Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

report


  • Please log in to reply
1 reply to this topic

#1 luchymon

luchymon

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 01 July 2009 - 09:26 AM

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 6.0.6001 Service Pack 1

7/1/2009 9:43:53 AM
mbam-log-2009-07-01 (09-43-53).txt

Scan type: Quick Scan
Objects scanned: 77557
Time elapsed: 8 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 59
Registry Values Infected: 7
Registry Data Items Infected: 1
Folders Infected: 12
Files Infected: 36

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{139c109e-08c6-4b60-9142-860b8cd5d000} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{679b00b5-0783-4de4-a478-7227fdd50825} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b6a3935f-8fe4-49a4-b987-a1c09e53589f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ef94a58f-599b-4602-9c34-99683c5859b1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{baba5bdb-4eff-48db-b443-679651d37128} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdc0999c-999c-4ee1-875b-5c3542641768} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareShield (Rogue.AntiSpywareShield) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tracker.trackerobj (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tracker.trackerobj.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusRanger (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\ProgramData\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
c:\Users\david\AppData\Roaming\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
c:\Users\david\AppData\Roaming\winspycontrol\Logs (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Program Files\Sotfone (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
c:\winspycontrol\AVQuar (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Users\david\AppData\Roaming\Zango (Adware.Zango) -> Delete on reboot.

Files Infected:
C:\Program Files\Toshiba\Utilities\SVPWUTIL.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
C:\Program Files\Toshiba\Utilities\HWSetup.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\program files\virusranger\asc4.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\bpw.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\kernel40.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\mm.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\OE.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\OE4.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\pl.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\sdebug.log (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\stopapi4.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\TheBAT.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\UnARJ.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\UnMSCAB.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\unrar.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\unzip.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\updater.plb (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Zango\Reset Cursor.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Customer Support Center.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Games!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Library.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Screensavers!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Zango\Zango Videos!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\ZangoSAEULA.mht (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\ZangoSA_hpk.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\Users\david\AppData\Roaming\winspycontrol\Logs\threats.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
c:\Users\david\AppData\Roaming\winspycontrol\Logs\update.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
c:\program files\netproject\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\netproject\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\Users\david\incomplete\favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,978 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:43 PM

Posted 01 July 2009 - 09:41 AM

Hi luchymon, please update MBAM (the latest database is 2358), reboot in normal mode and run a full scan. Please post the results back.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users