Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ThinkPoint Virus?


  • Please log in to reply
1 reply to this topic

#1 Phaaze

Phaaze

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 19 November 2010 - 02:32 PM

I've been asked to clean up a friends computer and she said that she had the ThinkPoint virus. I've not seen any of the symptoms of this virus but I may have suppressed it without knowing.
Anyway, I've just completed a scan with mbam and it has a lot to say... Most of it was adware but there were a few bots and trojans in the mix as well so I figured I ought to post here to get some added insight on what I should do.

--------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5153

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/19/2010 2:05:17 PM
mbam-log-2010-11-19 (14-05-17).txt

Scan type: Full scan (C:\|)
Objects scanned: 222820
Time elapsed: 37 minute(s), 14 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 3
Registry Keys Infected: 40
Registry Values Infected: 6
Registry Data Items Infected: 1
Folders Infected: 12
Files Infected: 45

Memory Processes Infected:
C:\Documents and Settings\cathy\Local Settings\Temp\dwm.exe (Backdoor.GBot) -> Unloaded process successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe (Adware.ClickPotato) -> Unloaded process successfully.
C:\Documents and Settings\cathy\Application Data\Microsoft\svchost.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\Documents and Settings\cathy\Application Data\Microsoft\Windows\shell.exe (Trojan.Shell) -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FraudPack) -> Delete on reboot.
c:\program files\clickpotatolite\bin\10.0.530.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FraudPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c55ca95c-324b-451c-b2d2-6e895aa75fec} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814baa91-dc22-4350-87d6-0c86e93f7f08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419eda30-6dff-432c-b534-e15d899abee4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a3d6d17-9dd5-4c60-8076-d1784dabaf8c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{11c27351-716b-4052-9361-e3b0a3f8221c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{beac7dc8-e106-4c6a-931e-5a42e7362883} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{beac7dc8-e106-4c6a-931e-5a42e7362883} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{beac7dc8-e106-4c6a-931e-5a42e7362883} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\appinit_dlls (Trojan.Witkinat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\crntdll (Trojan.Witkinat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\clickpotatolite@clickpotatolite.com (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Documents and Settings\cathy\Application Data\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Documents and Settings\cathy\Application Data\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files\ClickPotatoLite\bin (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0 (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.536.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance (Adware.Gamevance) -> Delete on reboot.
C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FraudPack) -> Delete on reboot.
C:\Documents and Settings\cathy\Local Settings\Temp\dwm.exe (Backdoor.GBot) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.530.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSAAX.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSABHO.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Delete on reboot.
C:\Documents and Settings\bob\Application Data\Microsoft\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\cathy\Local Settings\Temp\_5F.tmp (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\cathy\Local Settings\Temp\_60.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\cathy\Local Settings\Temp\_61.tmp (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\cathy\Local Settings\Temp\_63.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\cathy\Local Settings\Temp\8u7zel1a.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\cathy\Local Settings\Temp\sshnas21.dll (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteUninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\hotfix.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\LOCAL SETTINGS\Temp\yjcva5wz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Rollback Data\Restore\Current\49062\39\Target\WINDOWS\Zcomua.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\System Rollback Data\Restore\Current\49062\40\Target\WINDOWS\system32\0068.DLL (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\chrome.manifest (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvtl.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Documents and Settings\cathy\Application Data\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\bob\Application Data\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\cathy\Application Data\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\cathy\Application Data\Microsoft\Windows\shell.exe (Trojan.Shell) -> Quarantined and deleted successfully.
C:\Documents and Settings\bob\Application Data\Microsoft\Windows\shell.exe (Trojan.Shell) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shimg.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wupd.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\bob\Local Settings\Temp\dwm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
--------------------------------------------------

I'm currently running a scan with SAS, will post it's log when complete.

Thanks

BC AdBot (Login to Remove)

 


#2 Phaaze

Phaaze
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 19 November 2010 - 03:56 PM

Here is the SAS log...

-----------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/19/2010 at 02:48 PM

Application Version : 4.45.1000

Core Rules Database Version : 5889
Trace Rules Database Version: 3701

Scan type : Complete Scan
Total Scan Time : 00:31:19

Memory items scanned : 467
Memory threats detected : 0
Registry items scanned : 6544
Registry threats detected : 16
File items scanned : 14304
File threats detected : 50

Adware.Tracking Cookie
C:\Documents and Settings\cathy\Cookies\cathy@content.licenseacquisition[3].txt
C:\Documents and Settings\cathy\Cookies\cathy@media.licenseacquisition[1].txt
cdn4.specificclick.net [ C:\Documents and Settings\bob\Application Data\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
content.oddcast.com [ C:\Documents and Settings\bob\Application Data\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\bob\Application Data\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
udn.specificclick.net [ C:\Documents and Settings\bob\Application Data\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
www.naiadsystems.com [ C:\Documents and Settings\bob\Application Data\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
C:\Documents and Settings\bob\Cookies\bob@media.licenseacquisition[1].txt
C:\Documents and Settings\cathy\Cookies\cathy@media.licenseacquisition[2].txt
C:\Documents and Settings\cathy\Cookies\cathy@media.licenseacquisition[3].txt
.revsci.net [ C:\Documents and Settings\cathy\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\cathy\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\cathy\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\cathy\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\cathy\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\cathy\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.mynortonaccount.com [ C:\Documents and Settings\cathy\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.mynortonaccount.com [ C:\Documents and Settings\cathy\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
2mdn.net [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
adsatt.espn.go.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
cdn4.specificclick.net [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
cdn5.specificclick.net [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
core.insightexpressai.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
ia.media-imdb.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
media.bimvid.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
media.mtvnservices.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
media.scanscout.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
mediaforgews.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
momsextube.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
msnbcmedia.msn.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
objects.tremormedia.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
pornotube.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
s-sec.slutload-media.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
s0.2mdn.net [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
secure-us.imrworldwide.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
tube.watchgfporn.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
udn.specificclick.net [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
video.redorbit.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
www.naiadsystems.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
www.realgfporn.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]
wwwstatic.megaporn.com [ C:\System Rollback Data\Restore\Current\49062\36\Target\DOCUMENTS AND SETTINGS\cathy\APPLICATION DATA\Macromedia\Flash Player\#SharedObjects\VVNDJFE9 ]

Adware.Gamevance
HKCR\GamevanceText.Linker
HKCR\GamevanceText.Linker\CLSID
HKCR\GamevanceText.Linker\CurVer
HKCR\GamevanceText.Linker.1
HKCR\GamevanceText.Linker.1\CLSID
HKCR\AppId\GamevanceText.DLL
HKCR\AppId\GamevanceText.DLL#AppID
C:\SYSTEM ROLLBACK DATA\RESTORE\CURRENT\49062\40\TARGET\PROGRAM FILES\GAMEVANCE\GAMEVANCE32.EXE

Trojan.Agent/Gen-SSHNAS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#DeviceDesc

Adware.Vundo/Variant-X32[Header]
C:\SYSTEM ROLLBACK DATA\RESTORE\CURRENT\49062\40\TARGET\WINDOWS\SYSTEM32\CRYPTNET32.DLL

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM ROLLBACK DATA\RESTORE\CURRENT\49062\42\TARGET\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.530.0\CLICKPOTATOLITESA.EXE
C:\SYSTEM ROLLBACK DATA\RESTORE\CURRENT\49062\42\TARGET\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.530.0\CLICKPOTATOLITESAAX.DLL
C:\SYSTEM ROLLBACK DATA\RESTORE\CURRENT\49062\42\TARGET\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.530.0\CLICKPOTATOLITESABHO.DLL
C:\SYSTEM ROLLBACK DATA\RESTORE\CURRENT\49062\42\TARGET\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.530.0\CLICKPOTATOLITEUNINSTALLER.EXE
C:\SYSTEM ROLLBACK DATA\RESTORE\CURRENT\49062\42\TARGET\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.530.0\FIREFOX\EXTENSIONS\PLUGINS\NPCLNTAX_CLICKPOTATOLITESA.DLL
C:\SYSTEM ROLLBACK DATA\RESTORE\CURRENT\49062\42\TARGET\PROGRAM FILES\GAMEVANCE\GVTL.DLL
C:\SYSTEM ROLLBACK DATA\RESTORE\CURRENT\49062\42\TARGET\PROGRAM FILES\GAMEVANCE\GVUN.EXE

-----------------------------

Thanks again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users