Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: HELP PLZ  (Read 7537 times)

0 Members and 1 Guest are viewing this topic.

``David

    Topic Starter


    Rookie

    HELP PLZ
    « on: June 16, 2008, 08:31:30 PM »
    well recently, something has installed itself on my computer, it is called "mlware protector 2008" and whenever i try to go to contorol panel to uninstall it i get a message saying "the operatoer has been canceld due to restrictions in effect on this computer. please contact your sytem administrator" please help me guys
    Logged

    Broni


      Mastermind
    • Kraków my love :)
      • Thanked: 614
      • Computer Help Forum
    • Computer: Specs
    • Experience: Experienced
    • OS: Windows 8
    Re: HELP PLZ
    « Reply #1 on: June 16, 2008, 08:33:07 PM »
    Print these instructions out.

    1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

        * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
        * An icon will be created on your desktop. Double-click that icon to launch the program.
        * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
        * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT  FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

        * Open SUPERAntiSpyware.
        * Under "Configuration and Preferences", click the Preferences button.
        * Click the Scanning Control tab.
        * Under Scanner Options make sure the following are checked (leave all others unchecked):
              o Close browsers before scanning.
              o Scan for tracking cookies.
              o Terminate memory threats before quarantining.
        * Click the "Close" button to leave the control center screen.
        * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
        * On the left, make sure you check C:\Fixed Drive.
        * On the right, under "Complete Scan", choose Perform Complete Scan.
        * Click "Next" to start the scan. Please be patient while it scans your computer.
        * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
        * Make sure everything has a checkmark next to it and click "Next".
        * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
        * If asked if you want to reboot, click "Yes".
        * To retrieve the removal information after reboot, launch SUPERAntispyware again.
              o Click Preferences, then click the Statistics/Logs tab.
              o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
              o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
              o Please copy and paste the Scan Log results in your next reply.
        * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

        * Double-click mbam-setup.exe and follow the prompts to install the program.
        * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
        * If an update is found, it will download and install the latest version.
        * Once the program has loaded, select Perform full scan, then click Scan.
        * When the scan is complete, click OK, then Show Results to view the results.
        * Be sure that everything is checked, and click Remove Selected.
        * When completed, a log will open in Notepad.
        * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    3. Download HijackThis:
    http://www.snapfiles.com/get/hijackthis.html
    Post HijackThis log.
    Logged

    ``David

      Topic Starter


      Rookie

      Re: HELP PLZ
      « Reply #2 on: June 16, 2008, 09:46:31 PM »
      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 06/16/2008 at 08:37 PM

      Application Version : 3.9.1008

      Core Rules Database Version : 3371
      Trace Rules Database Version: 1366

      Scan type       : Complete Scan
      Total Scan Time : 00:59:37

      Memory items scanned      : 480
      Memory threats detected   : 1
      Registry items scanned    : 4348
      Registry threats detected : 17
      File items scanned        : 23328
      File threats detected     : 158

      Trojan.Unclassified/CTFMONA
         C:\WINDOWS\SYSTEM32\CTFMONA.EXE
         C:\WINDOWS\SYSTEM32\CTFMONA.EXE
         [ctfmona] C:\WINDOWS\SYSTEM32\CTFMONA.EXE

      Adware.Tracking Cookie
         C:\Documents and Settings\Owner\cookies\owner@1059751264[1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\owner@advertising[2].txt
         C:\Documents and Settings\Owner\cookies\owner@cgi-bin[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@fcgi-bin[2].txt
         C:\Documents and Settings\Owner\cookies\owner@azjmp[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@trafficvenuedirect[2].txt
         C:\Documents and Settings\Owner\cookies\owner@questionmarket[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@media6degrees[2].txt
         C:\Documents and Settings\Owner\cookies\owner@revenue[2].txt
         C:\Documents and Settings\Owner\cookies\owner@tacoda[2].txt
         C:\Documents and Settings\Owner\cookies\owner@realmedia[1].txt
         C:\Documents and Settings\Owner\cookies\owner@adserver[1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\owner@tribalfusion[2].txt
         C:\Documents and Settings\Owner\cookies\owner@bluestreak[1].txt
         C:\Documents and Settings\Owner\cookies\owner@statcounter[1].txt
         C:\Documents and Settings\Owner\cookies\owner@2o7[1].txt
         C:\Documents and Settings\Owner\cookies\owner@specificclick[2].txt
         C:\Documents and Settings\Owner\cookies\owner@zedo[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\owner@yadro[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@24714[2].txt
         C:\Documents and Settings\Owner\cookies\owner@24713[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\owner@fastclick[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@adlegend[2].txt
         C:\Documents and Settings\Owner\cookies\owner@eyewonder[1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\owner@revsci[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@atdmt[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@html[1].txt
         C:\Documents and Settings\Owner\cookies\owner@adbrite[2].txt
         C:\Documents and Settings\Owner\cookies\owner@adinterax[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@hitbox[2].txt
         C:\Documents and Settings\Owner\cookies\owner@burstnet[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@ad[1].txt
         C:\Documents and Settings\Owner\cookies\owner@trafficmp[2].txt
         C:\Documents and Settings\Owner\cookies\owner@adrevolver[3].txt
         C:\Documents and Settings\Owner\cookies\owner@adrevolver[1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@11332378[1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\owner@casalemedia[1].txt
         C:\Documents and Settings\Owner\cookies\owner@mediaplex[2].txt
         C:\Documents and Settings\Owner\cookies\owner@atwola[1].txt
         C:\Documents and Settings\Owner\cookies\owner@partner2profit[1].txt
         C:\Documents and Settings\Owner\cookies\owner@overture[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@serving-sys[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@21280[1].txt
         C:\Documents and Settings\Owner\cookies\owner@1070150779[1].txt
         C:\Documents and Settings\Owner\cookies\owner@1062308990[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@adecn[1].txt
         C:\Documents and Settings\Owner\cookies\owner@247realmedia[1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\owner@adultfriendfinder[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@clicksor[1].txt
         C:\Documents and Settings\Owner\cookies\owner@incentaclick[2].txt
         C:\Documents and Settings\Owner\cookies\owner@apmebf[1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@teenspot[1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\owner@interclick[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\owner@collective-media[2].txt
         C:\Documents and Settings\Owner\cookies\owner@cgi-bin[3].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@24716[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@12991[2].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\cookies\owner@find-ip-address[2].txt
         C:\Documents and Settings\Owner\cookies\owner@nextag[1].txt
         C:\Documents and Settings\Owner\cookies\owner@doubleclick[1].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@2o7[1].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adbrite[1].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adserver[1].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@advertising[2].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@apmebf[1].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atwola[1].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@azjmp[2].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@burstnet[2].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@casalemedia[1].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@fastclick[2].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@questionmarket[2].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@specificclick[1].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@statcounter[1].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[2].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tribalfusion[2].txt
         C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt

      Adware.E404 Helper/Hij
         HKCR\E404.e404mgr
         HKCR\E404.e404mgr\CLSID
         HKCR\E404.e404mgr\CurVer
         HKCR\E404.e404mgr.1
         HKCR\E404.e404mgr.1\CLSID
         HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
         HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
         HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
         HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
         HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
         HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
         HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
         HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
         HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
         HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
         HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

      Dialer.Dial/Gen Variant
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\MA1X1DD1V.GAME
         C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\MA1X1DD1V.GAME

      Trojan.VXGame-Gen
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\V3XD1.G22ME
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\V4XD3.GA2ME
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\V4XD6.GAM5E
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\V5XD2.G3AME
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\V5XD4.GA2ME
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\V6XDT4.GAME
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\VX1DT3.GAME
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\VX3DT2.GAME
         C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\V3XD1.G22ME
         C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\V4XD3.GA2ME
         C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\V5XD2.G3AME
         C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\V5XD4.GA2ME
         C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\V6XDT4.GAME
         C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\VX1DT1.GAME
         C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\VX1DT3.GAME
         C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\VX3DT2.GAME

      Trojan.VXGame/32
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\VX1DT1.GAME

      Trojan.Downloader-Gen/Suspicious
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LY824DAN\WINVEG[1].EXE
         C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\L66QR6I7\WINVEG[1].EXE

      Adware.Unknown Origin
         C:\PROGRAM FILES\COMMON FILES\QRMF\QRMFD\CLASS-BARREL
         C:\PROGRAM FILES\COMMON FILES\QRMF\QRMFD\VOCABULARY


      thats the superantispyware
      Logged

      Broni


        Mastermind
      • Kraków my love :)
        • Thanked: 614
        • Computer Help Forum
      • Computer: Specs
      • Experience: Experienced
      • OS: Windows 8
      Re: HELP PLZ
      « Reply #3 on: June 16, 2008, 09:56:01 PM »
      OK.
      Logged

      ``David

        Topic Starter


        Rookie

        Re: HELP PLZ
        « Reply #4 on: June 16, 2008, 10:19:04 PM »
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 9:18:24 PM, on 6/16/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\LEXBCES.EXE
        C:\WINDOWS\system32\LEXPPS.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.exe
        C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
        c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\wanmpsvc.exe
        c:\PROGRA~1\mcafee.com\vso\mcshield.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
        C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
        C:\WINDOWS\system32\wscntfy.exe
        C:\PROGRA~1\mcafee.com\agent\mcagent.exe
        C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
        C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
        C:\Program Files\MessengerPlus! 3\MsgPlus.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Real\RealPlayer\RealPlay.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
        C:\WINDOWS\SYSTEM32\coreinstall32.exe
        C:\Program Files\shcp0oj0en4n\shcp0oj0en4n.exe
        C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
        C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files\Logitech\MouseWare\system\em_exec.exe
        C:\Program Files\MSN Messenger\msnmsgr.exe
        C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
        C:\Program Files\MySpace\IM\MySpaceIM.exe
        C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
        C:\Program Files\AOL Companion\companion.exe
        C:\Program Files\Digital Line Detect\DLG.exe
        C:\Program Files\MySpace\IM\MySpaceIM.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com
        R3 - Default URLSearchHook is missing
        F2 - REG:system.ini: Shell=Explorer.exe
        O2 - BHO: (no name) - {07BD538E-DF5D-98D4-6142-EC752548DAAD} - C:\WINDOWS\system32\kemqx.dll (file missing)
        O2 - BHO: (no name) - {1432FA1C-2EC9-3D10-A64B-4C3FA176C9F4} - C:\WINDOWS\system32\zlzwpomv.dll (file missing)
        O2 - BHO: (no name) - {4731C8A2-4C7A-5FF5-1515-29C9FE829EFB} - C:\WINDOWS\system32\pjuaw.dll (file missing)
        O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O2 - BHO: (no name) - {7A95FAE0-7C35-3FEB-0954-4D9F5B5DA8F2} - C:\WINDOWS\system32\zyptelnb.dll (file missing)
        O2 - BHO: (no name) - {8608D05E-5585-1359-E09A-617D95C604F1} - C:\WINDOWS\system32\ryrozjma.dll (file missing)
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: (no name) - {916EDE18-0C93-4848-FE7E-6FBDA9E045AB} - C:\WINDOWS\system32\ilec.dll (file missing)
        O2 - BHO: (no name) - {93FDDE42-41AB-4025-DA2E-39E671870B90} - C:\WINDOWS\system32\jqmr.dll (file missing)
        O2 - BHO: (no name) - {99E515BC-C161-DBB7-0434-FBA4286D1EFC} - C:\WINDOWS\system32\nktsh.dll (file missing)
        O2 - BHO: (no name) - {A411393C-E0BB-F660-89EC-86F38D8327F2} - C:\WINDOWS\system32\jkcnp.dll (file missing)
        O2 - BHO: (no name) - {A6D0EE42-6C98-7511-F71E-09CB41B726A0} - C:\WINDOWS\system32\jqmr.dll (file missing)
        O2 - BHO: (no name) - {C6AE31E0-EC64-F1B6-0961-DE76651949A4} - C:\WINDOWS\system32\mdxk.dll (file missing)
        O2 - BHO: (no name) - {D4055C17-D197-C31C-FC0B-B860C4C352FC} - C:\WINDOWS\system32\dwflzjim.dll (file missing)
        O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
        O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
        O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
        O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
        O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
        O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
        O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [wzdmg] c:\windows\system32\wzdmg.exe /nocomm
        O4 - HKLM\..\Run: [{6C3B6E9E-0958-1033-1202-030512200001}] "C:\Program Files\Common Files\{6C3B6E9E-0958-1033-1202-030512200001}\Update.exe" te-110-12-0000213
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
        O4 - HKLM\..\Run: [{6C3B6E9E-0959-1033-1202-030512200001}] "C:\Program Files\Common Files\{6C3B6E9E-0959-1033-1202-030512200001}\Update.exe" te-110-12-0000213
        O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
        O4 - HKLM\..\Run: [MS10101] c:\program files\common files\system\en722.exe /noerrorinfo
        O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
        O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\UltimateDefender.exe" hide
        O4 - HKLM\..\Run: [MSCTFMON] C:\WINDOWS\SYSTEM32\coreinstall32.exe
        O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
        O4 - HKLM\..\Run: [SMshcp0oj0en4n] C:\Program Files\shcp0oj0en4n\shcp0oj0en4n.exe
        O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
        O4 - HKCU\..\Run: [Tzrnoc] C:\Program Files\Common Files\??crosoft\w?wexec.exe
        O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [Qafnyw] C:\WINDOWS\?ymantec\n?tepad.exe
        O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
        O4 - HKCU\..\Run: [qrmf] C:\PROGRA~1\COMMON~1\qrmf\qrmfm.exe
        O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
        O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
        O4 - HKCU\..\Policies\Explorer\Run: [{6C3B6E9E-0958-1033-1202-030512200001}] "C:\Program Files\Common Files\{6C3B6E9E-0958-1033-1202-030512200001}\Update.exe" te-110-12-0000213
        O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
        O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
        O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
        O4 - Global Startup: Digital Line Detect.lnk = ?
        O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
        O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
        O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134787196625
        O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://meijer.lifepics.com/common/UserUpload/ImageUploader3.cab
        O16 - DPF: {B12213CD-4189-415D-A054-7999528459F7} (pixelStormLauncher Class) - http://aolsvc.aol.com/onlinegames/tryrumblecube/pixelstormlauncher.cab
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O21 - SSODL: ZASHWjPLlU - {6C3B6E9F-C691-C435-67C7-FC6E7FB3BA21} - C:\WINDOWS\system32\xwe.dll (file missing)
        O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
        O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)
        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
        O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
        O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
        O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
        O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

        --
        End of file - 10486 bytes




        thats the hijackthis.... trying to find the saved log on malware
        Logged

        Broni


          Mastermind
        • Kraków my love :)
          • Thanked: 614
          • Computer Help Forum
        • Computer: Specs
        • Experience: Experienced
        • OS: Windows 8
        Re: HELP PLZ
        « Reply #5 on: June 16, 2008, 10:23:18 PM »
        OK. Bed time for me, so I'll check on you tomorrow.
        Logged

        ``David

          Topic Starter


          Rookie

          Re: HELP PLZ
          « Reply #6 on: June 17, 2008, 12:04:37 AM »
          Malwarebytes' Anti-Malware 1.17
          Database version: 846

          9:05:21 PM 6/16/2008
          mbam-log-6-16-2008 (21-05-20).txt

          Scan type: Quick Scan
          Objects scanned: 44881
          Time elapsed: 10 minute(s), 46 second(s)

          Memory Processes Infected: 1
          Memory Modules Infected: 1
          Registry Keys Infected: 125
          Registry Values Infected: 5
          Registry Data Items Infected: 0
          Folders Infected: 78
          Files Infected: 55

          Memory Processes Infected:
          C:\Program Files\Router\Router.exe (Trojan.Downloader) -> Unloaded process successfully.

          Memory Modules Infected:
          C:\Program Files\Helper\1204498797.dll (Trojan.Zlob) -> Unloaded module successfully.

          Registry Keys Infected:
          HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{03b902b1-9b25-4173-9468-56775c85a8d4} (Trojan.Zlob) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03b902b1-9b25-4173-9468-56775c85a8d4} (Trojan.Zlob) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\funwebproductsinstaller.start (Adware.MyWebSearch) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\funwebproductsinstaller.start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{1d4db7d1-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Typelib\{1d4db7d0-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{11df9740-145f-49ca-831d-79158335a974} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{20f07b8b-c6b1-430a-852a-a65a3f81e1cc} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{3ae34ce6-5347-4d4d-80bc-0d78566f77f4} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{3b205a61-9744-4a75-b26f-848d4a028c81} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{47271bf9-7a45-4d02-a5e4-cf56b9b17b73} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{4e3642dd-c0bc-4f90-9421-b1085049f6d3} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{65f0bd13-9b5f-4a7f-91c1-2ea63209f36c} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{6c266bc2-23c6-464f-9de1-5b991da2f02c} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{79075110-cb8e-4847-ba4a-8b91fb388bd8} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{7ebc1472-c15f-4b11-b0e7-b1b3f067dfef} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{827cc9bc-ff78-47b4-b3b3-21c262e8a04d} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{9d43f877-19ef-4426-950e-d4ee67f8b9ef} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{b44a100a-4d07-42c2-833b-617ea078299f} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{c473f94e-bfa2-4dba-8103-a703411cbf92} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{c9b0ecc1-e84d-4069-a569-e59ea9afc398} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{d22b762d-1107-4def-90bf-c5db58c4c4aa} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{e02c9985-7743-476e-9a28-de3ed17cc810} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{e046bd9a-7c0c-420b-8c72-59a38cf894f7} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{e30e04f6-7066-43bf-b9ce-a3d3bfb41075} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{e612ecb1-8c67-4706-9d9e-ef1690b64106} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{e637a5ea-6249-4e25-8f15-8ae400b36d3a} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{ec26829d-fbf2-40e6-85fd-6a2d5563d5ed} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{f1819e24-19f3-4b7e-aa2f-889358be8022} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{07a25120-a92b-4baa-a514-eed6667d6d83} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{15e0b9d1-6869-4b44-b64d-f60a350e725c} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{1b01b4f2-4cc1-4154-ab18-20a0bc553d24} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{1bc793ee-2447-4034-858a-de65d6d2bec9} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{1f5cf3c9-f384-4bce-b9a1-c5a00c6f2872} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{26ab4ac4-23d3-4004-b9d8-bff54166503c} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{354242fc-4dde-48fd-9960-8801b4cf5cf4} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{36d8eec8-86fe-41ab-917d-b1db221347fc} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{4689349f-0b3a-4698-a404-2e81c9b05acc} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{4e30c4b0-1fb1-427d-90b3-be85c877b236} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{4f3145e3-67de-4654-9eaf-d72133fe65e7} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{59da55f2-d42c-492e-8cee-897717d47877} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{6fe6d492-28b1-4a8d-88e9-22e1e3530da0} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{8c4e45a4-fdbc-4de0-8d1f-4ec38d4f3023} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{8ed41818-1cb1-4d9e-8a21-4f7edf9b59c3} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{957de9d3-6ca7-4e7e-aa1d-3d13eb7cf99b} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{ad33aad5-f364-430f-8e2d-ce034150afdf} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{ae539347-f840-4c45-83d2-6e9225a3ec62} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{c7eb7da1-0b05-40d5-b73a-4b5ea77e7d67} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{cb32d487-2bdb-49ed-8b75-8ebfe6b0990b} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{cc789624-c0d2-469b-a34b-fc32117194e9} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{cda873d3-a380-4b32-b4b7-a25d2e63cdba} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{cf612595-40eb-443d-9bc2-2165aba6352f} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{e2e7d7e7-ea40-4cc3-89fb-fc6c43c8ca77} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{e3cd3689-b032-4d47-8d5f-d886628914a6} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{e52bddde-b92c-4174-8247-21d9118fa036} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{e5a292c6-2ce5-4702-b1fc-1f9d5f7f810d} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{e691676d-381a-4fa2-8188-f8597aa5e789} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{e6c3097f-1cf8-4563-8318-d25ccaaa1191} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{e779dc78-51e9-4630-a8d4-c9ae3548c6c7} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{e8e367a1-57d1-49cb-b1b0-192b95bd5e6a} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{f4d40fe2-8fef-45b0-8ddc-8fbd080e6a37} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{fecb6f44-0b53-43c3-b5e8-aa03ece60aa9} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Typelib\{06118cbf-3228-4d60-8139-201e32675dc7} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Typelib\{1ce9f746-219b-49ce-9155-cfe16a33cb4f} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{102c560b-d15c-4ba1-b163-7bb4acd26c34} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{627fb506-61e4-4d02-bdaf-bfd38c75e43f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{b6a908fa-6237-4791-ac61-8b6a28add9b6} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{e9c36375-c7a5-45f7-8b78-ad56965903e7} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Typelib\{c1ad0c75-a340-4253-9189-39ab5b2d8a41} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{0037f041-5ec7-46aa-be24-6b4e01215611} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{01181392-ea52-4aef-88fa-1cbcd8de6825} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{012c872d-6d66-499a-b69d-4a9c63690262} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{07c02614-ef46-41a4-88c9-2a867848b31d} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{12c7b02f-145d-46a4-b2e8-4255b601230a} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{13c1e692-405a-430c-9ac7-3c274369ff71} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{165bc2ec-0b03-4bd6-9e60-6323427b01ed} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{1690de52-5b60-42ca-9688-16b1a233094c} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{170b0977-27ea-426e-9b38-febab1724a1f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{1a8af5b9-87c4-454a-965f-8b1e00a51d93} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{2b68f0b9-3294-4e83-b026-d30894a6b062} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{39038d48-70ac-4b19-beb8-88cad47f2deb} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{4d56ddff-895a-438f-9b16-54618b3a47f7} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{4fb926ad-73e7-4bf5-bbf1-58a8f3eeb289} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{605196d3-a6cc-43ac-8104-e8cdca25ef58} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{65b96902-f3e3-4391-a523-848f1d30b12b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{76e3de06-3f95-4b6e-91b4-710498e437f4} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{89107b18-d3d4-46cb-8045-1af57b8c4535} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{a914b7cf-086d-4fe0-9108-3d72b97e5c2c} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{a9e3320e-52a9-4cb1-892f-ae8088d68a8e} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{aa958db8-1102-4091-ac05-ecbc7b2e426d} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{ae57830d-be33-4935-9d91-62f2eb0e8be3} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{ca27a95a-2b8c-478d-af5e-2e1761467eb4} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{dcd09900-b1db-4855-a41a-6245c1b2bcba} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{e4fb5b1d-83e5-4df3-892d-1a0e48f91e75} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{ebeabc4b-ae96-45cf-b5c8-fef6364a6d41} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{ef9aa426-50f9-4d27-94ba-8844a165ddd5} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{f084f574-f1b6-4e2b-9338-b321082693fc} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{f6185cf5-6a50-4be8-8f13-c4b8a13641f9} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Typelib\{b2e39a12-5d68-4276-9ac7-dfba3fcbb562} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
          \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oinsearch (Adware.PurityScan) -> Quarantined and deleted successfully.
          \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\router (Trojan.Downloader) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\CTF (Trojan.Dluca) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ultra soft (Rogue.Multiple) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\TrafficEngine (Rootkit.Agent) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\WinPop (Adware.WinPop) -> Quarantined and deleted successfully.

          Registry Values Infected:
          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Router (Trojan.Downloader) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SfKg6w (Trojan.Agent) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.

          Registry Data Items Infected:
          (No malicious items detected)

          Logged

          ``David

            Topic Starter


            Rookie

            Re: HELP PLZ
            « Reply #7 on: June 17, 2008, 12:05:09 AM »
            Folders Infected:
            C:\WINDOWS\system32\b02FdUe (Malware.Folder) -> Quarantined and deleted successfully.
            C:\Program Files\OIN Search (Adware.PurityScan) -> Quarantined and deleted successfully.
            C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
            C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
            C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
            C:\Program Files\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
            C:\Program Files\Helper (Adware.BHO) -> Delete on reboot.
            C:\Program Files\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
            C:\Program Files\EasySpywareCleaner\Quarantine (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
            C:\Program Files\Spy-Rid (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
            C:\Program Files\Spy-Rid\Infected (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
            C:\Program Files\InfeStop (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
            C:\Program Files\InfeStop\Quarantine (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
            C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
            C:\Program Files\Router (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\Program Files\EliteProtector (Rogue.EliteProtector) -> Quarantined and deleted successfully.
            C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\BrowserObjects (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuAllUsers (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuCurrentUser (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\spy-rid.com (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\spy-rid.com\SpyRid (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\spy-rid.com\SpyRid\Autorun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\spy-rid.com\SpyRid\BrowserObjects (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\spy-rid.com\SpyRid\Autorun\StartMenuAllUsers (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\spy-rid.com\SpyRid\Autorun\StartMenuCurrentUser (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun\RunOnce (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun\RunOnceEx (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun\RunOnce (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun\RunOnceEx (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\InfeStop.com (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\InfeStop.com\InfeStop (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\InfeStop.com\InfeStop\Autorun (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\InfeStop.com\InfeStop\BrowserObjects (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\InfeStop.com\InfeStop\Autorun\HKCURun (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\InfeStop.com\InfeStop\Autorun\HKLMRun (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\InfeStop.com\InfeStop\Autorun\StartMenuAllUsers (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\InfeStop.com\InfeStop\Autorun\StartMenuCurrentUser (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\InfeStop.com\InfeStop\Autorun\HKCURun\RunOnce (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\InfeStop.com\InfeStop\Autorun\HKCURun\RunOnceEx (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\InfeStop.com\InfeStop\Autorun\HKLMRun\RunOnce (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\InfeStop.com\InfeStop\Autorun\HKLMRun\RunOnceEx (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\AXPFixer\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\AXPFixer\AXPFixer\Quarantine (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\AXPFixer\AXPFixer\Quarantine\BrowserObjects (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\AXPFixer\AXPFixer\Quarantine\Packages (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.



            Files Infected:
            C:\Program Files\Router\Router.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
            C:\Program Files\Helper\1204498797.dll (Trojan.Zlob) -> Delete on reboot.
            C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
            C:\RECYCLER\S-1-5-21-1409082233-813497703-725345543-1003\Dc153.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
            C:\RECYCLER\S-1-5-21-1409082233-813497703-725345543-1003\Dc373.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\RECYCLER\S-1-5-21-1409082233-813497703-725345543-1003\Dc375.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\RECYCLER\S-1-5-21-1409082233-813497703-725345543-1003\Dc701.exe (Trojan.Shutdowner) -> Quarantined and deleted successfully.
            C:\WINDOWS\Temp\mst528.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\WINDOWS\Temp\vx1dt1.game (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\Documents and Settings\NetworkService\Local Settings\Temp\mst524.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\Documents and Settings\NetworkService\Local Settings\Temp\mst52C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\Documents and Settings\NetworkService\Local Settings\Temp\~tmp143 (Trojan.Agent) -> Quarantined and deleted successfully.
            C:\Documents and Settings\LocalService\Local Settings\Temp\~tmp143 (Trojan.Agent) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe (Malware.Folder) -> Quarantined and deleted successfully.
            C:\Program Files\OIN Search\Uninstall.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
            C:\Program Files\WinAble\winable.exe.lzma (Trojan.Adloader) -> Quarantined and deleted successfully.
            C:\Program Files\Router\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\Program Files\EliteProtector\EliteProtector.pkg (Rogue.EliteProtector) -> Quarantined and deleted successfully.
            C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
            C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
            C:\WINDOWS\inf\ultra.inf (Malware.Trace) -> Quarantined and deleted successfully.
            C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\dllh8jkd1q8(2).exe (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\dllh8jkd1q8(3).exe (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\ldinfo.ldr (Malware.Trace) -> Quarantined and deleted successfully.
            C:\WINDOWS\tcb.pmw (Malware.Trace) -> Quarantined and deleted successfully.
            C:\WINDOWS\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\drivers\etc\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
            C:\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.
            C:\WINDOWS\Casino.ico (Malware.Trace) -> Quarantined and deleted successfully.
            C:\WINDOWS\Free Online Dating.ico (Malware.Trace) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Quarantined and deleted successfully.
            C:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\vx.tll (Malware.Trace) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\Documents and Settings\LocalService\Application Data\Install.dat (Trojan.Agent) -> Quarantined and deleted successfully.
            C:\Documents and Settings\NetworkService\Local Settings\Temp\2.dllb (Heuristics.Malware) -> Quarantined and deleted successfully.
            C:\Documents and Settings\NetworkService\Local Settings\Temp\5.dllb (Heuristics.Malware) -> Quarantined and deleted successfully.
            C:\Documents and Settings\NetworkService\Local Settings\Temp\6.dllb (Heuristics.Malware) -> Quarantined and deleted successfully.
            C:\Documents and Settings\NetworkService\Local Settings\Temp\7.dllb (Heuristics.Malware) -> Quarantined and deleted successfully.
            C:\WINDOWS\Temp\ma1x1dd1v.game (Heuristics.Malware) -> Quarantined and deleted successfully.
            C:\WINDOWS\Temp\vx1dt3.game (Heuristics.Malware) -> Quarantined and deleted successfully.
            C:\WINDOWS\Temp\vx3dt2.game (Heuristics.Malware) -> Quarantined and deleted successfully.
            C:\WINDOWS\Temp\v3xd1.g22me (Heuristics.Malware) -> Quarantined and deleted successfully.
            C:\WINDOWS\Temp\v4xd3.ga2me (Heuristics.Malware) -> Quarantined and deleted successfully.
            C:\WINDOWS\Temp\v5xd2.g3ame (Heuristics.Malware) -> Quarantined and deleted successfully.
            C:\WINDOWS\Temp\v5xd4.ga2me (Heuristics.Malware) -> Quarantined and deleted successfully.
            C:\WINDOWS\Temp\v6xdt4.game (Heuristics.Malware) -> Quarantined and deleted successfully.
            C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Owner\Start Menu\Programs\Startup\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
            Logged

            Broni


              Mastermind
            • Kraków my love :)
              • Thanked: 614
              • Computer Help Forum
            • Computer: Specs
            • Experience: Experienced
            • OS: Windows 8
            Re: HELP PLZ
            « Reply #8 on: June 17, 2008, 04:11:19 PM »
            You ran "Quick scan" with Malwarebytes. You'll have to re-run it, using "Full scan".
            After that, run HJT again, and post fresh log.
            Logged
            Pages: [1]   Go Up
            « previous next »