malware ick

**wowbab31** · July 7th, 2010, 12:22 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4287

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/7/2010 12:19:19 AM
mbam-log-2010-07-07 (00-19-19).txt

Scan type: Quick scan
Objects scanned: 128601
Time elapsed: 12 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 22
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar (Adware.Hotbar) -> Delete on reboot.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Delete on reboot.
C:\Users\Desiree\AppData\Roaming\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.175.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.175.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.470.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.470.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.470.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.470.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.470.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.470.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Desiree\AppData\Local\Temp\asvzgdweb (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\Temp\BARD1EE.tmp\upgrade.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\history (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\WeatherDPA\Links (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\WeatherDPA\radar-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\WeatherDPA\radar-small (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\WeatherDPA\satellite-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\WeatherDPA\satellite-small (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\WeatherDPA\WeatherPreferences (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML\Display (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML\Loading (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML\screen2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\Weather_XML\Default (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\Weather_XML\Genera1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Desiree\AppData\Roaming\Hotbar\Weather\Weather_XML\General (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.175.0\copyright.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.470.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.470.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.470.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Users\Desiree\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

**Broni** · July 7th, 2010, 04:43 PM

Please, download DDS from one of the 2 mirrors and save it to your desktop.

Mirror 1
Mirror 2

* Disable any script blocking protection (if present)
* Double click the dds icon to run the tool.
* When done, DDS will open two logs:
1. DDS.txt
2. Attach.txt
* Save both reports to your desktop by clicking File>Save As in each log.

Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.

=========================================================

Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

Thread: malware ick

Thread Tools

Search Thread

Display

malware ick

Thread Information

Users Browsing this Thread

Posting Permissions