Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Smitfraud?


  • Please log in to reply
22 replies to this topic

#1 oldfrogjr26

oldfrogjr26

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 14 September 2008 - 12:26 PM

My computer is definitely infected with something. Windows has replaced my desktop with a warning box, Win32/removeprivacy.m64 and win32/ (something else, can't remember now). I deleted temporary and internet files and recycle bin but I can't get to any website to download the Spybot and Search and destroy, or even update my spyware/adware detection and anti-virus. Had been using Spysubtract (came from on comp) and Norton. Windows doesn't detect any virus protection. I turned my firewall back on. I have shut down my PC for the moment and am working from a wireless Mac.

Any help definitely appreciated. My dad does this stuff for a living but pointed me here because he feels confident with y'all. Yup, from Texas.

Edited by Orange Blossom, 14 September 2008 - 01:13 PM.
Move to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:05 AM

Posted 14 September 2008 - 01:53 PM

Use another computer to download MBAM and the manual update file, install both on the infected computer

I believe the correct identifier of this malware to be Win32/Privacy Remover.M64

http://www.bleepingcomputer.com/forums/ind...st&p=944365
Chewy

No. Try not. Do... or do not. There is no try.

#3 oldfrogjr26

oldfrogjr26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 14 September 2008 - 06:06 PM

Thanks Chew. Also, I remember now that the other warning was for win32/adaware/Virtumonde or something. Should I do something different for that? Thanks so much!

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:05 AM

Posted 14 September 2008 - 06:09 PM

that one might be a little more complicated but we need to start with MBAM for both
Chewy

No. Try not. Do... or do not. There is no try.

#5 oldfrogjr26

oldfrogjr26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 14 September 2008 - 07:10 PM

Hey there,

Ran the MBAM. After removal, I restarted. When Windows came up I got an error message which read: RUNDLL, Error loading C:\WINDOWS\stsyem32\ysduevne.dll, the specified module could not be found. Here is the log.

Malwarebytes' Anti-Malware 1.28
Database version: 1152
Windows 5.1.2600 Service Pack 2

9/14/2008 6:36:30 PM
mbam-log-2008-09-14 (18-36-30).txt

Scan type: Quick Scan
Objects scanned: 52006
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 6
Registry Keys Infected: 36
Registry Values Infected: 10
Registry Data Items Infected: 4
Folders Infected: 43
Files Infected: 95

Memory Processes Infected:
C:\WINDOWS\system32\lphc58gj0enf7.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\efcbxuuV.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vybbibtg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fgkdgw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iifDVLeD.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\blphc58gj0enf7.scr (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\msiebbar.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f2c2b65-1b22-4129-87c5-3780ca68a02b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f2c2b65-1b22-4129-87c5-3780ca68a02b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{727b4230-721d-42e6-854f-d3abc3eab743} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifdvled (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{727b4230-721d-42e6-854f-d3abc3eab743} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ed08a22-a71b-4fb0-9f8b-7a28a9ac4ae1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9ed08a22-a71b-4fb0-9f8b-7a28a9ac4ae1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware358 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45a4902e-4479-4eae-a186-8d0f7e4c78de} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45a4902e-4479-4eae-a186-8d0f7e4c78de} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4c1caacf-1788-4613-a840-6bd943d4ee95} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a7d6ad2-0881-451f-bb27-f5e2ee2c5b14} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9fb3908c-6565-4cb0-95f8-e9f85258723c} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53c5df37-04db-4f7b-8135-ba9f04c97c14} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\starware358 (Adware.Starware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0cfb20dc (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{727b4230-721d-42e6-854f-d3abc3eab743} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9fb3908c-6565-4cb0-95f8-e9f85258723c} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm0fc81340 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc58gj0enf7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efcbxuuv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efcbxuuv -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Starware358 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware358\bin (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware358\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\EntertainmentMarketingSP (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\EntertainmentMarketingSP\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\EntertainmentMarketingSP\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\EntertainmentMarketingSP\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\CelebrityNews (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\CelebritySearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\EntertainmentMarketingSP (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\fgkdgw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iifDVLeD.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\efcbxuuV.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\Vuuxbcfe.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\Vuuxbcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vybbibtg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gtbibbyv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc58gj0enf7.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yjnasaiv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Starware358\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware358\Starware358Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware358\Starware358Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware358\bin\Starware358.dll (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware358\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\U0002548E.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\celebrity_news.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\celebrity_search.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\EntertainmentMarketingSP\images\active\EntertainmentMarketingSP0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\CelebrityNews\CelebrityNewsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\CelebrityNews\CelebrityNewsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\CelebritySearch\CelebritySearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\CelebritySearch\CelebritySearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Layouts\PitchLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Layouts\PitchLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\SearchAssistPlus\SearchAssistPlusOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\SearchAssistPlus\SearchAssistPlusOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Starware358\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msiebbar.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ysduevne.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM0fc81340.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM0fc81340.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbBUKd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc58gj0enf7.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc58gj0enf7.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:05 AM

Posted 14 September 2008 - 07:22 PM

C:\WINDOWS\stsyem32\ysduevne.dll,


Don't worry about that, we can fix it later when and if we can finish removing this infection, after the reboot would you run another quick scan and post that log
Chewy

No. Try not. Do... or do not. There is no try.

#7 oldfrogjr26

oldfrogjr26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 14 September 2008 - 08:18 PM

Malwarebytes' Anti-Malware 1.28
Database version: 1152
Windows 5.1.2600 Service Pack 2

9/14/2008 8:15:01 PM
mbam-log-2008-09-14 (20-15-01).txt

Scan type: Quick Scan
Objects scanned: 51533
Time elapsed: 6 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:05 AM

Posted 14 September 2008 - 09:18 PM

Keep an eye on it for a while, watching for malware symptoms

How's your computer running now?

http://www.bleepingcomputer.com/forums/ind...st&p=944265

Let's look again with SAS after running ATF cleaner, some of that infection was a lot harder to remove last month
Chewy

No. Try not. Do... or do not. There is no try.

#9 oldfrogjr26

oldfrogjr26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 14 September 2008 - 10:20 PM

I am still running the SAS right now. I can access the internet again, so I guess that is a good (or at least better) sign. You have been amazingly helpful so far! Thanks again.

#10 oldfrogjr26

oldfrogjr26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 14 September 2008 - 11:04 PM

Here is the log after SAS. Or from SAS. Computer seems to be working fine right now.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/14/2008 at 10:48 PM

Application Version : 4.21.1004

Core Rules Database Version : 3566
Trace Rules Database Version: 1554

Scan type : Quick Scan
Total Scan Time : 00:55:18

Memory items scanned : 160
Memory threats detected : 0
Registry items scanned : 442
Registry threats detected : 21
File items scanned : 36819
File threats detected : 146

Spyware.WebSearch (WinTools/HuntBar)
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}\InprocServer32
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}\InprocServer32#ThreadingModel
C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLST.DLL
HKU\S-1-5-21-3982592753-3173013242-2565298069-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{339BB23F-A864-48C0-A59F-29EA915965EC}
C:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#DeviceDesc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools_ESIES
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools_ESIES#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools_ESIES#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools_ESIES#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools_ESIES#URLInfoAbout

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@iacas.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@findlaw[2].txt
C:\Documents and Settings\Owner\Cookies\owner@roiservice[2].txt
C:\Documents and Settings\Owner\Cookies\owner@williamson-county[1].txt
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.cnn[3].txt
C:\Documents and Settings\Owner\Cookies\owner@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adecn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[3].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.williamson-county[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@kontera[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Cookies\owner@public.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media6degrees[1].txt
C:\Documents and Settings\Owner\Cookies\owner@discounttire[1].txt
C:\Documents and Settings\Owner\Cookies\owner@login.tracking101[2].txt
C:\Documents and Settings\Owner\Cookies\owner@snapfish.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.addfreestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking.keywordmax[1].txt
C:\Documents and Settings\Owner\Cookies\owner@valueclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www3.addfreestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bp.specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@account.live[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[4].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[2].txt
C:\Documents and Settings\Owner\Cookies\owner@prospect.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@eyewonder[1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.adtechus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner\Cookies\owner@indextools[2].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@eharmony.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[2].txt
C:\Documents and Settings\Owner\Cookies\owner@volkswagen.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@starware[2].txt
C:\Documents and Settings\Owner\Cookies\owner@metacafe.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@injury.findlaw[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@network.realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@traffic.prod.cobaltgroup[1].txt
C:\Documents and Settings\Owner\Cookies\owner@123stat[2].txt
C:\Documents and Settings\Owner\Cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.cnn[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.multimania.lycos[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bzresults.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.mtvnservices[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[5].txt
C:\Documents and Settings\Owner\Cookies\owner@chitika[2].txt
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt
C:\Documents and Settings\Owner\Cookies\owner@meetupcom.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.ireport[1].txt
C:\Documents and Settings\Owner\Cookies\owner@videoegg.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@enhance[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.emedtv[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt
C:\Documents and Settings\Owner\Cookies\owner@usaveonpills.directtrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stpetersburgtimes.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@directtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tremor.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@borders.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt
C:\Documents and Settings\Owner\Cookies\owner@toseeka[1].txt
C:\Documents and Settings\Owner\Cookies\owner@publishers.clickbooth[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.associatedcontent[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[6].txt
C:\Documents and Settings\Owner\Cookies\owner@ordie.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking.hearthstoneonline[1].txt
C:\Documents and Settings\Owner\Cookies\owner@wacotrib.stats[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dmtracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.belointeractive[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[6].txt
C:\Documents and Settings\Owner\Cookies\owner@wmvmedialease[1].txt
C:\Documents and Settings\Owner\Cookies\owner@myap.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pluckit.demandmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.toseeka[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trackalyzer[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnbc.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[5].txt
C:\Documents and Settings\Owner\Cookies\owner@CA7X018R.txt
C:\Documents and Settings\Owner\Cookies\owner@ads.telegraph.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.quixsurf[1].txt
C:\Documents and Settings\Owner\Cookies\owner@articleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bizrate[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner\Cookies\owner@112.2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@clickchecker6[1].txt
C:\Documents and Settings\Owner\Cookies\owner@esexylingerie[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bridgetrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt

Adware.Avenue Media/Internet Optimizer
HKU\S-1-5-21-3982592753-3173013242-2565298069-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

Adware.ClearSearch
C:\RECYCLER\S-1-5-21-3982592753-3173013242-2565298069-1003\DC21\TXBG6FVK.DLL

Unclassified.Unknown Origin
C:\WINDOWS\TEMP\K0GHI657.EXE

#11 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:05 AM

Posted 15 September 2008 - 04:28 AM

It's best to do a complete cleaning with ATF as the scans go quicker and possible malware is eliminated from temp folders
Chewy

No. Try not. Do... or do not. There is no try.

#12 oldfrogjr26

oldfrogjr26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 15 September 2008 - 08:02 AM

Hmmm, what's ATF again?

#13 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:05 AM

Posted 15 September 2008 - 09:11 AM

http://www.bleepingcomputer.com/forums/ind...st&p=941833

I apologize, I used the wrong SAS link. Instructions on the use of ATF Cleaner are supplied in this one

:thumbsup:
Chewy

No. Try not. Do... or do not. There is no try.

#14 oldfrogjr26

oldfrogjr26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 15 September 2008 - 10:24 PM

I'm back...had to work all day away from the computer. I ran the ATF cleaner and then SAS again. Here is the new log.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/15/2008 at 11:35 AM

Application Version : 4.21.1004

Core Rules Database Version : 3566
Trace Rules Database Version: 1554

Scan type : Complete Scan
Total Scan Time : 02:00:45

Memory items scanned : 159
Memory threats detected : 0
Registry items scanned : 5914
Registry threats detected : 0
File items scanned : 83830
File threats detected : 0

#15 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:05 AM

Posted 15 September 2008 - 10:40 PM

:thumbsup:

http://www.bleepingcomputer.com/forums/ind...st&p=942807

use this autoruns guide for

Error loading C:\WINDOWS\stsyem32\ysduevne.dll, the specified module could not be found.


if that still is showing up at bootup

any signs of malware left, is your computer running normally?
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users