mykhrochyp Posted October 31, 2008 I ran a scan, it took 3 hours, and I had over 101 "infected" files. So, i quarantined the lot like it suggested. When I rebooted, I logged in, and there were no desktop icons, and no start bar, and my internet connection was disabled. So, I tried to restart with last known good onfiguratin, no luck. I finnaly got fed up, and restored all the quarantined items, and i rstarted with last best known cofiguration, ad t started fine. So, I don't know wht went wrong, but please do your best to help me understand why it didnt work, thanks (sorry if wrong section) Share this post Link to post Share on other sites
SUPERAntiSpy Posted October 31, 2008 I ran a scan, it took 3 hours, and I had over 101 "infected" files. So, i quarantined the lot like it suggested. When I rebooted, I logged in, and there were no desktop icons, and no start bar, and my internet connection was disabled. So, I tried to restart with last known good onfiguratin, no luck. I finnaly got fed up, and restored all the quarantined items, and i rstarted with last best known cofiguration, ad t started fine. So, I don't know wht went wrong, but please do your best to help me understand why it didnt work, thanks(sorry if wrong section) Post your scan log here from SUPERAntiSpyware. Share this post Link to post Share on other sites
mykhrochyp Posted November 1, 2008 SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 10/30/2008 at 09:10 PM Application Version : 4.21.1004 Core Rules Database Version : 3555 Trace Rules Database Version: 1543 Scan type : Complete Scan Total Scan Time : 02:42:48 Memory items scanned : 466 Memory threats detected : 6 Registry items scanned : 6219 Registry threats detected : 36 File items scanned : 153268 File threats detected : 66 Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\WAAAWU.DLL C:\WINDOWS\SYSTEM32\WAAAWU.DLL C:\WINDOWS\SYSTEM32\TKEMYD.DLL C:\WINDOWS\SYSTEM32\TKEMYD.DLL C:\WINDOWS\SYSTEM32\LVBQKPQL.DLL C:\WINDOWS\SYSTEM32\LVBQKPQL.DLL C:\WINDOWS\SYSTEM32\RNNLKA.DLL C:\WINDOWS\SYSTEM32\RNNLKA.DLL Trojan.Vundo-Variant/Small-GEN C:\WINDOWS\SYSTEM32\AWTSSJBY.DLL C:\WINDOWS\SYSTEM32\AWTSSJBY.DLL C:\WINDOWS\SYSTEM32\AWTURQGY.DLL C:\WINDOWS\SYSTEM32\DDCBUMMG.DLL C:\WINDOWS\SYSTEM32\KHFDUMNE.DLL Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\IIFFEXXU.DLL C:\WINDOWS\SYSTEM32\IIFFEXXU.DLL Adware.IWinGames HKLM\Software\Classes\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990} HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990} HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990} HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32 HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32#ThreadingModel HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ProgID HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\Programmable HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\VersionIndependentProgID HKCR\IEHlprObj.IEHlprObj.1 HKCR\IEHlprObj.IEHlprObj C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990} C:\PROGRAM FILES\IWIN GAMES\IWINGAMESHOOKIE.DLL Trojan.Vundo-Variant/NextGen HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E8779B2-78A4-4715-9301-5BCFA6E72FA9} HKCR\CLSID\{3E8779B2-78A4-4715-9301-5BCFA6E72FA9} HKCR\CLSID\{3E8779B2-78A4-4715-9301-5BCFA6E72FA9}\InprocServer32 HKCR\CLSID\{3E8779B2-78A4-4715-9301-5BCFA6E72FA9}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{3E8779B2-78A4-4715-9301-5BCFA6E72FA9} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\awtsSJby Trojan.Vundo-Variant/NextGen-Six HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf252333-2dc5-4693-92c9-d356883e177e} HKCR\CLSID\{BF252333-2DC5-4693-92C9-D356883E177E} HKCR\CLSID\{BF252333-2DC5-4693-92C9-D356883E177E}\InprocServer32 HKCR\CLSID\{BF252333-2DC5-4693-92C9-D356883E177E}\InprocServer32#ThreadingModel Trojan.Vundo-Variant/Small HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC69D9D3-6206-4357-A528-92531107CB85} HKCR\CLSID\{DC69D9D3-6206-4357-A528-92531107CB85} HKCR\CLSID\{DC69D9D3-6206-4357-A528-92531107CB85}\InprocServer32 HKCR\CLSID\{DC69D9D3-6206-4357-A528-92531107CB85}\InprocServer32#ThreadingModel Adware.Tracking Cookie C:\Documents and Settings\Owner.Mike\Cookies\owner@advertising[1].txt C:\Documents and Settings\Guest\Cookies\guest@247realmedia[1].txt C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt C:\Documents and Settings\Guest\Cookies\guest@adinterax[2].txt C:\Documents and Settings\Guest\Cookies\guest@adopt.euroclick[2].txt C:\Documents and Settings\Guest\Cookies\guest@adrevolver[1].txt C:\Documents and Settings\Guest\Cookies\guest@ads.revsci[1].txt C:\Documents and Settings\Guest\Cookies\guest@adtech[1].txt C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt C:\Documents and Settings\Guest\Cookies\guest@azjmp[2].txt C:\Documents and Settings\Guest\Cookies\guest@bs.serving-sys[1].txt C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt C:\Documents and Settings\Guest\Cookies\guest@dynamic.media.adrevolver[2].txt C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[2].txt C:\Documents and Settings\Guest\Cookies\guest@interclick[1].txt C:\Documents and Settings\Guest\Cookies\guest@linksynergy[1].txt C:\Documents and Settings\Guest\Cookies\guest@livenation.122.2o7[1].txt C:\Documents and Settings\Guest\Cookies\guest@media.adrevolver[1].txt C:\Documents and Settings\Guest\Cookies\guest@media6degrees[2].txt C:\Documents and Settings\Guest\Cookies\guest@questionmarket[1].txt C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt C:\Documents and Settings\Guest\Cookies\guest@revenue[2].txt C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt C:\Documents and Settings\Guest\Cookies\guest@www.burstbeacon[2].txt C:\Documents and Settings\Guest\Cookies\guest@www.burstnet[1].txt C:\Documents and Settings\Owner.Mike\Cookies\owner@revsci[1].txt C:\Documents and Settings\Owner.Mike\Cookies\owner@revsci[2].txt Adware.ClickSpring/Outer Info Network C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\Outerinfo\FF\components C:\Program Files\Outerinfo\FF\install.rdf C:\Program Files\Outerinfo\FF C:\Program Files\Outerinfo\Terms.rtf C:\Program Files\Outerinfo Adware.AdSponsor/ISM C:\Program Files\GetModule\dicik.gz C:\Program Files\GetModule\kwdik.gz C:\Program Files\GetModule C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP550\A0250520.EXE Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\FCOVM HKLM\SOFTWARE\Microsoft\RemoveRP C:\WINDOWS\SYSTEM32\MCRH.TMP Trojan.DNS-Changer (Hi-Jacked DNS) HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS\INTERFACES\{21A3A9EF-511E-4E0F-9B84-FE9CE9E3A549}#NAMESERVER HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS\INTERFACES\{2BB570D2-A00E-469C-B50A-EEFE4F29EC50}#NAMESERVER HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS\INTERFACES\{7F454A16-56B3-4783-B454-CBC10B5B792B}#NAMESERVER HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS\INTERFACES\{21A3A9EF-511E-4E0F-9B84-FE9CE9E3A549}#NAMESERVER HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS\INTERFACES\{2BB570D2-A00E-469C-B50A-EEFE4F29EC50}#NAMESERVER HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS\INTERFACES\{7F454A16-56B3-4783-B454-CBC10B5B792B}#NAMESERVER HKLM\SYSTEM\CONTROLSET004\SERVICES\TCPIP\PARAMETERS\INTERFACES\{21A3A9EF-511E-4E0F-9B84-FE9CE9E3A549}#NAMESERVER HKLM\SYSTEM\CONTROLSET004\SERVICES\TCPIP\PARAMETERS\INTERFACES\{2BB570D2-A00E-469C-B50A-EEFE4F29EC50}#NAMESERVER HKLM\SYSTEM\CONTROLSET004\SERVICES\TCPIP\PARAMETERS\INTERFACES\{7F454A16-56B3-4783-B454-CBC10B5B792B}#NAMESERVER Adware.Unknown Origin C:\PROGRAM FILES\COMMON FILES\WOQW\WOQWD\CLASS-BARREL C:\PROGRAM FILES\COMMON FILES\WOQW\WOQWD\VOCABULARY Trojan.Dropper/SVCHost-Fake C:\PROGRAM FILES\MICROSOFT COMMON\SVCHOST.EXE C:\WINDOWS\SVCHOST.EXE C:\WINDOWS\Prefetch\SVCHOST.EXE-2F05A006.pf Adware.ClickSpring/Outerinfo C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP551\A0253481.EXE Unclassified.Unknown Origin/System C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP551\A0253484.DLL Adware.TargetSavers C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP551\A0253485.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP551\A0253487.EXE Unclassified.Unknown Origin C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP551\A0253486.EXE Browser Hijacker.MJCore C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP551\A0253489.DLL Trojan.Dropper/CPX C:\WINDOWS\SYSTEM32\WPV383.CPX Share this post Link to post Share on other sites
SUPERAntiSpy Posted November 2, 2008 The first thing I notice is you are scanning with very old definitions - we are at Core : 3618 and Trace : 1603 - update those first and re-scan your system. Share this post Link to post Share on other sites
mykhrochyp Posted November 2, 2008 for some reason i wont let me update it, isays make sure SUPERANTISPYWARE.xe isnt blocked, and i already checked and the program asa whole isnt blocked, so, is there any wayi can get a maual patch to download for the update, call me dumb but,i cant seem to find it on the site. Share this post Link to post Share on other sites
emperordarius Posted November 2, 2008 for some reason i wont let me update it, isays make sure SUPERANTISPYWARE.xe isnt blocked, and i already checked and the program asa whole isnt blocked, so, is there any wayi can get a maual patch to download for the update, call me dumb but,i cant seem to find it on the site. Manual Updates, read the instructions at the end of the page https://www.superantispyware.com/definitions.html Share this post Link to post Share on other sites