Major Browser Problems! Adware?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Penny416, Jun 21, 2008.

  1. Penny416

    Penny416 Private E-2

    Hello, I'm new to the forums but I'm desperate for some help so hopefully someone out there can give me some advice. When I open my browser (MF or IE), I have trouble going to different websites...it takes a long time to load, and usually doesn't load at all, and this is a problem for me because I can't check my email on aol.com. What's the source of the problem, and how can I get rid of it? I tried running scans, but doesn't help. Should I reinstall firefox? I'm just afraid if I uninstall it, I wouldn't be able to install it via IE. Greatly appreciate some help, thanks.
     
    Penny416, Jun 21, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

    READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Jun 21, 2008
    #2
  3. Penny416

    Penny416 Private E-2

    I tried following the directions at your link, but my browser doesn't even last long enough for me to follow them. Also when I were to DL all the spybot stuff, after i clicked DL it, i would then click save file...but then nothing would happen. The file wouldn't go to desktop, so I couldn't even run that. Very frustrating. = /
     
    Penny416, Jun 21, 2008
    #3
  4. Penny416

    Penny416 Private E-2

    ok seriously, i've spent the entire day trying to fix this...obviously i don't know how, need help..none of these scans are doing anything, and now I can't even download anything. I try to DL and it says "save file", so I click on it...and usually afterwards it asks to save to desktop, but now NOTHING happens at all...so I cant DL
     
    Penny416, Jun 21, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry to hear you are having such difficulties. I know this can be frustrating. Sometimes it can take some creativity to get things downloaded and installed when a PC is not working properly. This can happen due to malware but it can also happen due to problems within your Windows OS. And that is what we need to find out. Without logs from these scans, it is difficult to impossible for us to know what is really at the heart of your problems.

    Which browser are you using? Try both IE and FireFox.

    Also see if you can download anything in safe boot mode.

    If you cannot get either browser to work and you cannot download in safe boot mode, you will have to use another PC to download the files and then burn them to a CD, copy to a flash drive,.....etc and then copy from this media to your problem PC.

    What antivirus program are you using and is it a security suite?
    What firewall are you using?
    Try shutting down both of the above programs to see if you can then download anything.
     
    chaslang, Jun 21, 2008
    #5
  6. Penny416

    Penny416 Private E-2

    ok thanks! i read your instructions and after a few hours it finally works now!
    is there anything I should be doing afterwards now? to set something back to how it was? and which of the DL'ed files should I keep/delete? cf.exe? SAS? malwarebytes? spybot?
     
    Penny416, Jun 22, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you are able to download and run the scans then you should attach the requested logs so we can check to see if you have any malware.
     
    chaslang, Jun 22, 2008
    #7
  8. Penny416

    Penny416 Private E-2

    Spybot

    Error sending request.

    A connection with the server could not be established


    (retry) (cancel)



    Malwarebytes' Anti-Malware 1.18
    Database version: 870

    1:00:29 AM 6/22/2008
    mbam-log-6-22-2008 (01-00-29).txt

    Scan type: Quick Scan
    Objects scanned: 43620
    Time elapsed: 6 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 3
    Registry Keys Infected: 14
    Registry Values Infected: 4
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 8

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\oeoturcc.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\rQhEWoMD.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\__c00405C9.dat (Trojan.Agent) -> Unloaded module successfully.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69cafe84-8484-421c-8201-3513573b6879} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{69cafe84-8484-421c-8201-3513573b6879} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00405c9 (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ec1c7761 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMef2f44fd (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqhewomd -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\oeoturcc.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\ccrutoeo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rQhEWoMD.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\DMoWEhQr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DMoWEhQr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xuktkoxc.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\__c00405C9.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.



    CF

    Windows cannot find ‘C:\Documents and Settings\HP_Administrator\desktop\cf.exe’. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/21/2008 at 11:53 PM

    Application Version : 4.15.1000

    Core Rules Database Version : 3469
    Trace Rules Database Version: 1460

    Scan type : Complete Scan
    Total Scan Time : 00:45:42

    Memory items scanned : 474
    Memory threats detected : 4
    Registry items scanned : 6192
    Registry threats detected : 138
    File items scanned : 25715
    File threats detected : 31

    Trojan.Vundo-Variant/Small-GEN
    C:\WINDOWS\SYSTEM32\AWTTQNOG.DLL
    C:\WINDOWS\SYSTEM32\AWTTQNOG.DLL
    C:\WINDOWS\SYSTEM32\RQRJAQNF.DLL
    C:\WINDOWS\SYSTEM32\YAYVWUUK.DLL

    Adware.Vundo Variant/Resident
    C:\WINDOWS\SYSTEM32\RQHEWOMD.DLL
    C:\WINDOWS\SYSTEM32\RQHEWOMD.DLL

    Trojan.Downloader-NewJuan/VM
    C:\WINDOWS\SYSTEM32\CUSDOGQO.DLL
    C:\WINDOWS\SYSTEM32\CUSDOGQO.DLL
    C:\WINDOWS\SYSTEM32\AHUGLESP.DLL
    C:\WINDOWS\SYSTEM32\AHUGLESP.DLL

    Adware.Zango/ShoppingReport
    HKLM\Software\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
    HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
    HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
    HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories
    HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
    HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32
    HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32#ThreadingModel
    HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID
    HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\TypeLib
    HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionIndependentProgID
    C:\PROGRAM FILES\SHOPPINGREPORT\BIN\2.5.0\SHOPPINGREPORT.DLL
    HKU\S-1-5-21-41091408-956478034-2865808238-1007\Software\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
    HKCR\ShoppingReport.HbAx
    HKCR\ShoppingReport.HbAx\CLSID
    HKCR\ShoppingReport.HbAx\CurVer
    HKCR\ShoppingReport.HbAx.1
    HKCR\ShoppingReport.HbAx.1\CLSID
    HKCR\ShoppingReport.HbInfoBand
    HKCR\ShoppingReport.HbInfoBand\CLSID
    HKCR\ShoppingReport.HbInfoBand\CurVer
    HKCR\ShoppingReport.HbInfoBand.1
    HKCR\ShoppingReport.HbInfoBand.1\CLSID
    HKCR\ShoppingReport.IEButton
    HKCR\ShoppingReport.IEButton\CLSID
    HKCR\ShoppingReport.IEButton\CurVer
    HKCR\ShoppingReport.IEButton.1
    HKCR\ShoppingReport.IEButton.1\CLSID
    HKCR\ShoppingReport.IEButtonA
    HKCR\ShoppingReport.IEButtonA\CLSID
    HKCR\ShoppingReport.IEButtonA\CurVer
    HKCR\ShoppingReport.IEButtonA.1
    HKCR\ShoppingReport.IEButtonA.1\CLSID
    HKCR\ShoppingReport.RprtCtrl
    HKCR\ShoppingReport.RprtCtrl\CLSID
    HKCR\ShoppingReport.RprtCtrl\CurVer
    HKCR\ShoppingReport.RprtCtrl.1
    HKCR\ShoppingReport.RprtCtrl.1\CLSID
    HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}
    HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Control
    HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Implemented Categories
    HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32
    HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ProgID
    HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Programmable
    HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ToolboxBitmap32
    HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\TypeLib
    HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Version
    HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\VersionIndependentProgID
    HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}
    HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32
    HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32#ThreadingModel
    HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID
    HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\Programmable
    HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\TypeLib
    HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionIndependentProgID
    HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}
    HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32
    HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32#ThreadingModel
    HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID
    HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\Programmable
    HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\TypeLib
    HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionIndependentProgID
    HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
    HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0
    HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0
    HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32
    HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS
    HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR
    HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}
    HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0
    HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0
    HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32
    HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS
    HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR
    HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}
    HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0
    HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0
    HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\win32
    HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\FLAGS
    HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR
    HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
    HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid
    HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32
    HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib
    HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version
    HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
    HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid
    HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32
    HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib
    HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version
    HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
    HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid
    HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32
    HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib
    HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib#Version
    HKU\S-1-5-21-41091408-956478034-2865808238-1007\Software\ShoppingReport
    HKLM\Software\ShoppingReport
    HKLM\Software\ShoppingReport#affid
    HKLM\Software\ShoppingReport#Version
    HKLM\Software\ShoppingReport#ProductName
    HKLM\Software\ShoppingReport#requestor
    HKLM\Software\ShoppingReport#SG_Not_Set
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayIcon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayVersion
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#URLInfoAbout
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#Publisher
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Default Visible
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ButtonText
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#HotIcon
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Icon
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#CLSID
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ClsidExtension
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Default Visible
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ButtonText
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#HotIcon
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Icon
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#CLSID
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ClsidExtension
    C:\Program Files\ShoppingReport\Bin\2.5.0
    C:\Program Files\ShoppingReport\Bin
    C:\Program Files\ShoppingReport\Uninst.exe
    C:\Program Files\ShoppingReport
    C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\db
    C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\dwld
    C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\report
    C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
    C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\res1
    C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs
    C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport

    Trojan.Vundo-Variant/Small
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}
    HKCR\CLSID\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}
    HKCR\CLSID\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}\InprocServer32
    HKCR\CLSID\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{897A0343-996A-48A0-9713-FF31E25346B2}
    HKCR\CLSID\{897A0343-996A-48A0-9713-FF31E25346B2}
    HKCR\CLSID\{897A0343-996A-48A0-9713-FF31E25346B2}\InprocServer32
    HKCR\CLSID\{897A0343-996A-48A0-9713-FF31E25346B2}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{32341E7E-C319-46DE-91D0-E30BB1A3CABA}
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\awttqnOG
    C:\WINDOWS\SYSTEM32\IHWUTQPB.DLL
    C:\WINDOWS\SYSTEM32\JFNDXQPG.DLL
    C:\WINDOWS\SYSTEM32\JOBJETTE.DLL
    C:\WINDOWS\SYSTEM32\KYWGRCYC.DLL
    C:\WINDOWS\SYSTEM32\XERVRVUF.DLL

    Rogue.AntiVirus 2008
    HKU\S-1-5-21-41091408-956478034-2865808238-1007\Software\Microsoft\Windows\CurrentVersion\Run#Antivirus [ C:\Program Files\SAV\sav.exe ]

    Adware.Vundo Variant/Rel
    HKLM\SOFTWARE\Microsoft\aoprndtws
    HKLM\SOFTWARE\Microsoft\FCOVM
    HKLM\SOFTWARE\Microsoft\RemoveRP
    HKU\S-1-5-21-41091408-956478034-2865808238-1007\Software\Microsoft\rdfa

    Trojan.Downloader-Gen/Multi
    C:\WINDOWS\SYSTEM32\~.EXE

    Trojan.VXGame/32
    C:\WINDOWS\XPUPDATE.EXE
     
    Penny416, Jun 27, 2008
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow the instructions properly. You should not be posting inline logs like you are doing. Logs should be attachments as requested in the READ & RUN ME where it shows you how to do this.

    You need to attach the last log from MGtools
     
    chaslang, Jun 27, 2008
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds