PDA

View Full Version : Registry Change



DELBOY001
2007-04-09, 12:06
soybot picked up this


HKEY_USERS\S-1-5-21-3596468691-1117351892-3897911047-1006\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.excel=W=1

I havnt deleted it but have deleted all other probs it detected

Still getting popups tho

Would appreciate advice on what to do with this before i fix it pls

TA

DELBOY001

tashi
2007-04-09, 17:54
Hello.


Open SpyBot.
Check for problems.
When finished, right click and choose copy results (not the full report) to clipboard and post that into topic.


Thanks.

DELBOY001
2007-04-10, 10:08
thankyou Tashi

cannot copy to clipboard but save to file, copied and pasted hope this is what you require


Microsoft.Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3596468691-1117351892-3897911047-1006\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

ReliableStats: Tracking cookie (Internet Explorer: Steve) (Cookie, nothing done)


Zedo: Tracking cookie (Internet Explorer: Steve) (Cookie, nothing done)


Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Steve) (Cookie, nothing done)


Smitfraud-C.Toolbar888: Tracking cookie (Internet Explorer: Steve) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-04-09 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-04 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-04 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-04 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-04 Includes\KeyloggersC.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-04 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-04 Includes\PUPSC.sbi (*)
2007-04-04 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-04 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-04 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-04-04 Includes\Trojans.sbi (*)
2007-04-04 Includes\TrojansC.sbi (*)



DELBOY

md usa spybot fan
2007-04-10, 16:08
The default setting for the following registry entry became "iexplore.exe"=dword:00000001 with the introduction of Windows XP Service Pack 2.


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"iexplore.exe"=dword:00000001
Spybot's detection indicates that the registry entry "!=W=1" (where "!=" is not equal and "W=1" is dword:00000001). In other words the value not set to the default value.

There is an explanation (relatively technical) of FEATURE_LOCALMACHINE_LOCKDOWN in the following:
Compatibility in Internet Explorer 6 for Windows XP Service Pack 2
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/overview/xpsp2compat.asp
The bottom line is, if you did not intentionally change the default for some reason such as the following, I suggest that fix the problem:
Pictures do not appear as expected, or you receive an error message when you open an HTML file on a Windows XP Service Pack 2-based computer
http://support.microsoft.com/kb/878461

tashi
2007-04-10, 17:26
Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Steve) (Cookie, nothing done)


Hi DELBOY,

Also, we should take a look at the System, you may have an infected machine.

Please follow the procedure in this link: "BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288) Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

Once you have posted a helper will advise you as soon as available.

Cheers.

DELBOY001
2007-04-10, 18:03
Thnx MD USA Ihave done that ( made iexplore =1)

I will see what happens

Thnx


Tashi

I will do as you asked thnkyou too!

DELBOY))!

DELBOY001
2007-04-11, 15:55
Incident Status Location

Adware:adware/block-checker Not disinfected Windows Registry
Hacktool:HackTool/EvID Not disinfected C:\Documents and Settings\All Users\Documents\PPLive TV\SynaLiveSetup.exe[EvID4226Patch.exe]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Chris\Cookies\chris@247realmedia[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Chris\Cookies\chris@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Chris\Cookies\chris@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Chris\Cookies\chris@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Chris\Cookies\chris@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Chris\Cookies\chris@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Chris\Cookies\chris@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Chris\Cookies\chris@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Chris\Cookies\chris@advertising[1].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Chris\Cookies\chris@adviva[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Chris\Cookies\chris@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Chris\Cookies\chris@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chris\Cookies\chris@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Chris\Cookies\chris@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Chris\Cookies\chris@casalemedia[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Chris\Cookies\chris@cassava[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Chris\Cookies\chris@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Chris\Cookies\chris@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Chris\Cookies\chris@fastclick[2].txt
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Chris\Cookies\chris@fl01.ct2.comclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Chris\Cookies\chris@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Chris\Cookies\chris@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Chris\Cookies\chris@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Chris\Cookies\chris@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Chris\Cookies\chris@realmedia[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chris\Cookies\chris@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Chris\Cookies\chris@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Chris\Cookies\chris@stats1.reliablestats[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Chris\Cookies\chris@statse.webtrendslive[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Chris\Cookies\chris@tradedoubler[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Chris\Cookies\chris@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Chris\Cookies\chris@valueclick[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Chris\Cookies\chris@www.burstbeacon[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Chris\Cookies\chris@zedo[1].txt

DELBOY001
2007-04-11, 15:56
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@ads.pointroll[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@advertising[2].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@adviva[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@bs.serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@casalemedia[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@clickbank[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@hitbox[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@questionmarket[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@statse.webtrendslive[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Lynn\Cookies\lynn@tradedoubler[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Lynn\Local Settings\Temp\Cookies\lynn@cgi-bin[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Lynn\Local Settings\Temp\Cookies\lynn@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[.advertising.com/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[.winfixer.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[statse.webtrendslive.com/dcsnoi7kme9xjy0rkvgs4687n_2h1c]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[.adtech.de/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\y8obibpo.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Martin\Cookies\martin@112.2o7[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Martin\Cookies\martin@247realmedia[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Martin\Cookies\martin@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Martin\Cookies\martin@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Martin\Cookies\martin@888[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Martin\Cookies\martin@adopt.hbmediapro[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Martin\Cookies\martin@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Martin\Cookies\martin@adrevolver[2].txt

DELBOY001
2007-04-11, 15:57
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Martin\Cookies\martin@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Martin\Cookies\martin@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Martin\Cookies\martin@adtech[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Martin\Cookies\martin@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Martin\Cookies\martin@advertising[2].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Martin\Cookies\martin@adviva[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Martin\Cookies\martin@anm.co[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Martin\Cookies\martin@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Martin\Cookies\martin@as-us.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Martin\Cookies\martin@as1.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Martin\Cookies\martin@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Martin\Cookies\martin@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Martin\Cookies\martin@azjmp[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Martin\Cookies\martin@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Martin\Cookies\martin@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Martin\Cookies\martin@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Martin\Cookies\martin@burstnet[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Martin\Cookies\martin@c5.zedo[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Martin\Cookies\martin@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Martin\Cookies\martin@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Martin\Cookies\martin@ccbill[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Martin\Cookies\martin@cgi-bin[4].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Martin\Cookies\martin@clickbank[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Martin\Cookies\martin@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Martin\Cookies\martin@counter.hitslink[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Martin\Cookies\martin@counter1.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Martin\Cookies\martin@counter15.sextracker[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Martin\Cookies\martin@counter4.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Martin\Cookies\martin@counter5.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Martin\Cookies\martin@counter6.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Martin\Cookies\martin@counter9.sextracker[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Martin\Cookies\martin@data.coremetrics[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Martin\Cookies\martin@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Martin\Cookies\martin@drivecleaner[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Martin\Cookies\martin@entrepreneur[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Martin\Cookies\martin@errorsafe[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Martin\Cookies\martin@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Martin\Cookies\martin@hitbox[2].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Martin\Cookies\martin@hotlog[2].txt
Spyware:Cookie/Internetfuel Not disinfected C:\Documents and Settings\Martin\Cookies\martin@internetfuel[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Martin\Cookies\martin@linksynergy[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Martin\Cookies\martin@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Martin\Cookies\martin@overture[1].txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Martin\Cookies\martin@pacificpoker[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Martin\Cookies\martin@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Martin\Cookies\martin@realmedia[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Martin\Cookies\martin@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Martin\Cookies\martin@serving-sys[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Martin\Cookies\martin@sextracker[1].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Martin\Cookies\martin@spylog[2].txt

DELBOY001
2007-04-11, 16:02
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Martin\Cookies\martin@statcounter[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Martin\Cookies\martin@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Martin\Cookies\martin@stats1.reliablestats[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Martin\Cookies\martin@statse.webtrendslive[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Martin\Cookies\martin@systemdoctor[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Martin\Cookies\martin@targetnet[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Martin\Cookies\martin@toplist[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Martin\Cookies\martin@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Martin\Cookies\martin@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Martin\Cookies\martin@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Martin\Cookies\martin@valueclick[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Martin\Cookies\martin@weborama[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Martin\Cookies\martin@webpower[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Martin\Cookies\martin@winantispyware[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Martin\Cookies\martin@winantivirus[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Martin\Cookies\martin@www.burstbeacon[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Martin\Cookies\martin@www.drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Martin\Cookies\martin@www.errorsafe[1].txt
Spyware:Cookie/Intelli-tracker Not disinfected C:\Documents and Settings\Martin\Cookies\martin@www.intelli-tracker[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Martin\Cookies\martin@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Martin\Cookies\martin@yadro[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Martin\Cookies\martin@zedo[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@adrevolver[2].txt

DELBOY001
2007-04-11, 16:03
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@as-eu.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@belnk[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@casalemedia[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@fastclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@media.fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@mediaplex[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@realmedia[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@valueclick[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@webpower[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@winantivirus[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@www.winantivirus[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@xmts[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Martin\Local Settings\Temp\Cookies\martin@zedo[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Steve\Cookies\steve@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Steve\Cookies\steve@adrevolver[3].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Steve\Cookies\steve@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Steve\Cookies\steve@advertising[1].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Steve\Cookies\steve@adviva[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Steve\Cookies\steve@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Steve\Cookies\steve@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Steve\Cookies\steve@fastclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Steve\Cookies\steve@media.fastclick[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Steve\Cookies\steve@overture[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Steve\Cookies\steve@tradedoubler[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Steve\Cookies\steve@valueclick[1].txt
Spyware:Spyware/SafeSurf Not disinfected C:\Program Files\Windows Media Player\Skins\evillyrics.zip[setup.exe][²ÜÇ\ExtractDLL.dll]
Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\system32\gqugddol.dll




I see something called vundo there

sorry its so long

gonna empty and run Bitdefender

DELBOY001
2007-04-11, 18:24
BIT DEFENDER REPORT

BitDefender Online Scanner



Scan report generated at: Wed, Apr 11, 2007 - 16:18:13





Scan path: C:\;D:\;E:\;F:\;







Statistics

Time
01:49:57

Files
397718

Folders
10403

Boot Sectors
3

Archives
7983

Packed Files
18323




Results

Identified Viruses
3

Infected Files
5

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
6




Engines Info

Virus Definitions
485104

Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2C.tmp=>(Quarantine-4)
Infected with: Trojan.Spy.VBStat.B

C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2C.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2D.tmp=>(Quarantine-4)
Infected with: Trojan.Virtumod.JB

C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2D.tmp=>(Quarantine-4)
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2D.tmp=>(Quarantine-4)
Deleted

C:\WINDOWS\system32\byxxxxx.dll
Infected with: MemScan:Trojan.Vundo.DLM

C:\WINDOWS\system32\byxxxxx.dll
Disinfection failed

C:\WINDOWS\system32\byxxxxx.dll
Delete failed

C:\WINDOWS\system32\fccabaa.dll
Infected with: MemScan:Trojan.Vundo.DLM

C:\WINDOWS\system32\fccabaa.dll
Disinfection failed

C:\WINDOWS\system32\fccabaa.dll
Deleted

C:\WINDOWS\system32\ljjjghf.dll
Infected with: MemScan:Trojan.Vundo.DLM

C:\WINDOWS\system32\ljjjghf.dll
Disinfection failed

C:\WINDOWS\system32\ljjjghf.dll
Deleted





OH DEAR !!!

tashi
2007-04-11, 23:24
Hi DELBOY001.

Re: PM and WinAntiVirusPro2006.

I strongly suggest you start a topic in the malware removal forum, so that one of our helpers can take a look at the system.

Cheers.