Earlier today, I received a pop-up on my Desktop that read "Can not find script file "C:\Documents and Settings\Owner\Local Settings\Temp\.tt1.tmp.vbs". Along with this pop-up, my wallpaper went to an all-blue screen with a box of text in the middle that read as follows:
"Warning! Spyware has been detected on your computer."
Also, when my screen saver kicked in, I got something similar to the blue screen of death. So, in an attempt to nip this spyware in the bud, I ran a simple Ad-Aware scan, which was to no avail. The bright blue wallpaper still stood in defiance over me.
After a Spybot Search & Destroy, I yet again had no luck in defeating this nasty little bug.
I then resorted to the good 'ol trusty generic cleanup combo of ATF-Cleaner, SUPERAntiSpyware Full System Scan, and a HijackThis scan.
After the completion of my generic cleanup, the box of text on the blue wallpaper went away. However, my wallpaper is still nothing but a bright blue hue, and it is still unchangeable.
Perhaps my computer caught that nasty Malware that's been floating around? Any help on this matter would be greatly appreciated.
Here's the logfiles of the SUPERAntiSpyware scan and the HJT scan (in respective order):
------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Adware.Tracking Cookie
c:\documents and settings\owner\cookies\owner@hurricanedigitalmedia[1].txt
c:\documents and settings\owner\cookies\owner@a.websponsors[2].txt
c:\documents and settings\owner\cookies\owner@adopt.hbmediapro[2].txt
c:\documents and settings\owner\cookies\owner@please[1].txt
c:\documents and settings\owner\cookies\owner@ad.echangnet[2].txt
c:\documents and settings\owner\cookies\owner@network[1].txt
c:\documents and settings\owner\cookies\owner@roiservice[2].txt
c:\documents and settings\owner\cookies\owner@search.prositefinder[2].txt
c:\documents and settings\owner\cookies\owner@admarketplace[2].txt
c:\documents and settings\owner\cookies\owner@69553378[1].txt
c:\documents and settings\owner\cookies\owner@adecn[1].txt
c:\documents and settings\owner\cookies\owner@bs.serving-sys[1].txt
c:\documents and settings\owner\cookies\owner@media.adrevolver[3].txt
c:\documents and settings\owner\cookies\owner@www.googleadservices[3].txt
c:\documents and settings\owner\cookies\owner@kanoodle[1].txt
c:\documents and settings\owner\cookies\owner@dist.belnk[1].txt
c:\documents and settings\owner\cookies\owner@e-2dj6whk4ojcpmdo.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@try.starware[3].txt
c:\documents and settings\owner\cookies\owner@adcache.trucktraderonline[2].txt
c:\documents and settings\owner\cookies\owner@e-2dj6wflockdpsdo.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@microsofteup.112.2o7[1].txt
c:\documents and settings\owner\cookies\owner@stats1.reliablestats[2].txt
c:\documents and settings\owner\cookies\owner@e-2dj6wjkyqidzkap.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@bannerspace[1].txt
c:\documents and settings\owner\cookies\owner@e-2dj6whk4kkdzgeq.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@servlet[1].txt
c:\documents and settings\owner\cookies\owner@lp.zango[1].txt
c:\documents and settings\owner\cookies\owner@icc.intellisrv[2].txt
c:\documents and settings\owner\cookies\owner@buytelco.directtrack[2].txt
c:\documents and settings\owner\cookies\owner@ads.mobiledia[2].txt
c:\documents and settings\owner\cookies\owner@tacoda[1].txt
c:\documents and settings\owner\cookies\owner@e-2dj6wjkygpczmep.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@sales.liveperson[1].txt
c:\documents and settings\owner\cookies\owner@nbads[2].txt
c:\documents and settings\owner\cookies\owner@account.netzero[1].txt
c:\documents and settings\owner\cookies\owner@emarketmakers[2].txt
c:\documents and settings\owner\cookies\owner@gateway[1].txt
c:\documents and settings\owner\cookies\owner@ads.monster[1].txt
c:\documents and settings\owner\cookies\owner@ads.traderonline[1].txt
c:\documents and settings\owner\cookies\owner@partypoker[2].txt
c:\documents and settings\owner\cookies\owner@yadro[2].txt
c:\documents and settings\owner\cookies\owner@www.googleadservices[4].txt
c:\documents and settings\owner\cookies\owner@qnsr[2].txt
c:\documents and settings\owner\cookies\owner@e-2dj6wjnygldpwbp.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@38262[1].txt
c:\documents and settings\owner\cookies\owner@adlegend[2].txt
c:\documents and settings\owner\cookies\owner@microsoftwlspacesmkt.112.2o7[1].txt
c:\documents and settings\owner\cookies\owner@stat.dealtime[1].txt
c:\documents and settings\owner\cookies\owner@e-2dj6wfloqodzmeq.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@ath.belnk[1].txt
c:\documents and settings\owner\cookies\owner@interclick[2].txt
c:\documents and settings\owner\cookies\owner@jokes[1].txt
c:\documents and settings\owner\cookies\owner@www.burstbeacon[1].txt
c:\documents and settings\owner\cookies\owner@buycom.122.2o7[1].txt
c:\documents and settings\owner\cookies\owner@indextools[1].txt
c:\documents and settings\owner\cookies\owner@collective-media[2].txt
c:\documents and settings\owner\cookies\owner@gateway[2].txt
c:\documents and settings\owner\cookies\owner@ads.realtechnetwork[2].txt
c:\documents and settings\owner\cookies\owner@e-2dj6wfkosmajkfo.stats.esomniture[1].txt
c:\documents and settings\owner\cookies\owner@insightexpressai[2].txt
c:\documents and settings\owner\cookies\owner@lynxtrack[1].txt
c:\documents and settings\owner\cookies\owner@smileycentral[2].txt
c:\documents and settings\owner\cookies\owner@creativeby.viewpoint[1].txt
c:\documents and settings\owner\cookies\owner@winfixer[2].txt
c:\documents and settings\owner\cookies\owner@msnportal.112.2o7[1].txt
c:\documents and settings\owner\cookies\owner@nextag[1].txt
c:\documents and settings\owner\cookies\owner@clicks.emarketmakers[1].txt
c:\documents and settings\owner\cookies\owner@e-2dj6wjlikgazwbo.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@adopt.specificclick[1].txt
c:\documents and settings\owner\cookies\owner@belnk[2].txt
c:\documents and settings\owner\cookies\owner@burstnet[1].txt
c:\documents and settings\owner\cookies\owner@adopt.euroclick[2].txt
c:\documents and settings\owner\cookies\owner@media.adrevolver[2].txt
c:\documents and settings\owner\cookies\owner@precisionclick[1].txt
c:\documents and settings\owner\cookies\owner@adrevolver[2].txt
c:\documents and settings\owner\cookies\owner@ads.pointroll[1].txt
c:\documents and settings\owner\cookies\owner@scholastic.122.2o7[1].txt
c:\documents and settings\owner\cookies\owner@adknowledge[2].txt
c:\documents and settings\owner\cookies\owner@cts.metricsdirect[1].txt
c:\documents and settings\owner\cookies\owner@ads.cc214142[2].txt
c:\documents and settings\owner\cookies\owner@atwola[1].txt
c:\documents and settings\owner\cookies\owner@partner2profit[1].txt
c:\documents and settings\owner\cookies\owner@38266[1].txt
c:\documents and settings\owner\cookies\owner@entrepreneur.122.2o7[1].txt
c:\documents and settings\owner\cookies\owner@homestore.122.2o7[1].txt
c:\documents and settings\owner\cookies\owner@counter.cnw[1].txt
c:\documents and settings\owner\cookies\owner@ad.yieldmanager[1].txt
c:\documents and settings\owner\cookies\owner@regalinteractive[2].txt
c:\documents and settings\owner\cookies\owner@serving-sys[2].txt
c:\documents and settings\owner\cookies\owner@mb[2].txt
c:\documents and settings\owner\cookies\owner@superstats[1].txt
c:\documents and settings\owner\cookies\owner@ad.tbn[1].txt
c:\documents and settings\owner\cookies\owner@e-2dj6wfmyokdjkeq.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@meetupcom.122.2o7[1].txt
c:\documents and settings\owner\cookies\owner@imrworldwide[2].txt
c:\documents and settings\owner\cookies\owner@ads.cnn[1].txt
c:\documents and settings\owner\cookies\owner@e-2dj6wfk4qgdpmkp.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@yieldmanager[1].txt
c:\documents and settings\owner\cookies\owner@ads.adbrite[1].txt
c:\documents and settings\owner\cookies\owner@kontera[1].txt
c:\documents and settings\owner\cookies\owner@partygaming.122.2o7[1].txt
c:\documents and settings\owner\cookies\owner@list[1].txt
c:\documents and settings\owner\cookies\owner@bluegrasscountry[1].txt
c:\documents and settings\owner\cookies\owner@engine.adnet[2].txt
c:\documents and settings\owner\cookies\owner@data3.perf.overture[1].txt
c:\documents and settings\owner\cookies\owner@h.starware[1].txt
c:\documents and settings\owner\cookies\owner@e-2dj6wjkockazkco.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@amlocalhost.trymedia[2].txt
c:\documents and settings\owner\cookies\owner@ads.revsci[1].txt
c:\documents and settings\owner\cookies\owner@data2.perf.overture[2].txt
c:\documents and settings\owner\cookies\owner@clicksor[1].txt
c:\documents and settings\owner\cookies\owner@kmpads[1].txt
c:\documents and settings\owner\cookies\owner@clickshapers[1].txt
c:\documents and settings\owner\cookies\owner@forumfind[1].txt
c:\documents and settings\owner\cookies\owner@ads.belointeractive[1].txt
c:\documents and settings\owner\cookies\owner@northwestairlines.112.2o7[1].txt
c:\documents and settings\owner\cookies\owner@apmebf[1].txt
c:\documents and settings\owner\cookies\owner@ad.text.tbn[2].txt
c:\documents and settings\owner\cookies\owner@www.googleadservices[2].txt
c:\documents and settings\owner\cookies\owner@e-2dj6wjlocjazalo.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@cpvfeed[1].txt
c:\documents and settings\owner\cookies\owner@www.googleadservices[1].txt
c:\documents and settings\owner\cookies\owner@dcsi583rp10000oevcqz9y4us_6l6d[1].txt
c:\documents and settings\owner\cookies\owner@homeloancenter[1].txt
c:\documents and settings\owner\cookies\owner@revsci[1].txt
c:\documents and settings\owner\cookies\owner@73403369[1].txt
c:\documents and settings\owner\cookies\owner@e-2dj6wjkyelczmcp.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@zscript[1].txt
c:\documents and settings\owner\cookies\owner@cbs.112.2o7[1].txt
c:\documents and settings\owner\cookies\owner@e-2dj6wjloumcpceo.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@adbrite[2].txt
c:\documents and settings\owner\cookies\owner@75701581[1].txt
c:\documents and settings\owner\cookies\owner@rambler[1].txt
c:\documents and settings\owner\cookies\owner@microsoftwlmessengermkt.112.2o7[1].txt
c:\documents and settings\owner\cookies\owner@3.adbrite[1].txt
c:\documents and settings\owner\cookies\owner@74613876[2].txt
c:\documents and settings\owner\cookies\owner@cnn.122.2o7[1].txt
c:\documents and settings\owner\cookies\owner@www.collegetraditions[1].txt
c:\documents and settings\owner\cookies\owner@aclickawayremotes[2].txt
c:\documents and settings\owner\cookies\owner@60153518[1].txt
c:\documents and settings\owner\cookies\owner@e-2dj6wjnyqhazwlq.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@www.googleadservices[5].txt
c:\documents and settings\owner\cookies\owner@try.starware[1].txt
c:\documents and settings\owner\cookies\owner@anad.tacoda[2].txt
c:\documents and settings\owner\cookies\owner@data4.perf.overture[2].txt
c:\documents and settings\owner\cookies\owner@perf.overture[1].txt
c:\documents and settings\owner\cookies\owner@insightfirst[1].txt
c:\documents and settings\owner\cookies\owner@embarq.112.2o7[1].txt
c:\documents and settings\owner\cookies\owner@ad.100.tbn[1].txt
c:\documents and settings\owner\cookies\owner@e-2dj6wjmyulcjseo.stats.esomniture[2].txt
c:\documents and settings\owner\cookies\owner@media.wii.ign[1].txt
c:\documents and settings\owner\cookies\owner@specificclick[2].txt
c:\documents and settings\owner\cookies\owner@eyewonder[1].txt
c:\documents and settings\owner\cookies\owner@www.homeloancenter[2].txt
c:\documents and settings\owner\cookies\owner@synacor.112.2o7[1].txt
c:\documents and settings\owner\cookies\owner@ads.expedia[1].txt
c:\documents and settings\owner\cookies\owner@ads.owen-media-store[1].txt
C:\Documents and Settings\Owner\Cookies\owner@Ad-Aware-SE-Personal-Edition[1].txt
Adware.180solutions/Search Assistant
HKCR\MediaGateway.Installer
HKCR\MediaGateway.Installer\CLSID
HKCR\MediaGateway.Installer\CurVer
HKCR\MediaGatewayX.Installer
HKCR\MediaGatewayX.Installer\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\AQ5P2SGB\INSTALL[1].EXE
C:\WINDOWS\SYSTEM32\PHCJMSJ0EGDP.BMP
C:\WINDOWS\U1O5M8EN.EXE
------------------------------------
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:54:16 PM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
