|
Re: maware and trojans
heres my OTmoveit2 results
C:\Windows\SG91c2U moved successfully.
C:\Windows\system32\xnet2 moved successfully.
C:\Windows\system32\tz moved successfully.
C:\Windows\system32\brem moved successfully.
C:\Windows\system32\3057 moved successfully.
C:\Windows\system32\vntiho06 moved successfully.
C:\Users\All Users\Adsl Software Limited\WinSpywareProtect\SAVED moved successfully.
C:\Users\All Users\Adsl Software Limited\WinSpywareProtect\LOG moved successfully.
C:\Users\All Users\Adsl Software Limited\WinSpywareProtect\DELETED moved successfully.
C:\Users\All Users\Adsl Software Limited\WinSpywareProtect\BASE moved successfully.
C:\Users\All Users\Adsl Software Limited\WinSpywareProtect moved successfully.
C:\Users\All Users\Adsl Software Limited moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06222008_014843
heres my scanlog but i had a problem removing some of the objects, this is the error i recieved,
"certain items could not be removed! the first few are listed below. all items that could not be removed have been added to the delete on reboot list please restart your computer now. a logfile was saved to the logs folder.
C:\WINDOWS\System32\drivers\HdAudioo.sys
C:\WINDOWS\System32\drivers\core.cache.dsk
your computer needs to be restarted to complete the removal process.
would you like to continue?
Yes/No"
so heres the log,
Malwarebytes' Anti-Malware 1.18
Database version: 876
2:02:36 AM 6/22/2008
mbam-log-6-22-2008 (02-02-36).txt
Scan type: Quick Scan
Objects scanned: 37450
Time elapsed: 5 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 28
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\centerlock.centerlock (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\centerlock.centerlock.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c108ae59-c97f-4517-8b74-5590be3c2a82} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2587f5f9-bcdf-4076-98ef-afc65c5bd816} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd3c6f7c-6c8d-48f6-ac52-5e4071aeb257} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Users\Tom.House-PC\AppData\Roaming\Microsoft\dtsc (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\System32\drivers\HdAudioo.sys (Rootkit.Agent) -> Delete on reboot.
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Users\Tom.House-PC\AppData\Roaming\Microsoft\dtsc\s (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.
C:\Users\Tom.House-PC\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Tom.House-PC\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Tom.House-PC\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Tom.House-PC\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
|