Thread: go.google hijack, antivirus sites blocked, sophos affected(?)
View Single Post
Join Date: Sep 2008
Posts: 11
Reputation: Suzie24 is an unknown quantity at this point 
Solved Threads: 0
Suzie24 Suzie24 is offline Offline
Newbie Poster

Re: go.google hijack, antivirus sites blocked, sophos affected(?)

 
0
  #6
Sep 7th, 2008
Hey

Thanks so much for being so helpful! This thing was driving me insane! This is my log. The problem looks like it's gone. My browsers are back to normal, and it looks like I had a whole lot of stuff in there that needed cleaning out!


Malwarebytes' Anti-Malware 1.26
Database version: 1125
Windows 5.1.2600 Service Pack 2

07/09/2008 20:17:57
mbam-log-2008-09-07 (20-17-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 159356
Time elapsed: 1 hour(s), 1 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wintouch (Adware.WinPop) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wintouch (Adware.WinPop) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\UGA6P (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\UGA6P\Quar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suzie\Application Data\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Insider\UnInstall.exe (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suzie\Application Data\WinTouch\wintouch.cfg (Adware.WinPop) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suzie\Application Data\WinTouch\WinTouch.exe (Adware.WinPop) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suzie\Application Data\WinTouch\WTUninstaller.exe (Adware.WinPop) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suzie\Local Settings\Temp\winvsnet.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suzie\Desktop\Online Security Guide.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogon.Del (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.