BleepingComputer.com: report

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

report

#1 User is offline   luchymon 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 01-July 09

Posted 01 July 2009 - 09:26 AM

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 6.0.6001 Service Pack 1

7/1/2009 9:43:53 AM
mbam-log-2009-07-01 (09-43-53).txt

Scan type: Quick Scan
Objects scanned: 77557
Time elapsed: 8 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 59
Registry Values Infected: 7
Registry Data Items Infected: 1
Folders Infected: 12
Files Infected: 36

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{139c109e-08c6-4b60-9142-860b8cd5d000} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{679b00b5-0783-4de4-a478-7227fdd50825} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b6a3935f-8fe4-49a4-b987-a1c09e53589f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ef94a58f-599b-4602-9c34-99683c5859b1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{baba5bdb-4eff-48db-b443-679651d37128} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdc0999c-999c-4ee1-875b-5c3542641768} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareShield (Rogue.AntiSpywareShield) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tracker.trackerobj (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tracker.trackerobj.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusRanger (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\ProgramData\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
c:\Users\david\AppData\Roaming\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
c:\Users\david\AppData\Roaming\winspycontrol\Logs (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Program Files\Sotfone (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
c:\winspycontrol\AVQuar (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Users\david\AppData\Roaming\Zango (Adware.Zango) -> Delete on reboot.

Files Infected:
C:\Program Files\Toshiba\Utilities\SVPWUTIL.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
C:\Program Files\Toshiba\Utilities\HWSetup.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\program files\virusranger\asc4.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\bpw.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\kernel40.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\mm.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\OE.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\OE4.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\pl.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\sdebug.log (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\stopapi4.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\TheBAT.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\UnARJ.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\UnMSCAB.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\unrar.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\unzip.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\updater.plb (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Zango\Reset Cursor.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Customer Support Center.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Games!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Library.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Screensavers!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Videos!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\ZangoSAEULA.mht (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\ZangoSA_hpk.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\Users\david\AppData\Roaming\winspycontrol\Logs\threats.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
c:\Users\david\AppData\Roaming\winspycontrol\Logs\update.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
c:\program files\netproject\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\netproject\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\Users\david\incomplete\favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.

#2 User is online   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,964
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 01 July 2009 - 09:41 AM

Hi luchymon, please update MBAM (the latest database is 2358), reboot in normal mode and run a full scan. Please post the results back.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users