Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SHUTTING DOWN DURING DSS SCAN


  • This topic is locked This topic is locked

#1
Brubur

Brubur

    New Member

  • Member
  • Pip
  • 5 posts
:) Andrewuk tried to help me clean up my system for trojans etc..after downloading and running malware program ( I will copy & paste log ) I downloaded the Deckards program. Upon trying to run, it gets to events and errors out stating it has to shut down. Also my WinPatrol program is warning me of attempted change of the registry editor from REGEDIT.EXE %1 to REGEDIT.EXE %1 %*. Also the .SCR ( whatever that is ) is trying to change from
%1/s to %1%*. Thank you for the help. Brubur. Here is the log: Malwarebytes' Anti-Malware 1.21
Database version: 967
Windows 5.1.2600 Service Pack 2

12:09:03 AM 7/20/2008
mbam-log-7-20-2008 (00-09-03).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 106028
Time elapsed: 53 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 21
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\bgcolifl.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\efcYPGyW.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{53d2b243-c8df-460c-a3ff-745870147415} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53d2b243-c8df-460c-a3ff-745870147415} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcypgyw (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{015c64ae-44b0-4cc3-bae3-ba9108254304} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b1bb799a-3f7b-465b-82e8-1554b8dde968} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{77aa25e8-6083-4949-a831-9cb11861dc10} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb01042.ietoolbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb01042.ietoolbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb01042.tbsb01042 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb01042.tbsb01042.3 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0fdc513-46b9-46fc-8e70-d575ee546dae} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5d341b1a-25ea-4777-a68e-6a938b933ba7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{53d2b243-c8df-460c-a3ff-745870147415} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b0fdc513-46b9-46fc-8e70-d575ee546dae} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\bgcolifl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lfilocgb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lcgqkqij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jiqkqgcl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nckfwwan.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nawwfkcn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcYPGyW.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\searsc.SEARSC-2792CFDE\Desktop\vtULBrQh.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\searsc.SEARSC-2792CFDE\Local Settings\Temporary Internet Files\Content.IE5\7NM5S6EH\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\searsc.SEARSC-2792CFDE\Local Settings\Temporary Internet Files\Content.IE5\8HI1TBXQ\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Premium Booster\RdvChk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9429B1D-04E0-4C29-9BDF-26390B28806A}\RP49\A0031743.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9429B1D-04E0-4C29-9BDF-26390B28806A}\RP49\A0031746.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9429B1D-04E0-4C29-9BDF-26390B28806A}\RP49\A0031749.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnlliIA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gbtbdpah.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zwspjt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080718085358375.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
  • 0

Advertisements


#2
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
You need to post your Replies in the original thread you have going with Andrewuk.

Please go to Here
Click on the Add Reply button, and paste those logs there.
That way he will be notified that you have replied. :)
Closing this topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP