Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: bryan234 on May 08, 2010, 06:53:28 PM
-
Seems like most people are having the same problem. Please advise. Thanks.
-
Provide more information, thanks.
-
Sorry for the delay, we are busy here on the boards. If you are still having issues, please do the following:
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here (http://www.malwarebytes.org/mbam/program/mbam-setup.exe).
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
-
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4086
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/10/2010 12:08:54 PM
mbam-log-2010-05-10 (12-08-54).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 238688
Time elapsed: 1 hour(s), 12 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 37
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Program Files\Mozilla Firefox\extensions\{70c5e1a1-98ea-81af-6392-2961d9559a08}\components\fe_Z-00B63.dll (Adware.BHO) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{eca3e63b-2d45-2cad-efb1-65fd6c346935} (Adware.LoudMo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\search toolbar (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flv direct player (Adware.FLVPlayer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a-qlgf_qnkxkni (Adware.LoudMo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c508522-2c39-bc0a-1c9b-9e5fb0277a1f} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c508522-2c39-bc0a-1c9b-9e5fb0277a1f} (Adware.AdRotator) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sctdtvvw (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sctdtvvw (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://bing.zugo.com/?cfg=2-76-0-UEOP) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.231,93.188.161.72 -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\FLV Direct Player (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Mozilla Firefox\extensions\{70c5e1a1-98ea-81af-6392-2961d9559a08}\components\fe_Z-00B63.dll (Adware.BHO) -> Delete on reboot.
C:\Documents and Settings\DJ\Local Settings\Application Data\epcxflmqw\mgstwgptssd.exe (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\SearchToolbarUninstall.exe (Adware.Zugo) -> Quarantined and deleted successfully.
C:\Documents and Settings\DJ\Desktop\DC stuff\Magic DVD Ripper\Magic DVD Ripper v3.3 Setup.exe (Adware.UCMore) -> Quarantined and deleted successfully.
C:\Documents and Settings\DJ\Local Settings\temp\Component Update 126 (Adware.LoudMo) -> Quarantined and deleted successfully.
C:\Documents and Settings\DJ\Local Settings\temp\Component Update 157 (Adware.LoudMo) -> Quarantined and deleted successfully.
C:\Documents and Settings\DJ\Local Settings\temp\Component Update 407 (Adware.LoudMo) -> Quarantined and deleted successfully.
C:\Documents and Settings\DJ\Local Settings\temp\Component Update 563 (Adware.LoudMo) -> Quarantined and deleted successfully.
C:\Documents and Settings\DJ\Local Settings\temp\mPDa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\DJ\Local Settings\temp\Qjut.exe (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully.
C:\Documents and Settings\DJ\Local Settings\temp\Ybxl.exe (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully.
C:\Documents and Settings\DJ\Local Settings\Temporary Internet Files\Content.IE5\5D234UN5\n002102318801r0409J0d000601R4631da79W1656a78dXc4654120Y8f86b05bZ03003f360[1] (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully.
C:\Documents and Settings\DJ\Local Settings\Temporary Internet Files\Content.IE5\5D234UN5\n002102801r0409J0d000601R4631da79Xc465412fY8f86b05bZ03003f3630dP000501080[1] (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully.
C:\Documents and Settings\DJ\Local Settings\Temporary Internet Files\Content.IE5\5D234UN5\eHad747fe4V03007f35002Rb49ca91b102Te60e1844Q0000004c901801F0016000aJ0d000601l0409K428a9f513180[1] (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\DJ\My Documents\Downloads\FLVDirect.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe (Adware.Zugo) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\uninstall.exe (Adware.FLVPlayer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C1FDE112-7F2E-44A7-87E2-2E0265CC1B0B}\RP116\A0030301.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C1FDE112-7F2E-44A7-87E2-2E0265CC1B0B}\RP116\A0030427.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C1FDE112-7F2E-44A7-87E2-2E0265CC1B0B}\RP176\A0045562.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C1FDE112-7F2E-44A7-87E2-2E0265CC1B0B}\RP176\A0045582.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C1FDE112-7F2E-44A7-87E2-2E0265CC1B0B}\RP177\A0045625.exe (Adware.Zugo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A-QlgF_qNkXKni.exe (Adware.LoudMo) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\FLVPlayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\player.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\Button.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\Window.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\FLV Direct Player\FLV Direct Player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\FLV Direct Player\Uninstall FLV Direct Player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\--_7_sR0LH_AiE.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
-
Please visit this webpage for a tutorial on downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
See the area: Using ComboFix, and when done, post the log back here.