Posted 15 October 2009 - 03:23 PM
Posted 15 October 2009 - 03:43 PM
Posted 15 October 2009 - 04:06 PM
Posted 15 October 2009 - 04:10 PM
Posted 15 October 2009 - 06:21 PM
SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/15/2009 at 05:51 PM Application Version : 4.29.1004 Core Rules Database Version : 4168 Trace Rules Database Version: 2090 Scan type : Complete Scan Total Scan Time : 01:48:54 Memory items scanned : 228 Memory threats detected : 0 Registry items scanned : 6037 Registry threats detected : 14 File items scanned : 356619 File threats detected : 23 Trojan.Dropper/Gen-NV [restorer64_a] C:\WINDOWS\SYSTEM32\RESTORER64_A.EXE C:\WINDOWS\SYSTEM32\RESTORER64_A.EXE [restorer64_a] C:\DOCUMENTS AND SETTINGS\ALAN\RESTORER64_A.EXE C:\DOCUMENTS AND SETTINGS\ALAN\RESTORER64_A.EXE [mserv] C:\DOCUMENTS AND SETTINGS\ALAN\APPLICATION DATA\SERES.EXE C:\DOCUMENTS AND SETTINGS\ALAN\APPLICATION DATA\SERES.EXE [svchost] C:\DOCUMENTS AND SETTINGS\ALAN\APPLICATION DATA\SVCST.EXE C:\DOCUMENTS AND SETTINGS\ALAN\APPLICATION DATA\SVCST.EXE Rogue.AntiVirusPro2010 [Antivirus Pro 2010] C:\PROGRAM FILES\ANTIVIRUSPRO_2010\ANTIVIRUSPRO_2010.EXE C:\PROGRAM FILES\ANTIVIRUSPRO_2010\ANTIVIRUSPRO_2010.EXE C:\Documents and Settings\Alan\Start Menu\Programs\ANTIVIRUSPRO_2010\AntivirusPro_2010.lnk C:\Documents and Settings\Alan\Start Menu\Programs\ANTIVIRUSPRO_2010\Uninstall.lnk C:\Documents and Settings\Alan\Start Menu\Programs\ANTIVIRUSPRO_2010 C:\Program Files\ANTIVIRUSPRO_2010\AVEngn.dll C:\Program Files\ANTIVIRUSPRO_2010\data\daily.cvd C:\Program Files\ANTIVIRUSPRO_2010\data C:\Program Files\ANTIVIRUSPRO_2010\htmlayout.dll C:\Program Files\ANTIVIRUSPRO_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest C:\Program Files\ANTIVIRUSPRO_2010\Microsoft.VC80.CRT\msvcm80.dll C:\Program Files\ANTIVIRUSPRO_2010\Microsoft.VC80.CRT\msvcp80.dll C:\Program Files\ANTIVIRUSPRO_2010\Microsoft.VC80.CRT\msvcr80.dll C:\Program Files\ANTIVIRUSPRO_2010\Microsoft.VC80.CRT C:\Program Files\ANTIVIRUSPRO_2010\pthreadVC2.dll C:\Program Files\ANTIVIRUSPRO_2010\Uninstall.exe C:\Program Files\ANTIVIRUSPRO_2010\wscui.cpl C:\Program Files\ANTIVIRUSPRO_2010 HKLM\SOFTWARE\AntivirusPro_2010 HKLM\SOFTWARE\AntivirusPro_2010#info HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro_2010 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro_2010#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro_2010#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run#Antivirus Pro 2010 [ "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide ] Trojan.Unknown Origin HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\Software\Microsoft\Windows\CurrentVersion\Run#mserv [ C:\Documents and Settings\Alan\Application Data\seres.exe ] HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\Software\Microsoft\Windows\CurrentVersion\Run#svchost [ C:\Documents and Settings\Alan\Application Data\svcst.exe ] Rogue.XP AntiSpyware2009-Trace C:\WINDOWS\system32\_scui.cpl Rogue.XP AntiSpyware 2009 HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\Control Panel\don't load#wscui.cpl [ No ] Trojan.Agent/Gen-FakeAlert C:\DOCUMENTS AND SETTINGS\ALAN\APPLICATION DATA\LIZKAVD.EXE
Malwarebytes' Anti-Malware 1.41 Database version: 2969 Windows 5.1.2600 Service Pack 2 10/15/2009 6:10:01 PM mbam-log-2009-10-15 (18-10-01).txt Scan type: Quick Scan Objects scanned: 97452 Time elapsed: 2 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 3 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\All Users\Application Data\umabepyjex.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully. C:\Documents and Settings\Alan\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\765.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
Posted 15 October 2009 - 06:46 PM
Posted 15 October 2009 - 10:12 PM
Malwarebytes' Anti-Malware 1.41 Database version: 2970 Windows 5.1.2600 Service Pack 2 10/15/2009 10:11:42 PM mbam-log-2009-10-15 (22-11-42).txt Scan type: Quick Scan Objects scanned: 99579 Time elapsed: 2 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Posted 16 October 2009 - 12:22 PM
Posted 17 October 2009 - 10:13 AM
Malwarebytes' Anti-Malware 1.41 Database version: 2975 Windows 5.1.2600 Service Pack 3 10/17/2009 10:01:31 AM mbam-log-2009-10-17 (10-01-31).txt Scan type: Quick Scan Objects scanned: 108103 Time elapsed: 8 minute(s), 10 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 3 Memory Processes Infected: C:\Documents and Settings\All Users\Application Data\18131620\18131620.exe (Rogue.SystemSecurity) -> Unloaded process successfully. C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\18131620 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Application Data\18131620 (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\All Users\Application Data\18131620\18131620.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Alan\Local Settings\temp\ie3.tmp (Trojan.Agent) -> Delete on reboot.
Edited by akdavis, 17 October 2009 - 10:23 AM.
Posted 17 October 2009 - 01:51 PM
SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/17/2009 at 12:42 PM Application Version : 4.29.1004 Core Rules Database Version : 4171 Trace Rules Database Version: 2093 Scan type : Complete Scan Total Scan Time : 01:50:50 Memory items scanned : 215 Memory threats detected : 1 Registry items scanned : 6108 Registry threats detected : 0 File items scanned : 362160 File threats detected : 2 Trojan.Dropper/Sys-MS32Clod C:\WINDOWS\SYSTEM32\MS32CLOD.DLL C:\WINDOWS\SYSTEM32\MS32CLOD.DLL Trojan.Dropper/UserInit-Fake C:\WINDOWS\SYSTEM32\USERINIT.EXE
Edited by akdavis, 17 October 2009 - 01:52 PM.
Posted 17 October 2009 - 07:18 PM
Edited by boopme, 17 October 2009 - 07:20 PM.
Posted 17 October 2009 - 09:52 PM
Edited by boopme, 17 October 2009 - 10:01 PM.
Posted 17 October 2009 - 10:04 PM
Posted 17 October 2009 - 10:24 PM
SmitFraudFix v2.424 Scan done at 22:15:43.04, Sat 10/17/2009 Run from C:\Documents and Settings\Alan\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode ªªªªªªªªªªªªªªªªªªªªªªªª SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll ªªªªªªªªªªªªªªªªªªªªªªªª Killing process ªªªªªªªªªªªªªªªªªªªªªªªª hosts 127.0.0.1 localhost ªªªªªªªªªªªªªªªªªªªªªªªª VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri ªªªªªªªªªªªªªªªªªªªªªªªª Winsock2 Fix S!Ri's WS2Fix: LSP not Found. ªªªªªªªªªªªªªªªªªªªªªªªª Generic Renos Fix GenericRenosFix by S!Ri ªªªªªªªªªªªªªªªªªªªªªªªª Deleting infected files C:\Program Files\Google\googletoolbar1.dll Deleted ªªªªªªªªªªªªªªªªªªªªªªªª IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri ªªªªªªªªªªªªªªªªªªªªªªªª Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri ªªªªªªªªªªªªªªªªªªªªªªªª 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri ªªªªªªªªªªªªªªªªªªªªªªªª RK ªªªªªªªªªªªªªªªªªªªªªªªª DNS ªªªªªªªªªªªªªªªªªªªªªªªª Deleting Temp Files ªªªªªªªªªªªªªªªªªªªªªªªª Winlogon.System !!!Attention, following keys are not inevitably infected!!! "System"="" ªªªªªªªªªªªªªªªªªªªªªªªª RK.2 ªªªªªªªªªªªªªªªªªªªªªªªª Registry Cleaning Registry Cleaning done. ªªªªªªªªªªªªªªªªªªªªªªªª SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll ªªªªªªªªªªªªªªªªªªªªªªªª End
Posted 18 October 2009 - 05:00 PM
Edited by akdavis, 18 October 2009 - 05:02 PM.
0 members, 0 guests, 0 anonymous users