.com (Worm.Alcra) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tasklist.com (Worm.Alcra) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tracert.com (Worm.Alcra) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cs.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rc.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ps1.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\BM047ca18e.xml (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\BM047ca18e.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wini1087100.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\cxslshsblt.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\system32\ace16win.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wml.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vxddsk.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\alog.txt (Stolen.Data) -> Quarantined and deleted successfully.

C:\WINDOWS\764.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\7search.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\absolute key logger.lnk (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\aconti.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\aconti.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\aconti.log (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\aconti.sdb (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\acontidialer.txt (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\adbar.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\daxtime.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\dp0.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\eventlowg.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\fhfmm-Uninstaller.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\flt.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\hotporn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\ie_32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\jd2002.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\kkcomp$.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\liqad$.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\liqui-Uninstaller.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\ngd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\pbar.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\spredirect.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\wbeInst$.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\xadbrk_.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\xxxvideo.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\wml.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\vxddsk.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Documents and Settings\Portia Wise`\Local Settings\Temp\TDSS79f2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Portia Wise`\Start Menu\Programs\Startup\Bat - Auto Update.lnk (Adware.Batco) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSsbhc.log (Trojan.TDSS) -> Quarantined and deleted successfully.

yesineedhelp · December 27, 2008

Sorry I see I posted this in the wrong section, could one of the mods possibly move this to PC Help please?

Hardhead · December 27, 2008

Hello yesineedhelp,

Welcome to MalwareBytes.

Please follow these instructions listed here.

An Expert will help you with log.

yesineedhelp · December 29, 2008

thank you

I'm currently re-trying the pandascan, I was running it then the computer froze on me

AdvancedSetup · December 30, 2008

Please go ahead and post the MBAM and HJT logs if the Panda scan is failing.

Malwarebytes' Anti-Malware

Start MalwareBytes AntiMalware
- Update Malwarebytes' Anti-Malware
- Select the Update tab
- Click Update
[*]When the update is complete, select the Scanner tab
[*]Select Perform quick scan, then click Scan.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Be sure that everything is checked, and click Remove Selected.
[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer and AFTER the restart run HJT scan and save log.

Post back fresh MBAM and HJT logs.

yesineedhelp · December 31, 2008

new MBAM, the mcafee virus protection activated inbetween thise and caught 28 viruses, so i don't know if it affected this or not

Malwarebytes' Anti-Malware 1.31

Database version: 1580

Windows 5.1.2600 Service Pack 2

12/30/2008 9:35:04 PM

mbam-log-2008-12-30 (21-34-58).txt

Scan type: Quick Scan

Objects scanned: 50998

Time elapsed: 11 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\Portia Wise`\Start Menu\Programs\Spyware Guard 2008 (Rogue.SpywareGuard) -> No action taken.

Files Infected:

C:\Documents and Settings\Portia Wise`\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> No action taken.

C:\Documents and Settings\Portia Wise`\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk (Rogue.SpywareGuard) -> No action taken.

C:\WINDOWS\system32\bb1.dat (Trojan.Agent) -> No action taken.

C:\Documents and Settings\Portia Wise`\Desktop\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> No action taken.

HJT log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:50:28 PM, on 12/30/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Common Files\AOL\1137002840\ee\AOLSoftware.exe

C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

c:\program files\common files\aol\1137002840\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

C:\Program Files\Common Files\AOL\1137002840\ee\aolsoftware.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\program files\aol\aol toolbar 5.0\AolTbServer.exe

C:\Documents and Settings\Portia Wise`\Local Settings\Temporary Internet Files\Content.IE5\KVB18SY6\HiJackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqpo.exe

O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask .exe" -atboottime

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137002840\ee\AOLSoftware.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Portia Wise`\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229027911218

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O18 - Filter hijack: text/html - {beabb64f-ef19-43f1-97ab-018915ecab2e} - C:\WINDOWS\system32\msziptools.dll

O20 - AppInit_DLLs: karna.dat kbpqjf.dll

O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - C:\WINDOWS\system32\vcehaeb.dll (file missing)

O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - C:\WINDOWS\system32\cwgppb.dll (file missing)

O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - C:\WINDOWS\system32\vcehaeb.dll (file missing)

O22 - SharedTaskScheduler: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - C:\WINDOWS\system32\cwgppb.dll (file missing)

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 9794 bytes

and thanks for all your help

AdvancedSetup · December 31, 2008

Please note the Holidays are here and I may be unavailable for a few days or more.

Please be patient, I've not forgotten you and will resume assistance when I return

Many of the other helpers are also visiting Family and Friends so please be patient.

The MBAM logs show you did not chose to FIX the problems. You need to tell it to fix the issues.

Close all open browsers and chat programs

Start HJT and do a Scan Only and put a check mark on the following items.

O20 - AppInit_DLLs: karna.dat kbpqjf.dll

O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - C:\WINDOWS\system32\vcehaeb.dll (file missing)

O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - C:\WINDOWS\system32\cwgppb.dll (file missing)

O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - C:\WINDOWS\system32\vcehaeb.dll (file missing)

O22 - SharedTaskScheduler: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - C:\WINDOWS\system32\cwgppb.dll (file missing)

Then click on Fix checked then quit HJT

Try running this AntiVirus tool while I'm away to see if it can locate anything else that might be hidden.

Download to the desktop: Dr.Web CureIt

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:

If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

Then run this again

Malwarebytes' Anti-Malware

Start MalwareBytes AntiMalware
- Update Malwarebytes' Anti-Malware
- Select the Update tab
- Click Update
[*]When the update is complete, select the Scanner tab
[*]Select Perform quick scan, then click Scan.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Be sure that everything is checked, and click Remove Selected.
[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer and run HJT Scan and save log.

Post back ALL the logs

I might not be able to get back with you on this for a few days, please be patient.

AdvancedSetup · January 3, 2009

Please provide some feedback on this

AdvancedSetup · January 4, 2009

No reply, closing post

Spyguard 2008

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information