Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
FBI ransomeware help
Message
<blockquote data-quote="mmaikeru" data-source="post: 124329" data-attributes="member: 8869"><p># AdwCleaner v2.303 - Logfile created 06/08/2013 at 22:55:16</p><p># Updated 08/06/2013 by Xplode</p><p># Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)</p><p># User : WALL_E_Machine - UPSTAIRS</p><p># Boot Mode : Normal</p><p># Running from : C:\Users\WALL_E_Machine\AppData\Local\Temp\Temporary Internet Files\Content.IE5\YGP9ODYS\adwcleaner[1].exe</p><p># Option [Delete]</p><p></p><p></p><p>***** [Services] *****</p><p></p><p></p><p>***** [Files / Folders] *****</p><p></p><p>Folder Deleted : C:\ProgramData\ParetoLogic</p><p>Folder Deleted : C:\Users\WALL_E_Machine\AppData\Roaming\ParetoLogic</p><p></p><p>***** [Registry] *****</p><p></p><p>Key Deleted : HKCU\Software\BFlix</p><p>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}</p><p>Key Deleted : HKCU\Software\YahooPartnerToolbar</p><p>Key Deleted : HKLM\Software\BFlix</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFlix</p><p></p><p>***** [Internet Browsers] *****</p><p></p><p>-\\ Internet Explorer v8.0.6001.18999</p><p></p><p>[OK] Registry is clean.</p><p></p><p>-\\ Google Chrome v27.0.1453.110</p><p></p><p>File : C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Preferences</p><p></p><p>[OK] File is clean.</p><p></p><p>File : C:\Users\Upstairs computer\AppData\Local\Google\Chrome\User Data\Default\Preferences</p><p></p><p>[OK] File is clean.</p><p></p><p>*************************</p><p></p><p>AdwCleaner[S1].txt - [2209 octets] - [08/06/2013 22:55:16]</p><p></p><p>########## EOF - C:\AdwCleaner[S1].txt - [2269 octets] ##########</p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p>Junkware Removal Tool (JRT) by Thisisu</p><p>Version: 4.9.4 (05.06.2013:1)</p><p>OS: Windows Vista (TM) Home Premium x86</p><p>Ran by WALL_E_Machine on Sat 06/08/2013 at 22:47:33.15</p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p></p><p></p><p></p><p></p><p>~~~ Services</p><p></p><p></p><p></p><p>~~~ Registry Values</p><p></p><p>Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName</p><p>Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL</p><p>Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName</p><p>Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL</p><p></p><p></p><p></p><p>~~~ Registry Keys</p><p></p><p>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36054807-1BD1-4CE0-A2D0-4C0E060A5C71}</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}</p><p></p><p></p><p></p><p>~~~ Files</p><p></p><p>Successfully deleted: [File] "C:\Windows\tasks\driverupdate startup.job"</p><p></p><p></p><p></p><p>~~~ Folders</p><p></p><p>Successfully deleted: [Folder] "C:\ProgramData\installmate"</p><p>Successfully deleted: [Folder] "C:\Users\WALL_E_Machine\AppData\Roaming\drivercure"</p><p>Successfully deleted: [Folder] "C:\Users\WALL_E_Machine\AppData\Roaming\registry mechanic"</p><p>Failed to delete: [Folder] "C:\Users\WALL_E_Machine\appdata\local\bigfix"</p><p>Failed to delete: [Folder] "C:\Users\WALL_E_Machine\Local Settings\Application Data\bigfix"</p><p>Successfully deleted: [Folder] "C:\Program Files\bigfix"</p><p>Successfully deleted: [Folder] "C:\Program Files\registry mechanic"</p><p></p><p></p><p></p><p>~~~ Event Viewer Logs were cleared</p><p></p><p></p><p></p><p></p><p></p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p>Scan was completed on Sat 06/08/2013 at 22:51:26.05</p><p>End of JRT log</p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p>Malwarebytes Anti-Rootkit BETA 1.06.0.1003</p><p>www.malwarebytes.org</p><p></p><p>Database version: v2013.06.10.02</p><p></p><p>Windows Vista Service Pack 1 x86 NTFS</p><p>Internet Explorer 8.0.6001.18999</p><p>WALL_E_Machine :: UPSTAIRS [administrator]</p><p></p><p>6/8/2013 11:10:00 PM</p><p>mbar-log-2013-06-08 (23-10-00).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P</p><p>Scan options disabled: Deep Anti-Rootkit Scan | PUP</p><p>Objects scanned: 234934</p><p>Time elapsed: 27 minute(s), 13 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 2</p><p>HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Trojan.0Access) -> Delete on reboot.</p><p>HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.Zaccess) -> Delete on reboot.</p><p></p><p>Registry Values Detected: 2</p><p>HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\n. -> Delete on reboot.</p><p>HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell (Hijack.Shell.Gen) -> Data: C:\Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx,explorer.exe -> Delete on reboot.</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 3</p><p>c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\U (Trojan.Siredef.C) -> Delete on reboot.</p><p>c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\L (Trojan.Siredef.C) -> Delete on reboot.</p><p>c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c (Trojan.Siredef.C) -> Delete on reboot.</p><p></p><p>Files Detected: 31</p><p>c:\Users\WALL_E_Machine\AppData\Local\Temp\29B1.tmp (Trojan.Agent.FSA52) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\AppData\Local\Temp\2A6C.tmp (Trojan.Agent.FSA52) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\AppData\Local\Temp\2EBE.tmp (Trojan.Agent.FSA52) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\AppData\Local\Temp\407B.tmp (Trojan.Agent.FSA52) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\AppData\Local\Temp\49BF.tmp (Trojan.Agent.FSA52) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\AppData\Local\Temp\9A7B.tmp (Trojan.Agent.FSA52) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\AppData\Local\Temp\C6A9.tmp (Trojan.Agent.FSA52) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\AppData\Local\Temp\CE78.tmp (Trojan.Agent.FSA52) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\AppData\Local\Temp\msimg32.dll (Rootkit.0Access.ED) -> Delete on reboot.</p><p>c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\@ (Trojan.Siredef.C) -> Delete on reboot.</p><p>c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\n (Trojan.0Access) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\mstsc.exe (Rootkit.0Access.ED) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\notepad.exe (Rootkit.0Access.ED) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\teamviewer196346.exe (Rootkit.0Access.ED) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\vlcplayer.exe (Trojan.Agent.FSA52) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\java.exe (Rootkit.0Access.ED) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\jucheck.exe (Rootkit.0Access.ED) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\chrome.exe (Rootkit.0Access.ED) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\csrss344359.exe (Rootkit.0Access.ED) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\icq.exe (Rootkit.0Access.ED) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\iexplore.exe (Rootkit.0Access.ED) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\csrss.exe (Trojan.Agent) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\ctfmon.exe (Trojan.Agent) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\firefox.exe (Rootkit.Dropper) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\rundll32.exe (Trojan.Dropper) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\winlogon.exe (Trojan.Downloader) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\spoolsv.exe (Trojan.Agent) -> Delete on reboot.</p><p>c:\Users\WALL_E_Machine\conhost.exe (Trojan.Agent) -> Delete on reboot.</p><p>c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\U\00000001.@ (Trojan.Siredef.C) -> Delete on reboot.</p><p>c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\U\80000000.@ (Trojan.Siredef.C) -> Delete on reboot.</p><p>c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\U\800000cb.@ (Trojan.Siredef.C) -> Delete on reboot.</p><p></p><p>Physical Sectors Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p><p>Malwarebytes Anti-Malware 1.75.0.1300</p><p>www.malwarebytes.org</p><p></p><p>Database version: v2013.06.08.01</p><p></p><p>Windows Vista Service Pack 1 x86 NTFS</p><p>Internet Explorer 8.0.6001.18999</p><p>WALL_E_Machine :: UPSTAIRS [administrator]</p><p></p><p>6/8/2013 11:44:58 PM</p><p>mbam-log-2013-06-08 (23-44-58).txt</p><p></p><p>Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|I:\|J:\|)</p><p>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</p><p>Scan options disabled: P2P</p><p>Objects scanned: 376779</p><p>Time elapsed: 1 hour(s), 1 minute(s), 4 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p></blockquote><p></p>
[QUOTE="mmaikeru, post: 124329, member: 8869"] # AdwCleaner v2.303 - Logfile created 06/08/2013 at 22:55:16 # Updated 08/06/2013 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits) # User : WALL_E_Machine - UPSTAIRS # Boot Mode : Normal # Running from : C:\Users\WALL_E_Machine\AppData\Local\Temp\Temporary Internet Files\Content.IE5\YGP9ODYS\adwcleaner[1].exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\ParetoLogic Folder Deleted : C:\Users\WALL_E_Machine\AppData\Roaming\ParetoLogic ***** [Registry] ***** Key Deleted : HKCU\Software\BFlix Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\BFlix Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFlix ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18999 [OK] Registry is clean. -\\ Google Chrome v27.0.1453.110 File : C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Upstairs computer\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[S1].txt - [2209 octets] - [08/06/2013 22:55:16] ########## EOF - C:\AdwCleaner[S1].txt - [2269 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows Vista (TM) Home Premium x86 Ran by WALL_E_Machine on Sat 06/08/2013 at 22:47:33.15 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36054807-1BD1-4CE0-A2D0-4C0E060A5C71} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E} ~~~ Files Successfully deleted: [File] "C:\Windows\tasks\driverupdate startup.job" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\installmate" Successfully deleted: [Folder] "C:\Users\WALL_E_Machine\AppData\Roaming\drivercure" Successfully deleted: [Folder] "C:\Users\WALL_E_Machine\AppData\Roaming\registry mechanic" Failed to delete: [Folder] "C:\Users\WALL_E_Machine\appdata\local\bigfix" Failed to delete: [Folder] "C:\Users\WALL_E_Machine\Local Settings\Application Data\bigfix" Successfully deleted: [Folder] "C:\Program Files\bigfix" Successfully deleted: [Folder] "C:\Program Files\registry mechanic" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 06/08/2013 at 22:51:26.05 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.06.10.02 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.18999 WALL_E_Machine :: UPSTAIRS [administrator] 6/8/2013 11:10:00 PM mbar-log-2013-06-08 (23-10-00).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 234934 Time elapsed: 27 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Trojan.0Access) -> Delete on reboot. HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.Zaccess) -> Delete on reboot. Registry Values Detected: 2 HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\n. -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell (Hijack.Shell.Gen) -> Data: C:\Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx,explorer.exe -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 3 c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\U (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\L (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c (Trojan.Siredef.C) -> Delete on reboot. Files Detected: 31 c:\Users\WALL_E_Machine\AppData\Local\Temp\29B1.tmp (Trojan.Agent.FSA52) -> Delete on reboot. c:\Users\WALL_E_Machine\AppData\Local\Temp\2A6C.tmp (Trojan.Agent.FSA52) -> Delete on reboot. c:\Users\WALL_E_Machine\AppData\Local\Temp\2EBE.tmp (Trojan.Agent.FSA52) -> Delete on reboot. c:\Users\WALL_E_Machine\AppData\Local\Temp\407B.tmp (Trojan.Agent.FSA52) -> Delete on reboot. c:\Users\WALL_E_Machine\AppData\Local\Temp\49BF.tmp (Trojan.Agent.FSA52) -> Delete on reboot. c:\Users\WALL_E_Machine\AppData\Local\Temp\9A7B.tmp (Trojan.Agent.FSA52) -> Delete on reboot. c:\Users\WALL_E_Machine\AppData\Local\Temp\C6A9.tmp (Trojan.Agent.FSA52) -> Delete on reboot. c:\Users\WALL_E_Machine\AppData\Local\Temp\CE78.tmp (Trojan.Agent.FSA52) -> Delete on reboot. c:\Users\WALL_E_Machine\AppData\Local\Temp\msimg32.dll (Rootkit.0Access.ED) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\@ (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\n (Trojan.0Access) -> Delete on reboot. c:\Users\WALL_E_Machine\mstsc.exe (Rootkit.0Access.ED) -> Delete on reboot. c:\Users\WALL_E_Machine\notepad.exe (Rootkit.0Access.ED) -> Delete on reboot. c:\Users\WALL_E_Machine\teamviewer196346.exe (Rootkit.0Access.ED) -> Delete on reboot. c:\Users\WALL_E_Machine\vlcplayer.exe (Trojan.Agent.FSA52) -> Delete on reboot. c:\Users\WALL_E_Machine\java.exe (Rootkit.0Access.ED) -> Delete on reboot. c:\Users\WALL_E_Machine\jucheck.exe (Rootkit.0Access.ED) -> Delete on reboot. c:\Users\WALL_E_Machine\chrome.exe (Rootkit.0Access.ED) -> Delete on reboot. c:\Users\WALL_E_Machine\csrss344359.exe (Rootkit.0Access.ED) -> Delete on reboot. c:\Users\WALL_E_Machine\icq.exe (Rootkit.0Access.ED) -> Delete on reboot. c:\Users\WALL_E_Machine\iexplore.exe (Rootkit.0Access.ED) -> Delete on reboot. c:\Users\WALL_E_Machine\csrss.exe (Trojan.Agent) -> Delete on reboot. c:\Users\WALL_E_Machine\ctfmon.exe (Trojan.Agent) -> Delete on reboot. c:\Users\WALL_E_Machine\firefox.exe (Rootkit.Dropper) -> Delete on reboot. c:\Users\WALL_E_Machine\rundll32.exe (Trojan.Dropper) -> Delete on reboot. c:\Users\WALL_E_Machine\winlogon.exe (Trojan.Downloader) -> Delete on reboot. c:\Users\WALL_E_Machine\spoolsv.exe (Trojan.Agent) -> Delete on reboot. c:\Users\WALL_E_Machine\conhost.exe (Trojan.Agent) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\U\00000001.@ (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\U\80000000.@ (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\U\800000cb.@ (Trojan.Siredef.C) -> Delete on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.08.01 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.18999 WALL_E_Machine :: UPSTAIRS [administrator] 6/8/2013 11:44:58 PM mbam-log-2013-06-08 (23-44-58).txt Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|I:\|J:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 376779 Time elapsed: 1 hour(s), 1 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) [/QUOTE]
Insert quotes…
Verification
Post reply
Top