Malware Removal[INACTIVE]

pvail

By pvail,
in Malware Removal

 Share Followers 0

Recommended Posts

pvail

pvail

Posted
Posted

I have a computer that was infected with the WINReanimator software. Once the WINReanimator program started infecting the other computer it would not allow the computer to access the Internet because it keep popping up with the message, " Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." At the bottom of the message there two boxes that say, "Send Error Report" and the Other says, "Don't Send." I loaded your program on the second computer via the CD and ran the application. It removed 352 programs but the Internet Explorer program is still showing the error message and in the start up menu bar there still remains a red x that says, " Your computer is infected! Windows has detected spy-ware infection. It is recommended to use special anti-spyware tools to prevent data loss. Windows will now download the most up-to-date anti-spyware for you. Click here to protect your computer from spy-ware." When you click the program loads even after running your software Malwarebytes' Anti -Malware.

Please Advise

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Hello and Welcome to BT. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Sorry for the delay!

hjticonle6.gifClick here to download HJTInstall.exe

  • Save HJTInstall.exe to your desktop.
  • Double click on the HJTInstall.exe icon on your desktop.
  • A window will pop up, and simply click Install.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis.
  • When it is completed installing HijackThis, it will automatically launch and you will be presented with the License Agreement. Click on the I Accept button.
  • Once the license agreement is gone, click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Link to post
Share on other sites
pvail

pvail

Posted
  • Author
Posted
Hello and Welcome to BT. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Sorry for the delay!

hjticonle6.gifClick here to download HJTInstall.exe

  • Save HJTInstall.exe to your desktop.
  • Double click on the HJTInstall.exe icon on your desktop.
  • A window will pop up, and simply click Install.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis.
  • When it is completed installing HijackThis, it will automatically launch and you will be presented with the License Agreement. Click on the I Accept button.
  • Once the license agreement is gone, click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Pvailing

The WinReanimater will not allow me to acess to internet so i burned the application to a CD and tried to install it on the problem PC but there was no response. Double click nothing! Tried to install again nothing. So I am pasting the log from the Malwarebytes Anti-Malware program.

Thanks for your help!

1st Scan

Malwarebytes' Anti-Malware 1.08

Database version: 493

Scan type: Full Scan (C:\|)

Objects scanned: 292338

Time elapsed: 2 hour(s), 4 minute(s), 50 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 5

Registry Keys Infected: 109

Registry Values Infected: 12

Registry Data Items Infected: 0

Folders Infected: 22

Files Infected: 196

Memory Processes Infected:

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbOEAddOn.exe (Adware.Hotbar) -> Unloaded process successfully.

C:\Program Files\antiviirus.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\Program Files\tmp0.exe (Trojan.Alphabet) -> Unloaded process successfully.

Memory Modules Infected:

C:\WINDOWS\Installer\{13b3a0fc-3689-4d60-9dc2-db9ca9232a73}\RomSys.dll (Trojan.Alphabet) -> Unloaded module successfully.

C:\WINDOWS\Installer\{4b8a1780-15d5-41e8-941d-69f8f6bb3bff}\zip.dll (Trojan.Alphabet) -> Unloaded module successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbHostOE.dll (Adware.Hotbar) -> Unloaded module successfully.

C:\WINDOWS\bokpkov.dll (Trojan.FakeAlert) -> Unloaded module successfully.

C:\WINDOWS\altvxvm.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{13b3a0fc-3689-4d60-9dc2-db9ca9232a73} (Trojan.Alphabet) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{4b8a1780-15d5-41e8-941d-69f8f6bb3bff} (Trojan.Alphabet) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{00b498e3-0543-4624-8fde-1caf89a80550} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{00b498e3-0543-4624-8fde-1caf89a80550} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbtoolbar.toolbarctl (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbtoolbar.toolbarctl.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\asapcom.asapenvelope (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8ac5bc54-b13b-4642-99f9-0baa2d116184} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\asapcom.asapenvelope.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\asapcom.asapmessage (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\asapcom.asapmessage.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbhostol.mailanim (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbhostol.mailanim.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbcoresrv.lfgax (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbcoresrv.lfgax.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbtoolbar.htmlmenuui (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbtoolbar.htmlmenuui.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\spamblockerutility.commband (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\spamblockerutility.commband.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\asapcom.asapclass (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\asapcom.asapclass.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbinstie.sbinstobj (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbinstie.sbinstobj.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\asapcom.asapmain (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\asapcom.asapmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbcoresrv.coreservices (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbcoresrv.coreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbhostol.webmailsend (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbhostol.webmailsend.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\asapcom.asaprecipients (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\asapcom.asaprecipients.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\spamblockerconfig.application (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\spamblockerconfig.application.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d9882035-7745-47c7-8d5e-c11178f9c553} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e678cbdc-d022-41f5-ab21-c43dfd9dfc3e} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e678cbdc-d022-41f5-ab21-c43dfd9dfc3e} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ea232a0a-46f8-4d44-a30b-50321518a828} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ea232a0a-46f8-4d44-a30b-50321518a828} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\spamblockerutility.sbmain (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\spamblockerutility.sbmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbsrv.coreservices (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sbsrv.coreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{45397063-d7d0-47c2-9508-26487608a298} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{71e9cf40-af72-4b55-bd3f-1fea2a0eaea6} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{71efe583-62fe-4419-9918-ca3b683f7b36} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{793af621-5cd0-4b92-b765-6712f6aaf48e} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{9967a873-40f3-4c7e-9239-6c8760f19f61} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{b9f51d42-cca0-4408-bb02-d433d1865a3a} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{f8ee014f-b34c-4544-8e45-95a7971d323b} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1c1793e0-1034-4cac-837d-aa545f6961bf} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{014da6cd-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0494d0d2-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0494d0d3-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0494d0d5-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0494d0d7-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0494d0db-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bfgtoolbar.bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3b} (Adware.OneToolBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3c} (Adware.OneToolBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bfgtoolbar.bfgtoolbartoggle button (Adware.OneToolBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bfgtoolbar.bfgtoolbarmenu button (Adware.OneToolBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{03c4c5f4-1893-444c-b8d8-002f0034da92} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{11e2bc0c-5d4f-4e0c-b438-501ffe05a382} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1e8275a1-d60d-2cf8-221f-2b96062af890} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{37587889-fc28-4507-b6d3-8557305f7511} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{4a5e947e-c407-4dcc-a0b5-5658e457153b} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{4fd5c4d3-6c15-4ea0-9eb9-eee8fc74a91b} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{620d55b0-f2fb-464e-a278-b4308db1db2b} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{741beefd-aec0-4aff-84af-4f61d15f5526} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7a41359e-0407-470f-b3f7-7c6a0f7c449a} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7c4a630a-de98-4e3e-8093-e8f5e159bb72} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7ed1e9b1-cb57-4fa0-84e8-fae653fe8e6b} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a6931b16-90fa-4d69-a49f-3abfa2c04060} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c5aa36a1-8bd1-47e0-90f8-47e7239c6ea1} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c8a26cae-1c6b-ffd2-b9b7-f84ec7f97d02} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{fa2cbafb-f7b1-4f41-9b7a-73329a6c1cb7} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\WinReanimator (Rogue.WinReanimator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1e88c4fe-1fd6-427a-ade5-86f647bea2f0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e88c4fe-1fd6-427a-ade5-86f647bea2f0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a9a6d09d-74c2-43fa-84a5-098d4bad8b86} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a6291d8d-aac4-4e24-82ec-5b15e0ea326b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.bltm (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MSVPS.MSVPSApp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Spam Blocker (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\SbHostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpamBlockerOutlookTools (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpamBlockerWebTools (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\RomSys (Trojan.Alphabet) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\zip (Trojan.Alphabet) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpamBlocker (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\antiviirus (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\bokpkov (Trojan.FakeAlert) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\altvxvm (Trojan.FakeAlert) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SpamBlockerUtility 4.7.5 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions\Spam Blocker for MS Outlook (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\WINDOWS\Installer\{13b3a0fc-3689-4d60-9dc2-db9ca9232a73} (Trojan.Alphabet) -> Delete on reboot.

C:\WINDOWS\Installer\{4b8a1780-15d5-41e8-941d-69f8f6bb3bff} (Trojan.Alphabet) -> Delete on reboot.

C:\Program Files\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility (Adware.Hotbar) -> Delete on reboot.

C:\Program Files\SpamBlockerUtility\bin (Adware.Hotbar) -> Delete on reboot.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0 (Adware.Hotbar) -> Delete on reboot.

C:\Program Files\SpamBlockerUtility\bin\4.7.7.0 (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\Installer\{13b3a0fc-3689-4d60-9dc2-db9ca9232a73}\RomSys.dll (Trojan.Alphabet) -> Delete on reboot.

C:\WINDOWS\Installer\{4b8a1780-15d5-41e8-941d-69f8f6bb3bff}\zip.dll (Trojan.Alphabet) -> Delete on reboot.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SBClientSinkPS.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\ASAPCom.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SBTrayAppPS.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SBSrvPS.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\bfgtoolbar.dll (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Local Settings\Temp\cd2A1.tmp.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Local Settings\Temp\cd385.tmp.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Local Settings\Temp\cmdinst.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Local Settings\Temp\GLK3AE.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Local Settings\Temporary Internet Files\Content.IE5\23C7Q5OV\BugdoctorSetup[1].exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\Redemption.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SBOLExp.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SBOLExt.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SBUIRes.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SBUISkin.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\WinAntiVirus Pro 2006\avcom.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\SpamBlockerUtility.log (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\SpamBlockerUtility_1148750777.log (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\SpamBlockerUtility_1148751218.log (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\SpamBlockerUtility_1148751656.log (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\SpamBlockerUtility_1148752234.log (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\SpamBlockerUtility_1148752840.log (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\SpamBlockerUtility_1148996710.log (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\SbUninst.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\1_Trash.wav (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\2_Balloon.wav (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\3_Shot Gun.wav (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\Cml.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\Contact.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbAds.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbCoreSrv.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbGuard.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbHostIE.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbHostOE.dll (Adware.Hotbar) -> Delete on reboot.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbHostOL.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbInstIE.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbOEAddOn.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbSrv.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbToolbar.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbWallpaper.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SbWeatherOnTray.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\ShopperReports.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.5.0\SpamBlockerUtility.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.7.0\1_Trash.wav (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.7.0\2_Balloon.wav (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\SpamBlockerUtility\bin\4.7.7.0\3_Shot Gun.wav (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\install.ico (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\toolbar.ini (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\uninstall.exe (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\bfgtoolbartb0401.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\ErrorLog.txt (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\le.txt (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Program Files\bfgtoolbar\Cache\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\WinAntiVirus Pro 2006\Logs\update.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\WinAntiVirus Pro 2006\Logs\winav.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\WinAntiVirus Pro 2006\PGE.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\WinAntiVirus Pro 2006\Logs\update.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\WinAntiVirus Pro 2006\Logs\winav.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Registry Defender\Registry Defender Help.lnk (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Registry Defender\Registry Defender.lnk (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\bfgtoolbarDLL.zip (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\bfgtoolbartb0500.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\seong choi\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\bfgtoolbarDLL.zip (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\bfgtoolbartb0500.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\ErrorLog.txt (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\mahjong.bmp1909125 (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\bfgtoolbarDLL.zip (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\bfgtoolbartb0500.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\ErrorLog.txt (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Quiana\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\Program Files\antiviirus.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cru629.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Unist1.htm (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\Uninst2.htm (Malware.Trace) -> Quarantined and deleted successfully.

C:\Program Files\tmp0.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Delete on reboot.

C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\cru629.dat (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\fmsxwqs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\etlrlws.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\drnpfdxkfw.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\bokpkov.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\altvxvm.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\system32\winivstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\SpamBlockerUtility.inf (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\sandra cotten\Desktop\Security Updates.url (Rogue.Link) -> Quarantined and deleted successfully.

2nd Scan

Malwarebytes' Anti-Malware 1.08

Database version: 493

Scan type: Quick Scan

Objects scanned: 217824

Time elapsed: 1 hour(s), 30 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cru629.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Delete on reboot.

C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\cru629.dat (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winivstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Link to post
Share on other sites
pvail

pvail

Posted
  • Author
Posted
Well MBAM seems to have cleared a lot of the infections, can you still not access the net?

I can not access the net with internet explorer. I can get on line if I go through my computer. Also the program Red X is still in the task bar and if I click on the box the Winreaninator will start loading again. I will try to load HijackThis directly and see what that does.

Is there anything else I can do?

pvailing

Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Hello,

Please save the following to programs to a protable media device and then read my instructions on how to run them below on the infected PC. Make sure to run SmitFraudFix first. Also post both longs in your next reply.

SmitfraudFix

and

ComboFix

Instructions for SmitFraudFix

Double-click on SmitfraudFix.exe

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Instructions for ComboFix

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

For more information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------


    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

    [*]Double click on combofix.exe & follow the prompts.

    [*]When finished, it will produce a report for you.

    [*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Link to post
Share on other sites
pvail

pvail

Posted
  • Author
Posted (edited)
Hello,

Please save the following to programs to a protable media device and then read my instructions on how to run them below on the infected PC. Make sure to run SmitFraudFix first. Also post both longs in your next reply.

SmitfraudFix

and

ComboFix

Instructions for SmitFraudFix

Double-click on SmitfraudFix.exe

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Instructions for ComboFix

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

For more information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------


    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

    [*]Double click on combofix.exe & follow the prompts.

    [*]When finished, it will produce a report for you.

    [*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Howdy,

Here is the log from the Smitfraudfix. I did not run the ComboFix yet. I'll wait for your reply.

SmitFraudFix v2.305

Scan done at 20:27:37.60, 03/16/2008 Sun

Run from F:\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\drsmartload2.dat Deleted

C:\WINDOWS\keyboard1.dat Deleted

C:\WINDOWS\newname.dat Deleted

C:\WINDOWS\teller2.chk Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{11B635F9-7271-462E-BF3D-A960FB8B2A1F}: DhcpNameServer=192.168.1.1 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B6303B47-FE11-4F44-9CB4-B2E466006D75}: DhcpNameServer=192.168.20.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{11B635F9-7271-462E-BF3D-A960FB8B2A1F}: DhcpNameServer=192.168.1.1 192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{B6303B47-FE11-4F44-9CB4-B2E466006D75}: DhcpNameServer=192.168.20.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{11B635F9-7271-462E-BF3D-A960FB8B2A1F}: DhcpNameServer=192.168.1.1 192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{B6303B47-FE11-4F44-9CB4-B2E466006D75}: DhcpNameServer=192.168.20.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Edited by pvailing
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing