Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Antivirus 08 Removal Help


  • Please log in to reply
1 reply to this topic

#1 ebolanos

ebolanos

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 01 September 2008 - 08:55 PM

Hello all,

This is my first post here and hope that I can get help in solving this headache problem.

I have followed other posts in regards to XPantivirus08 removal from my windows xp computer and used ATF cleaner and Superantispyware and here is the log for the scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/31/2008 at 09:29 PM

Application Version : 4.20.1046

Core Rules Database Version : 3541
Trace Rules Database Version: 1530

Scan type : Complete Scan
Total Scan Time : 01:09:55

Memory items scanned : 174
Memory threats detected : 0
Registry items scanned : 5124
Registry threats detected : 106
File items scanned : 38752
File threats detected : 97

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{2FC507EF-2CC9-4C26-8FB8-B5605AA3C90F}
HKCR\CLSID\{2FC507EF-2CC9-4C26-8FB8-B5605AA3C90F}
HKCR\CLSID\{2FC507EF-2CC9-4C26-8FB8-B5605AA3C90F}\InprocServer32
HKCR\CLSID\{2FC507EF-2CC9-4C26-8FB8-B5605AA3C90F}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GEEBX.DLL
HKLM\Software\Classes\CLSID\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}
HKCR\CLSID\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}
HKCR\CLSID\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}\InprocServer32
HKCR\CLSID\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\CBXVVSQ.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2FC507EF-2CC9-4C26-8FB8-B5605AA3C90F}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}
HKCR\CLSID\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}

Adware.E404 Helper/Hij
HKLM\Software\Classes\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\InprocServer32
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\InprocServer32#ThreadingModel
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\ProgID
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\Programmable
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\TypeLib
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\VersionIndependentProgID
HKCR\CJ.cjmgr.1
HKCR\CJ.cjmgr.1\CLSID
HKCR\CJ.cjmgr
HKCR\CJ.cjmgr\CLSID
HKCR\CJ.cjmgr\CurVer
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
C:\PROGRAM FILES\IE EXTENSIONS\CJ.V2.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

Adware.Tracking Cookie
C:\Documents and Settings\Maria Viteri\Cookies\maria_viteri@ad.yieldmanager[4].txt

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Type
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Start
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#UninstallString
C:\Program Files\Network Monitor

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Start
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#UninstallString
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Trojan.Unknown Origin
C:\WINDOWS\system32\nGpxx01

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#zip [ {a393cebb-f2b8-4028-8cc6-bb697f65b204} ]

Adware.Web Buying
HKU\S-1-5-21-1757981266-162531612-839522115-1003\Software\WebBuying

RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk

Adware.VXGame-Trace
HKU\S-1-5-21-1757981266-162531612-839522115-1003\Software\kernelexe

Trojan.Unclassified/NVCOI
C:\Program Files\Temporary

Rogue.WinIFixer
C:\Program Files\IE Extensions

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-1757981266-162531612-839522115-1003\Software\Microsoft\aldd
HKU\S-1-5-21-1757981266-162531612-839522115-1003\Software\Microsoft\rdfa
C:\WINDOWS\SYSTEM32\MCRH.TMP
C:\WINDOWS\SYSTEM32\XBEEG.INI
C:\WINDOWS\SYSTEM32\XBEEG.INI2

Rogue.MalwareProtector/Variant
C:\WINDOWS\SYSTEM32\PPHC3WHJ0EADL.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\btm_nav_hr[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\zango[1].css
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\Zangologo[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\zango_menu_default[1].css
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\Christina_Aguilera_Busty_Interview[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\hungryelf_small[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\zango_home[1].css
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\s_code[2].js
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\Zango[1].js
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\WebResource[2].axd
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\channels_shortcut[1].swf
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\inactive_tab_right[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\Christina_Aguilera_Hot_Photoshoot-9937[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\zango_holidays_shop_right_nav[1].css
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\santamunch_small[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\TemplateDefault[1].css
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\results[1].htm
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\XangoTango_small[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\contentTag[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\contentGateway[1].htm
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\Concentration_small[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\jess_good_100x75[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\user_profile[1].php
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\celebpranks[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\master[1].css
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\onslaught_small[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\bloons_small[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\sai_parameter[1].php
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\ScriptResource[1].axd
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\boomshine_small[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\bar_header[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\zango_common[1].css
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\adriana_100x75[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\crazymammoths_small[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\default[1].css
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\Christina_Aguilera_Bouncy_Boobs-9649[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\WebResource[1].axd
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\ZapInSpace_small[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\spacer[2].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\zango_menu_template[1].css
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\castlewars_small[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\TabNavigation[1].css
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\inactive_tab_left[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\arrow_continue_orange[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\Christina_Aguilera_Pussycat_Doll-9795[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\explore_header[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\AC_RunActiveContent[1].js
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\contentDisplay[1].js
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\trijinxScreen2_small[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\Christina_Aguilera_Tour_Video-9651[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\addRef[1].js
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\gecv2[2].js
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\santajump_small[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\sai_parameter[1].php
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\ContentDisplay[1].js
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\tracker[1].js
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\cookie[1].js
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\gwopixel[1].htm
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\eulagateway[1].htm
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\Jackedup_small[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\search_icon[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\Adriana_Lima_Nip_Slip[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\active_tab_left[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\title_header_orange[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\zango_nav[1].css
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\jennifer_100x75[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\paginator_bar[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\anna_green_100x75[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\gray_bottom[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\banner_200x200[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\paris_100x75[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\DetectEnvironment[2].js
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\gray_top[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\angelina_100x75[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\christinaaguilera[1].htm
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\video[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZJBJS8N5\BrandDetection[2].js
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\search_btn[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\header_bar[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\jess2_02[1].jpg
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\ScriptResource[1].axd
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZSPCH9M\Layout[2].js
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\XFSNLLYB\btn_results_play[1].gif
C:\Documents and Settings\Maria Viteri\Local Settings\Temp\Temporary Internet Files\Content.IE5\HF0XXTJM\contentGateway[1].htm

What do I need to do next?

Please help... and thanks in advance...

BC AdBot (Login to Remove)

 


#2 ebolanos

ebolanos
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 01 September 2008 - 09:24 PM

I also used Malwarebytes Antimalware and here is the log for that scan:

Malwarebytes' Anti-Malware 1.25
Database version: 1102
Windows 5.1.2600 Service Pack 2

7:13:06 PM 9/1/2008
mbam-log-09-01-2008 (19-13-06).txt

Scan type: Quick Scan
Objects scanned: 48272
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 16
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7766f4bd-6211-415c-9e32-1e20560ffb8a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7766f4bd-6211-415c-9e32-1e20560ffb8a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc7whj0eadl (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc7whj0eadl (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Dot1XCfg (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nui4 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\rhc7whj0eadl (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria Viteri\Application Data\rhc7whj0eadl (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria Viteri\Application Data\rhc7whj0eadl\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria Viteri\Application Data\rhc7whj0eadl\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria Viteri\Application Data\rhc7whj0eadl\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria Viteri\Application Data\rhc7whj0eadl\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria Viteri\Application Data\rhc7whj0eadl\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria Viteri\Application Data\rhc7whj0eadl\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria Viteri\Application Data\rhc7whj0eadl\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria Viteri\Application Data\rhc7whj0eadl\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria Viteri\Application Data\rhc7whj0eadl\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria Viteri\Application Data\rhc7whj0eadl\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\ybstaccm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\rhc7whj0eadl\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7whj0eadl\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7whj0eadl\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7whj0eadl\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7whj0eadl\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7whj0eadl\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7whj0eadl\rhc7whj0eadl.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7whj0eadl\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Del.js (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMebe610c3.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3whj0eadl.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Does that mean that my PC is clean now?

Thanks...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users