Malwarebytes' Anti-Malware 1.31 Database version: 1456 Windows 5.1.2600 Service Pack 2 1/1/2009 9:55:47 PM mbam-log-2009-01-01 (21-55-41).txt Scan type: Quick Scan Objects scanned: 53599 Time elapsed: 2 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 3 Registry Keys Infected: 45 Registry Values Infected: 4 Registry Data Items Infected: 2 Folders Infected: 14 Files Infected: 26 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\yaywtRjJ.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\yjvstlha.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\opnmNEtS.dll (Trojan.Vundo) -> No action taken. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b0ce9ad-62c6-43dd-9202-d4b5a8087ab4} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{2b0ce9ad-62c6-43dd-9202-d4b5a8087ab4} (Trojan.Vundo.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2b0ce9ad-62c6-43dd-9202-d4b5a8087ab4} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnmnets (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Online Add-on (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yaywtrjj -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yaywtrjj -> No action taken. Folders Infected: C:\Documents and Settings\alexander\Application Data\ShoppingReport (Adware.Shopping.Report) -> No action taken. C:\Documents and Settings\alexander\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken. C:\Documents and Settings\alexander\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> No action taken. C:\Documents and Settings\alexander\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken. C:\Documents and Settings\alexander\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> No action taken. C:\Documents and Settings\alexander\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> No action taken. C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken. C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken. C:\Program Files\ShoppingReport\Bin\2.0.26 (Adware.Shopping.Report) -> No action taken. C:\Program Files\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken. C:\Program Files\Video Add-on (Trojan.Zlob) -> No action taken. C:\Documents and Settings\michael\Application Data\ShoppingReport (Adware.Shopping.Report) -> No action taken. C:\Documents and Settings\michael\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken. C:\Documents and Settings\michael\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken. Files Infected: C:\WINDOWS\system32\yaywtRjJ.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\JjRtwyay.ini (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\JjRtwyay.ini2 (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\wvbdoewr.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\rweodbvw.ini (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\yjvstlha.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\ahltsvjy.ini (Trojan.Vundo.H) -> No action taken. C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (Adware.Shopping.Report) -> No action taken. C:\WINDOWS\system32\opnmNEtS.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\senekacmvmptwi.dll (Trojan.Seneka) -> No action taken. C:\Documents and Settings\alexander\Local Settings\Temp\senekabcca.tmp (Trojan.FakeAlert) -> No action taken. C:\Documents and Settings\alexander\Local Settings\Temporary Internet Files\Content.IE5\6SFNPY4G\upd105320[1] (Trojan.Vundo.H) -> No action taken. C:\Documents and Settings\alexander\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> No action taken. C:\Documents and Settings\alexander\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> No action taken. C:\Documents and Settings\alexander\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> No action taken. C:\Documents and Settings\alexander\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> No action taken. C:\Documents and Settings\alexander\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> No action taken. C:\Documents and Settings\alexander\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> No action taken. C:\Documents and Settings\alexander\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> No action taken. C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> No action taken. C:\WINDOWS\system32\prunnet.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\alexander\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> No action taken. C:\WINDOWS\system32\msiconf.exe (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> No action taken.