Micro AV - SuperAntiSpyware Log

Discussion in 'Windows - Virus and spyware problems' started by sahfasaga, Oct 11, 2008.

  1. sahfasaga

    sahfasaga Member

    Joined:
    Oct 6, 2008
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    Hey here's the new thread. So, I managed to delete the Program Files folder for Micro AV after the program crashed. However all the annoying quicklaunch things are still there, and now I seem to have something called Rapid Antivirus. Still can't use task manager, control panel, etc.

    Here is the log from my most recent superantispyware scan.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/10/2008 at 04:46 PM

    Application Version : 4.21.1004

    Core Rules Database Version : 3555
    Trace Rules Database Version: 1543

    Scan type : Complete Scan
    Total Scan Time : 06:05:59

    Memory items scanned : 354
    Memory threats detected : 2
    Registry items scanned : 6056
    Registry threats detected : 14
    File items scanned : 162342
    File threats detected : 24

    Trojan.Vundo-Variant/Small
    C:\WINDOWS\SYSTEM32\WVUMMKEU.DLL
    C:\WINDOWS\SYSTEM32\WVUMMKEU.DLL

    Adware.Vundo Variant/Resident
    C:\WINDOWS\SYSTEM32\DDCAPQOM.DLL
    C:\WINDOWS\SYSTEM32\DDCAPQOM.DLL

    Trojan.Vundo-Variant/NextGen
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22AE4869-4E8A-457B-9F8F-CC340A5A450B}
    HKCR\CLSID\{22AE4869-4E8A-457B-9F8F-CC340A5A450B}
    HKCR\CLSID\{22AE4869-4E8A-457B-9F8F-CC340A5A450B}\InprocServer32
    HKCR\CLSID\{22AE4869-4E8A-457B-9F8F-CC340A5A450B}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDC7F6FB-789E-45F1-B5B1-2D0E3CF7D952}
    HKCR\CLSID\{CDC7F6FB-789E-45F1-B5B1-2D0E3CF7D952}
    HKCR\CLSID\{CDC7F6FB-789E-45F1-B5B1-2D0E3CF7D952}\InprocServer32
    HKCR\CLSID\{CDC7F6FB-789E-45F1-B5B1-2D0E3CF7D952}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{22AE4869-4E8A-457B-9F8F-CC340A5A450B}
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\wvUmmKEu

    Registry Cleaner Trial
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\Install.dll [  ]

    Trojan.Unknown Origin
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A34FA88D-8437-4634-8A60-E913011EF2E5}
    C:\WINDOWS\SYSTEM32\1.ICO
    C:\WINDOWS\SYSTEM32\2.ICO

    Browser Hijacker.Internet Explorer Settings Hijack
    HKU\S-1-5-21-842925246-1993962763-725345543-1003\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 ]

    Trojan.Media-Codec
    C:\Program Files\PCHealthCenter\0.exe
    C:\Program Files\PCHealthCenter\0.gif
    C:\Program Files\PCHealthCenter\1.exe
    C:\Program Files\PCHealthCenter\1.gif
    C:\Program Files\PCHealthCenter\1.ico
    C:\Program Files\PCHealthCenter\2.exe
    C:\Program Files\PCHealthCenter\2.gif
    C:\Program Files\PCHealthCenter\2.ico
    C:\Program Files\PCHealthCenter\3.exe
    C:\Program Files\PCHealthCenter\3.gif
    C:\Program Files\PCHealthCenter\5.exe
    C:\Program Files\PCHealthCenter\7.exe
    C:\Program Files\PCHealthCenter\sc.html
    C:\Program Files\PCHealthCenter
    C:\WINDOWS\Prefetch\0.EXE-07188F56.pf
    C:\WINDOWS\Prefetch\1.EXE-08E7CB1D.pf
    C:\WINDOWS\Prefetch\2.EXE-30E3C323.pf
    C:\WINDOWS\Prefetch\3.EXE-1E1B1A8F.pf
    C:\WINDOWS\Prefetch\5.EXE-334E6A01.pf
    C:\WINDOWS\Prefetch\7.EXE-0CE6EF6C.pf

    Adware.Vundo Variant/Rel
    HKLM\SOFTWARE\Microsoft\RemoveRP
     
    sahfasaga, Oct 11, 2008
    #1
  2. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey sahfasaga

    Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.

    Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.

    Configuring Malwarebytes

    • Click on the tab Settings.
    • Make sure only these boxes are checked:
    Code:
    Terminate Internet Explorer
Automatically save and display logfile after removal
Always scan memory objects
Always scan registry objects
Always scan filesystem
Always scan extra and heuristics objects
    Updating Malwarebytes

    • Click on the tab Update.
    • Press the button Check for Updates
    • Wait for Malwarebytes to be fully updated.

    Scanning Time

    • Click on the tab Scanner.
    • Check Perform full scan and click on Scan
    • Wait for the scan to complete, and then click on Show Results.
    • Make sure all items are checked, then click on Remove Selected.
    **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.

    Post A Log

    • A text box will pop up after the removal process is over. Post the contents of the text here.
    • If no text box pops up, launch Malwarebytes, and click on the tab Logs.
    • The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
    Post the log here.

    Best Regards :D
     
    cdavfrew, Oct 12, 2008
    #2
  3. sahfasaga

    sahfasaga Member

    Joined:
    Oct 6, 2008
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    Right now I am unable to run Mbam not sure why... but the computer is getting worse. Randomly restarting or giving me errors or not letting me log on. The last time I ran mbam was 10-11 but I wasn't able to update it even though I had my settings programmed to make it an exception to access the internet. I tried to uninstall/reinstall it but I cannot run the install program. Oy.

    Malwarebytes' Anti-Malware 1.28
    Database version: 1134
    Windows 5.1.2600 Service Pack 3

    10/11/2008 9:40:37 PM
    mbam-log-2008-10-11 (21-40-21).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 204089
    Time elapsed: 2 hour(s), 54 minute(s), 45 second(s)

    Memory Processes Infected: 3
    Memory Modules Infected: 2
    Registry Keys Infected: 48
    Registry Values Infected: 80
    Registry Data Items Infected: 17
    Folders Infected: 6
    Files Infected: 138

    Memory Processes Infected:
    C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\7.exe (Trojan.Fakealert) -> No action taken.

    Memory Modules Infected:
    C:\WINDOWS\system32\ddcApqom.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\wvUmmKEu.dll (Trojan.Vundo) -> No action taken.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22ae4869-4e8a-457b-9f8f-cc340a5a450b} (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvummkeu (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{22ae4869-4e8a-457b-9f8f-cc340a5a450b} (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9e7189f-9692-4afe-83fd-2e34a272283a} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{a9e7189f-9692-4afe-83fd-2e34a272283a} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\qaccess.tchongabho (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{a34fa88d-8437-4634-8a60-e913011ef2e5} (Trojan.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a34fa88d-8437-4634-8a60-e913011ef2e5} (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{7669d1e6-a20a-486e-b15a-2dd77f94d2d6} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> No action taken.
    HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> No action taken.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> No action taken.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> No action taken.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> No action taken.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ausucxwwrg (Trojan.FakeAlert.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{22ae4869-4e8a-457b-9f8f-cc340a5a450b} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4c.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4d.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4e.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4f.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur59.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5a.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5b.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5d.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5c.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur11.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurc.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurd.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yure.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur21.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2e.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3c.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur49.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5e.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5f.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur60.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur62.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur63.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurb.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3d.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3e.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3f.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur40.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur46.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur17.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur29.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4c.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4d.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4e.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4f.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur59.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur11.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurc.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurd.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yure.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5e.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5f.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur60.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur62.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur63.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurb.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3d.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3e.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3f.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur40.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur46.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur17.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur29.exe (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MicroAntivirus) -> No action taken.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcapqom -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcapqom -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-OEM-0011903-00102) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    C:\WINDOWS\mslagent (Adware.EGDAccess) -> No action taken.
    C:\Program Files\akl (Fake.Dropped.Malware) -> No action taken.
    C:\Program Files\Media Pass (Adware.Winad) -> No action taken.
    C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
    C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> No action taken.
    C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> No action taken.

    Files Infected:
    C:\WINDOWS\system32\wvUmmKEu.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\ddcApqom.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\moqpAcdd.ini (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\moqpAcdd.ini2 (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\lucwcums.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\smucwcul.ini (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\pqhlckeh.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\hekclhqp.ini (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\zelyjqxk\bwfojols.exe (Trojan.FakeAlert.H) -> No action taken.
    C:\Documents and Settings\Julie\Application Data\sp2\qaccess.dll (Trojan.BHO) -> No action taken.
    C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\294BOJQ9\file[1].exe (Trojan.Vundo) -> No action taken.
    C:\Program Files\Rapid Antivirus\Uninstall.exe (Backdoor.Bot) -> No action taken.
    C:\System Volume Information\_restore{0A31DBF5-5F20-4198-88AF-2065F40C4FF5}\RP1085\A0129987.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\eldo.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\evqb.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\retadpu357.exe.tmp (Trojan.Agent) -> No action taken.
    C:\WINDOWS\eafe.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\eagd.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\mrofinu_upx.exe (Trojan.Downloader) -> No action taken.
    C:\WINDOWS\system32\fccaYpQI.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ddcYsstU.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\myvgvspx.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\xxyyxVNd.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\wxhlnd.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\xfmxcxsr.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\tyacugcn.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ubiujvlb.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> No action taken.
    C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> No action taken.
    C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> No action taken.
    C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> No action taken.
    C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> No action taken.
    C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> No action taken.
    C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> No action taken.
    C:\Program Files\Media Pass\Info.txt (Adware.Winad) -> No action taken.
    C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\2.exe (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\3.exe (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\4.exe (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\7.exe (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\foo.txt (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
    C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> No action taken.
    C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> No action taken.
    C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> No action taken.
    C:\WINDOWS\system32\1.ico (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\2.ico (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\YUR1.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\YUR2.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\YUR3.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\YUR4.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\YURC.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\YUR9.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\YURA.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\YURB.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\YUR17.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\YUR29.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\86FmtIJf.exe.a_a (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\k7R8fb15.exe.a_a (Trojan.Agent) -> No action taken.
    C:\1.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.
    C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> No action taken.
    C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> No action taken.
    C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> No action taken.
    C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> No action taken.
    C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> No action taken.
    C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> No action taken.
    C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> No action taken.
    C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> No action taken.
    C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> No action taken.
    C:\WINDOWS\bdn.com (Trojan.Agent) -> No action taken.
    C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\mssecu.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> No action taken.
    C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> No action taken.
    C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> No action taken.
    C:\x (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\MicroAV.cpl (Rogue.MicroAntivirus) -> No action taken.
    C:\Documents and Settings\Julie\delself.bat (Malware.Trace) -> No action taken.
    C:\Documents and Settings\Julie\results.txt (Malware.Trace) -> No action taken.
     
    sahfasaga, Oct 14, 2008
    #3
  4. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey sahfasaga

    Can Malwarebytes run in safe mode?

    If not, then follow these instructions:

    Now, please download ComboFix.
    With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

    Please disable all security programs, such as antiviruses, antispywares, and firewalls.
    Also disable your internet connection.

    • Run Combo-Fix.exe and follow the prompts.
    **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Do not click on the ComoboFix window, as it may cause it to stall.

    Best Regards :D
     
    cdavfrew, Oct 14, 2008
    #4

Share This Page