SUPERAntispyware Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 05/10/2009 at 07:13 PM
Application Version : 4.26.1002
Core Rules Database Version : 3843
Trace Rules Database Version: 1798
Scan type : Complete Scan
Total Scan Time : 02:11:33
Memory items scanned : 289
Memory threats detected : 0
Registry items scanned : 4979
Registry threats detected : 0
File items scanned : 53649
File threats detected : 28
Adware.Tracking Cookie
C:\Documents and Settings\Allen\Cookies\allen@traffic.uusee[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@insightexpressai[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@kontera[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
D:\Documents and Settings\Grace\Cookies\grace@adbrite[1].txt
D:\Documents and Settings\Grace\Cookies\grace@atdmt[2].txt
D:\Documents and Settings\Grace\Cookies\grace@ad.yieldmanager[2].txt
D:\Documents and Settings\Grace\Cookies\grace@kontera[2].txt
D:\Documents and Settings\Grace\Cookies\grace@doubleclick[1].txt
D:\Documents and Settings\Grace\Cookies\grace@tribalfusion[1].txt
D:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[1].txt
D:\WINDOWS\system32\config\systemprofile\Cookies\system@msnaccountservices.112.2o7[1].txt
E:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
E:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[1].txt
E:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
Trojan.Smitfraud Variant-Gen/Bensorty
D:\SYSTEM VOLUME INFORMATION\_RESTORE{99C74EC4-8220-44C6-8A2E-B2D79F7AC498}\RP37\A0027865.DLL
D:\WINDOWS\SYSTEM32\SDRGFCVBF.DLL
Trojan.Downloader-NTOS/WSNPOEM
D:\WINDOWS\SYSTEM32\NTOS.EXE
Trojan.Agent/Gen-XCC
D:\WINDOWS\XCCDF16_090305A.DLL
Adware.Vundo/Variant-WPF
D:\WINDOWS\XCCDF32_090305A.DLL
Trojan.Unclassified/Loader-Suspicious
F:\DXC\27.10 PLATINUM\PLATINUM FIX\LOADER.EXE
G:\DXC\27.10 PLATINUM\PLATINUM FIX\LOADER.EXE
Spyware Terminator Log:
Logfile of Spyware Terminator v2.5.6.316 (db:3.005.007.000)
Scan Time: 5/10/2009 7:00:28 PM length: 2024 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Safe
Scan type: Full_Spyware_Scan
Scanned Objects: 80396 (Critical:5)
Filter: No System items, No Safe items, No Invalid items
Running Processes
Navw32.exe [Symantec Corporation] : C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\Navw32.exe
Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmR - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmR - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
BHO
02 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - [Ask.com] : C:\Program Files\AskBarDis\bar\bin\askBar.dll
02 - BHO: KeyScramblerBHO Class - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - [QFX Software Corporation] : C:\Program Files\KeyScrambler\KeyScramblerIE.dll
02 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - [RealPlayer] : C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
02 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - [Symantec Corporation] : C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
02 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jp2ssv.dll
02 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Toolbars
03 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - [Ask.com] : C:\Program Files\AskBarDis\bar\bin\askBar.dll
StartUps
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SnoopFreeUI : [SnoopFree Software] : C:\WINDOWS\SnoopFreeUI.exe
Shell Extensions
Web Sites - {AB4F43CA-ADCD-4384-B9AF-3CECEA7D6544} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN\FPNSE.DLL
WinZip - {E0D79304-84BE-11CE-9641-444553540000} - [WinZip Computing, S.L.] : C:\Program Files\WinZip\wzshlstb.dll
WinZip - {E0D79305-84BE-11CE-9641-444553540000} - [WinZip Computing, S.L.] : C:\Program Files\WinZip\wzshlstb.dll
WinZip - {E0D79306-84BE-11CE-9641-444553540000} - [WinZip Computing, S.L.] : C:\Program Files\WinZip\wzshlstb.dll
WinZip - {E0D79307-84BE-11CE-9641-444553540000} - [WinZip Computing, S.L.] : C:\Program Files\WinZip\wzshlstb.dll
RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Program Files\Real\RealPlayer\rpshell.dll
Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
- {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
TuneUp Theme Extension - {44440D00-FF19-4AFC-B765-9A0970567D97} - [TuneUp Software GmbH] : C:\WINDOWS\system32\uxtuneup.dll
Protocol Handler
AsyncPProt Class - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - [Microsoft Corporation] : C:\WINDOWS\system32\Msdxm6.ocx
Services
23 - [QFX Software Corporation] : C:\WINDOWS\system32\drivers\keyscrambler.sys
23 - : C:\WINDOWS\system32\Drivers\SnopFree.sys
23 - [Symantec Corporation] : C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMEFA.SYS
Threat Files
<Trojan.Crypt.ZPACK.Gen> : d:\Documents and Settings\Grace\reader_s.exe
<Trojan.Spy.Pophot.hdd> : d:\WINDOWS\xccdf16_090305a.dll
<Worm.Pinit.bz> : d:\WINDOWS\system32\1C.tmp
<Trojan.Spy.Pophot.hdd> : d:\WINDOWS\system32\inf\xccdfb16_090305.dll
<Trojan.Downloader.FraudLoad.vqzq> : d:\WINDOWS\Temp\BN2.tmp
Advanced Files Report
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\NavShExt.dll [Symantec Corporation] [Symantec Shared Component] MD5=A5DEC313D486D363C3BD5FF7948AC23B SIZE=269680
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\ccL80U.dll [Symantec Corporation] [Symantec Security Technologies] MD5=7307267DDDBC6F3B47B78ABF8B2B9313 SIZE=523624
%PROGRAMFILES%\WinZip\wzshlstb.dll [WinZip Computing, S.L.] [WinZip] MD5=6568B043297BE8CCBD653A56499E521B SIZE=11104
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\Navw32.exe [Symantec Corporation] [Symantec Shared Component] MD5=5B8E7412BDD564542A8594A3DB21CBD7 SIZE=135536
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\ccVrTrst.dll [Symantec Corporation] [Symantec Security Technologies] MD5=330870DECA9AFDC486075DF0F44B4E25 SIZE=80744
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\EFACli.dll [Symantec Corporation] [EFA] MD5=5BA6C977C59CA6C2E85CE3DC752EEFC2 SIZE=42856
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\avScanUI.dll [Symantec Corporation] [Symantec Shared Component] MD5=E48CC815569B6B25BDF544224CF30C06 SIZE=505712
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\AVIfc.dll [Symantec Corporation] [Symantec Shared Component] MD5=32D5CE6D98124772FF377ADC252EB989 SIZE=409968
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\AppMgr32.dll [Symantec Corporation] [Symantec Shared Component] MD5=60079BFD9891F5A147108022BB80C5C4 SIZE=268656
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\AVModule.dll [Symantec Corporation] [Symantec Shared Component] MD5=83DB86773E674FC687B0E0A4CC7AD06E SIZE=1061744
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\Srtsp32.dll [Symantec Corporation] [AutoProtect] MD5=3AEBF9427C832E8C8F430BF8418332DC SIZE=300408
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\ccIPC.dll [Symantec Corporation] [Symantec Security Technologies] MD5=4025A3B3ADA0DBFF7A4190AC6FE2B2B8 SIZE=147816
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\SYMHTML.DLL [Symantec Corporation] [SymHTML] MD5=E75C509B314543C974E00EF34158102F SIZE=1784152
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\ccScanw.dll [Symantec Corporation] [Symantec Security Technologies] MD5=C363D87771F935A42D94088D6605EF35 SIZE=328552
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\ecmldr32.DLL [Symantec Corporation] [ECOM Loader] MD5=67F5A45225F4A322E96CEE25825A512D SIZE=42864
%ALLUSERS_APPDATA%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090510.003\ecmsvr32.dll [Symantec Corporation] [ECOM Server] MD5=5A606338E6AB1532C9F124E79401235B SIZE=259368
%ALLUSERS_APPDATA%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090510.003\NAVEX32a.DLL [Symantec Corporation] [Symantec Antivirus Engine] MD5=D4A356DDC1566FC6AC3901AF59343943 SIZE=1181040
%ALLUSERS_APPDATA%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090510.003\NAVENG32.DLL [Symantec Corporation] [Symantec Antivirus Engine] MD5=B837604F9058492659D3EFEFD4CDE576 SIZE=177520
%ALLUSERS_APPDATA%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090510.003\ccEraser.dll [Symantec Corporation] [ERASER ENGINE] MD5=D94A420EBE656E8E6267B0E4CE396A1F SIZE=2414128
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\msl.dll [Symantec Corporation] [Symantec Security Technologies] MD5=65EDED273D6E79666E68080E016101A2 SIZE=268648
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\AVExclu.dll [Symantec Corporation] [Symantec Shared Component] MD5=98C12803C480DE82514407EA653A60F7 SIZE=122736
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\dec_abi.dll [Symantec Corporation] [Symantec Decomposer Component] MD5=1DCA720B7CD97DEB07FD9F7E1DCB4C9E SIZE=2106720
%PROGRAMFILES%\Norton AntiVirus\Engine\16.5.0.134\QBackup.dll [Symantec Corporation] [Symantec Shared Component] MD5=0824409AF6DEABA61515F8BAB582C344 SIZE=110960
%APPDATA%\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MD5=11AB72D5D603DB401C190B454FB935A7 SIZE=117760
deskpan.dll
%COMMONFILES%\Microsoft Shared\web server extensions\12\BIN\FPNSE.DLL [Microsoft Corporation] [2007 Microsoft Office system] MD5=3D83D16D00FCEDCB6FD1A60139E06590 SIZE=421264
%PROGRAMFILES%\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.] [RealPlayer] MD5=E56ADA1922D173913EF98470FC4788DF SIZE=63016
%SYSDIR%\nvshell.dll [NVIDIA Corporation] [NVIDIA Desktop Explorer, Version 111.75] MD5=70BDDEE1D46FC4E98AD76A4B4EBE63FF SIZE=466944
%SYSDIR%\uxtuneup.dll [TuneUp Software GmbH] [TuneUp Utilities] MD5=838C97B3D28BFEBDD11D12ADFE957004 SIZE=28416
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\drivers\keyscrambler.sys [QFX Software Corporation] [KeyScrambler ®] MD5=53D9BD8BDF06D7E5FA2DAB25AFB659B0 SIZE=114024
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\svchost -k rpcss
%SYSDIR%\Drivers\SnopFree.sys MD5=21EA9DC8FBE1236051832ABB5254226F SIZE=9472
%SYSDIR%\drivers\NAV\1005000.086\SYMEFA.SYS [Symantec Corporation] [EFA] MD5=D0403502B507878AA57A79E45B7DFE40 SIZE=310320
%SYSDIR%\Msdxm6.ocx [Microsoft Corporation] [DirectShow] MD5=C8DDFF02594C4A0C4C7C60DF8981E256 SIZE=844048
%SYSDIR%\\Drivers\keyscrambler.sys [QFX Software Corporation] [KeyScrambler ®] MD5=53D9BD8BDF06D7E5FA2DAB25AFB659B0 SIZE=114024
End of Report
Malaware Bytes Anti Malaware Log:
Malwarebytes' Anti-Malware 1.36
Database version: 2105
Windows 5.1.2600 Service Pack 3
5/10/2009 5:50:03 PM
mbam-log-2009-05-10 (17-50-03).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 361915
Time elapsed: 1 hour(s), 11 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
D:\System Volume Information\_restore{99C74EC4-8220-44C6-8A2E-B2D79F7AC498}\RP37\A0023845.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{99C74EC4-8220-44C6-8A2E-B2D79F7AC498}\RP37\A0025863.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{99C74EC4-8220-44C6-8A2E-B2D79F7AC498}\RP37\A0026864.sys (Backdoor.IEBooot) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{99C74EC4-8220-44C6-8A2E-B2D79F7AC498}\RP37\A0026865.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{99C74EC4-8220-44C6-8A2E-B2D79F7AC498}\RP37\A0026866.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{99C74EC4-8220-44C6-8A2E-B2D79F7AC498}\RP37\A0026867.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{99C74EC4-8220-44C6-8A2E-B2D79F7AC498}\RP37\A0027863.sys (Backdoor.IEBooot) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{99C74EC4-8220-44C6-8A2E-B2D79F7AC498}\RP37\A0027864.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\UACkwfchxwbdmauvre.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\UACqpfyehwfjpfaptw.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\UACrxlxyqxgkbmoqmx.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\UACycbruiordelmfqw.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YCGMPVCQ\Installer[1].exe (Rogue.CoreguardSoftware) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\VRT1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
EDIT: Ran Malaware again, didn't get to complete the scan, but here's the log:
Malwarebytes' Anti-Malware 1.36
Database version: 2112
Windows 5.1.2600 Service Pack 3
5/11/2009 9:16:19 PM
mbam-log-2009-05-11 (21-16-19).txt
Scan type: Full Scan (D:\|E:\|F:\|G:\|)
Objects scanned: 57024
Time elapsed: 57 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
D:\Documents and Settings\Grace\Local Settings\Temporary Internet Files\Content.IE5\L78CDHO7\cs[1].htm (Trojan.Backdoor) -> Quarantined and deleted successfully.
D:\Documents and Settings\Grace\Local Settings\Temporary Internet Files\Content.IE5\L78CDHO7\cs[2].htm (Trojan.Backdoor) -> Quarantined and deleted successfully.
D:\Documents and Settings\Grace\Local Settings\Temporary Internet Files\Content.IE5\YHX1EC7H\abb[1].txt (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Grace\Local Settings\Temporary Internet Files\Content.IE5\YHX1EC7H\abb[2].txt (Trojan.Agent) -> Quarantined and deleted successfully.
Edited by sidorak95, 11 May 2009 - 09:18 PM.