movingmalibu Posted January 7, 2009 Hello, my computer is infected with a new virus, and I was asked by the team at Kaspersky to run superantispyware, and then post the log file. Here is the log file. I have not "cleaned" or fixed any of the threats detected by your software (as recommended by Kaspersky team). Please advise as to what I should do next Best Regards Franco Share this post Link to post Share on other sites
movingmalibu Posted January 7, 2009 Well apparently I could not include my attachment. Am I blocked from uploading? Thanks Franco Share this post Link to post Share on other sites
siliconman01 Posted January 8, 2009 The SAS log file is a .txt file. Just copy and paste it directly into your forum post. If it is a really long log, you may have to break it into 2 or more posts. Share this post Link to post Share on other sites
movingmalibu Posted January 8, 2009 Here is the log. Thanks for any help you guys can provide Franco SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 01/07/2009 at 06:20 PM Application Version : 4.24.1004 Core Rules Database Version : 3699 Trace Rules Database Version: 1675 Scan type : Complete Scan Total Scan Time : 00:26:50 Memory items scanned : 353 Memory threats detected : 0 Registry items scanned : 5319 Registry threats detected : 19 File items scanned : 19077 File threats detected : 123 MyWay Search Assistant Computers HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32 HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable C:\PROGRAM FILES\MYWAYSA\SRCHASDE\DESRCAS.DLL HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32 HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable HKU\S-1-5-21-2523365813-1988538056-3407220794-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKU\S-1-5-21-2523365813-1988538056-3407220794-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75} Adware.Tracking Cookie C:\Documents and Settings\Nadine\Cookies\nadine@atdmt[1].txt C:\Documents and Settings\Nadine\Cookies\nadine@adserver.adtechus[1].txt C:\Documents and Settings\Nadine\Cookies\nadine@overture[1].txt C:\Documents and Settings\Nadine\Cookies\nadine@onlinevirus-scanner[1].txt C:\Documents and Settings\Nadine\Cookies\nadine@protected-clicks-system[1].txt C:\Documents and Settings\Nadine\Cookies\nadine@tribalfusion[2].txt C:\Documents and Settings\Franco\Cookies\franco@phpmvstats[2].txt C:\Documents and Settings\Franco\Cookies\franco@sales.liveperson[2].txt C:\Documents and Settings\Franco\Cookies\franco@bluestreak[2].txt C:\Documents and Settings\Franco\Cookies\franco@mediaplex[2].txt C:\Documents and Settings\Franco\Cookies\franco@hitbox[1].txt C:\Documents and Settings\Franco\Cookies\franco@zedo[1].txt C:\Documents and Settings\Franco\Cookies\franco@realmedia[2].txt C:\Documents and Settings\Franco\Cookies\franco@statse.webtrendslive[2].txt C:\Documents and Settings\Franco\Cookies\franco@chumtv.122.2o7[1].txt C:\Documents and Settings\Franco\Cookies\franco@msnaccountservices.112.2o7[1].txt C:\Documents and Settings\Franco\Cookies\franco@adserver[1].txt C:\Documents and Settings\Franco\Cookies\franco@www.meteomedia[1].txt C:\Documents and Settings\Franco\Cookies\franco@adlegend[1].txt C:\Documents and Settings\Franco\Cookies\franco@insightexpressai[1].txt C:\Documents and Settings\Franco\Cookies\franco@linksynergy[2].txt C:\Documents and Settings\Franco\Cookies\franco@optimize.indieclick[2].txt C:\Documents and Settings\Franco\Cookies\franco@xiti[1].txt C:\Documents and Settings\Franco\Cookies\franco@ads.mediamayhemcorp[2].txt C:\Documents and Settings\Franco\Cookies\franco@specificclick[2].txt C:\Documents and Settings\Franco\Cookies\franco@overture[1].txt C:\Documents and Settings\Franco\Cookies\franco@kontera[2].txt C:\Documents and Settings\Franco\Cookies\franco@trackersurfer[2].txt C:\Documents and Settings\Franco\Cookies\franco@fastclick[2].txt C:\Documents and Settings\Franco\Cookies\franco@adcentriconline[2].txt C:\Documents and Settings\Franco\Cookies\franco@questionmarket[1].txt C:\Documents and Settings\Franco\Cookies\franco@ads.bridgetrack[2].txt C:\Documents and Settings\Franco\Cookies\franco@vitamine.networldmedia[1].txt C:\Documents and Settings\Franco\Cookies\franco@ad1.clickhype[1].txt C:\Documents and Settings\Franco\Cookies\franco@ad.yieldmanager[2].txt C:\Documents and Settings\Franco\Cookies\franco@banner.eurogrand[1].txt C:\Documents and Settings\Franco\Cookies\franco@adecn[1].txt C:\Documents and Settings\Franco\Cookies\franco@ehg-yellowpages.hitbox[1].txt C:\Documents and Settings\Franco\Cookies\franco@toplist[2].txt C:\Documents and Settings\Franco\Cookies\franco@networldmedia[2].txt C:\Documents and Settings\Franco\Cookies\franco@ads.bleublancrouge[1].txt C:\Documents and Settings\Franco\Cookies\franco@ad.ieurop[1].txt C:\Documents and Settings\Franco\Cookies\franco@atdmt[2].txt C:\Documents and Settings\Franco\Cookies\franco@aimfar.solution.weborama[1].txt C:\Documents and Settings\Franco\Cookies\franco@trafficmp[2].txt C:\Documents and Settings\Franco\Cookies\franco@ads.pointroll[1].txt C:\Documents and Settings\Franco\Cookies\franco@advertstream[2].txt C:\Documents and Settings\Franco\Cookies\franco@partypoker[2].txt C:\Documents and Settings\Franco\Cookies\franco@ads.bittorrent[2].txt C:\Documents and Settings\Franco\Cookies\franco@burstnet[2].txt C:\Documents and Settings\Franco\Cookies\franco@adcowebmedia[1].txt C:\Documents and Settings\Franco\Cookies\franco@apmebf[1].txt C:\Documents and Settings\Franco\Cookies\franco@adbrite[1].txt C:\Documents and Settings\Franco\Cookies\franco@weborama[1].txt C:\Documents and Settings\Franco\Cookies\franco@serving-sys[1].txt C:\Documents and Settings\Franco\Cookies\franco@adserver.adreactor[1].txt C:\Documents and Settings\Franco\Cookies\franco@travidia.112.2o7[1].txt C:\Documents and Settings\Franco\Cookies\franco@smartadserver[1].txt C:\Documents and Settings\Franco\Cookies\franco@ads.cnn[2].txt C:\Documents and Settings\Franco\Cookies\franco@tribalfusion[2].txt C:\Documents and Settings\Franco\Cookies\franco@adtech[1].txt C:\Documents and Settings\Franco\Cookies\franco@media.adrevolver[2].txt C:\Documents and Settings\Franco\Cookies\franco@adrevolver[2].txt C:\Documents and Settings\Franco\Cookies\franco@ads.poweradvertising[1].txt C:\Documents and Settings\Franco\Cookies\franco@www.entrepreneur[1].txt C:\Documents and Settings\Franco\Cookies\franco@adrevolver[3].txt C:\Documents and Settings\Franco\Cookies\franco@tripod[2].txt C:\Documents and Settings\Franco\Cookies\franco@tracker.affistats[2].txt C:\Documents and Settings\Franco\Cookies\franco@fr.classic.clickintext[2].txt C:\Documents and Settings\Franco\Cookies\franco@canoe.112.2o7[1].txt C:\Documents and Settings\Franco\Cookies\franco@ad.zanox[2].txt C:\Documents and Settings\Franco\Cookies\franco@2o7[2].txt C:\Documents and Settings\Franco\Cookies\franco@ehg-foxsports.hitbox[1].txt C:\Documents and Settings\Franco\Cookies\franco@ads.planetactive[1].txt C:\Documents and Settings\Franco\Cookies\franco@tradedoubler[1].txt C:\Documents and Settings\Franco\Cookies\franco@adopt.euroclick[1].txt C:\Documents and Settings\Franco\Cookies\franco@videoegg.adbureau[2].txt C:\Documents and Settings\Franco\Cookies\franco@partner2profit[2].txt C:\Documents and Settings\Franco\Cookies\franco@leeenterprises.112.2o7[1].txt C:\Documents and Settings\Franco\Cookies\franco@247realmedia[2].txt C:\Documents and Settings\Franco\Cookies\franco@ads.missingmethod[2].txt C:\Documents and Settings\Franco\Cookies\franco@ads.networldmedia[1].txt C:\Documents and Settings\Franco\Cookies\franco@advertising[2].txt C:\Documents and Settings\Franco\Cookies\franco@bizrate[1].txt C:\Documents and Settings\Franco\Cookies\franco@atlas.entrepreneur[1].txt C:\Documents and Settings\Franco\Cookies\franco@bs.serving-sys[2].txt C:\Documents and Settings\Franco\Cookies\franco@casalemedia[1].txt C:\Documents and Settings\Franco\Cookies\franco@clickintext[2].txt C:\Documents and Settings\Franco\Cookies\franco@clickinvideo[2].txt C:\Documents and Settings\Franco\Cookies\franco@clicktorrent[1].txt C:\Documents and Settings\Franco\Cookies\franco@data.coremetrics[1].txt C:\Documents and Settings\Franco\Cookies\franco@doubleclick[2].txt C:\Documents and Settings\Franco\Cookies\franco@ehg-ctv.hitbox[1].txt C:\Documents and Settings\Franco\Cookies\franco@entrepreneur.122.2o7[1].txt C:\Documents and Settings\Franco\Cookies\franco@imediablast[2].txt C:\Documents and Settings\Franco\Cookies\franco@media6degrees[2].txt C:\Documents and Settings\Franco\Cookies\franco@metacafe.122.2o7[1].txt C:\Documents and Settings\Franco\Cookies\franco@monstersandcritics.advertserve[1].txt C:\Documents and Settings\Franco\Cookies\franco@msnportal.112.2o7[1].txt C:\Documents and Settings\Franco\Cookies\franco@myroitracking[1].txt C:\Documents and Settings\Franco\Cookies\franco@nextag[2].txt C:\Documents and Settings\Franco\Cookies\franco@perf.overture[1].txt C:\Documents and Settings\Franco\Cookies\franco@revsci[2].txt C:\Documents and Settings\Franco\Cookies\franco@serv.clicksor[1].txt C:\Documents and Settings\Franco\Cookies\franco@statcounter[2].txt C:\Documents and Settings\Franco\Cookies\franco@tacoda[2].txt C:\Documents and Settings\Franco\Cookies\franco@www.hobbieselite[2].txt C:\Documents and Settings\Franco\Cookies\franco@yadro[1].txt C:\Documents and Settings\Nadine\Cookies\nadine@serving-sys[1].txt C:\Documents and Settings\Nadine\Cookies\nadine@serving-sys[3].txt C:\Documents and Settings\Sofia\Cookies\sofia@doubleclick[1].txt C:\Documents and Settings\Sofia\Cookies\sofia@iacas.adbureau[2].txt C:\Documents and Settings\Sofia\Cookies\sofia@adcentriconline[1].txt C:\Documents and Settings\Sofia\Cookies\sofia@revsci[2].txt C:\Documents and Settings\Sofia\Cookies\sofia@smartadserver[2].txt C:\Documents and Settings\Sofia\Cookies\sofia@serving-sys[2].txt C:\Documents and Settings\Sofia\Cookies\sofia@atdmt[2].txt C:\Documents and Settings\Sofia\Cookies\sofia@bs.serving-sys[1].txt C:\Documents and Settings\Sofia\Cookies\sofia@ehg-yellowpages.hitbox[1].txt C:\Documents and Settings\Sofia\Cookies\sofia@hitbox[1].txt C:\Documents and Settings\Sofia\Cookies\sofia@maxserving[1].txt Trojan.Unknown Origin HKLM\Software\xpre HKLM\Software\xpre#execount Rogue.Component/Trace HKU\S-1-5-21-2523365813-1988538056-3407220794-1006\Software\Microsoft\CS41275 Adware.Vundo/Variant-EC C:\WINDOWS\SYSTEM32\FILAWUZO.DLL Share this post Link to post Share on other sites
siliconman01 Posted January 9, 2009 I recommend that you let SAS quarantine all the items it has found per your log. Is there something specific in the log that concerns you as to whether it should be quarantined? Everything shown in the log needs to be quarantined. SAS "may" want to reboot after the quarantine. IF so, please reboot. Share this post Link to post Share on other sites