Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2008


  • Please log in to reply
5 replies to this topic

#1 moonfang

moonfang

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 19 May 2008 - 11:35 PM

I think that I am infected with the Antivirus 2008. I found directions to remove it by using ATF Cleaner and Super AntiSpyware both of which i have downloaded to my desktop. I am going to follow these directions and then post the log upon finishing.

Thanks.

BC AdBot (Login to Remove)

 


#2 moonfang

moonfang
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 20 May 2008 - 10:48 PM

Here is the log from where I ran ATF Cleaner and Super Anti Spyware. I am running Windows XP on my computer. Thanks.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/20/2008 at 04:21 AM

Application Version : 4.1.1046

Core Rules Database Version : 3464
Trace Rules Database Version: 1455

Scan type : Complete Scan
Total Scan Time : 03:34:51

Memory items scanned : 170
Memory threats detected : 0
Registry items scanned : 7008
Registry threats detected : 69
File items scanned : 138724
File threats detected : 131

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\Programmable
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\TypeLib
C:\PROGRAM FILES\NEED2FIND\BAR\1.BIN\ND2FNBAR.DLL

Adware.Ezula
HKLM\SOFTWARE\Microsoft\Direct2D
HKLM\SOFTWARE\Microsoft\Direct2D#affilate_id
HKLM\SOFTWARE\Microsoft\Direct2D#request_queue
HKLM\SOFTWARE\Microsoft\Direct2D#version
HKLM\SOFTWARE\Microsoft\Direct2D#installation_id
HKLM\SOFTWARE\Microsoft\Direct2D#user_id
HKLM\SOFTWARE\Microsoft\Direct2D#db_number
HKLM\SOFTWARE\Microsoft\Direct2D#ezula_deniedsites
HKLM\SOFTWARE\Microsoft\Direct2D#related_sites
HKLM\SOFTWARE\Microsoft\Direct2D#ctx_popup_db
HKLM\SOFTWARE\Microsoft\Direct2D#random_context_blacklist
HKLM\SOFTWARE\Microsoft\Direct2D#ezula_dictionary
HKLM\SOFTWARE\Microsoft\Direct2D#last_ezulasync
HKLM\SOFTWARE\Microsoft\Direct2D#date
HKLM\SOFTWARE\Microsoft\Direct2D#popup_delay
HKLM\SOFTWARE\Microsoft\Direct2D#refresh_time
HKLM\SOFTWARE\Microsoft\Direct2D#related_pop_type
HKLM\SOFTWARE\Microsoft\Direct2D#ezula_maxdup
HKLM\SOFTWARE\Microsoft\Direct2D#rand_context_distortion
HKLM\SOFTWARE\Microsoft\Direct2D#navigation_error
HKLM\SOFTWARE\Microsoft\Direct2D#popup_time_distortion
HKLM\SOFTWARE\Microsoft\Direct2D#ezula_maxhilight
HKLM\SOFTWARE\Microsoft\Direct2D#rand_contextual_pop_type
HKLM\SOFTWARE\Microsoft\Direct2D#popup_ctx_delay
HKLM\SOFTWARE\Microsoft\Direct2D#ezula_enabled
HKLM\SOFTWARE\Microsoft\Direct2D#random_contextual_enabled
HKLM\SOFTWARE\Microsoft\Direct2D#program_push_enabled
HKLM\SOFTWARE\Microsoft\Direct2D#icon_drop_enabled
HKLM\SOFTWARE\Microsoft\Direct2D#related_popups_enabled
HKLM\SOFTWARE\Microsoft\Direct2D#update_url
HKLM\SOFTWARE\Microsoft\Direct2D#internal_affiliate_id
HKLM\SOFTWARE\Microsoft\Direct2D#country_id
HKLM\SOFTWARE\Microsoft\Direct2D#install_timestamp
HKLM\SOFTWARE\Microsoft\Direct2D#last_refresh_time
HKLM\SOFTWARE\Microsoft\Direct2D#nav_error_content
HKLM\SOFTWARE\Microsoft\Direct2D#push_list
HKLM\SOFTWARE\Microsoft\Direct2D#ctx_popup_shown
HKLM\SOFTWARE\Microsoft\Direct2D#next_ctx_popup_time
HKLM\SOFTWARE\Microsoft\Direct2D#last_push_time
HKLM\SOFTWARE\Microsoft\Direct2D#pushed_already
HKLM\SOFTWARE\Microsoft\Direct2D#fixed_ctx_pop_delay
HKLM\SOFTWARE\Microsoft\Direct2D#fixed_ctx_pop_distortion
HKLM\SOFTWARE\Microsoft\Direct2D#fixed_ctx_pop_enabled
HKLM\SOFTWARE\Microsoft\Direct2D#fixed_ctx_pop_db
HKLM\SOFTWARE\Microsoft\Direct2D#next_related_time
HKLM\SOFTWARE\Microsoft\Direct2D#next_icodrop_time
HKLM\SOFTWARE\Microsoft\Direct2D#next_fixed_ctx_popup_time

Adware.Elite Media
HKLM\Software\elite
HKLM\Software\elite#check
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/elite.ocx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/elite.ocx#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/elite.ocx#{9AC54695-69A4-46F1-BE10-10C74F9520D5}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\elite.ocx
C:\WINDOWS\elitemediagroup.ini

Adware.Zango Toolbar/Hb
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\InprocServer32
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\InprocServer32#ThreadingModel
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\ProgID
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\Programmable
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\TypeLib
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\VersionIndependentProgID

Unclassified.PC MightyMax
HKU\S-1-5-21-2490313724-1699297014-1799541729-1003\Software\PC MightyMax
C:\Program Files\PC MightyMax\lic.conf
C:\Program Files\PC MightyMax\lic.dat
C:\Program Files\PC MightyMax\pcdocrx.conf
C:\Program Files\PC MightyMax\pcmm_report.html
C:\Program Files\PC MightyMax\undo
C:\Program Files\PC MightyMax

Rogue.AntiVirus 2008
HKU\S-1-5-21-2490313724-1699297014-1799541729-1003\Software\Microsoft\Windows\CurrentVersion\Run#Antivirus [ C:\Program Files\Antivirus 2008\Antvrs.exe ]
C:\Program Files\Antivirus 2008\Antvrs.exe
C:\Program Files\Antivirus 2008
C:\Documents and Settings\Owner\Application Data\Antivirus
C:\Documents and Settings\Owner\Start Menu\Antivirus\Antivirus 2008.lnk
C:\Documents and Settings\Owner\Start Menu\Antivirus\Uninstall Antivirus.lnk
C:\Documents and Settings\Owner\Start Menu\Antivirus

Adware.Tracking Cookie
C:\Documents and Settings\Brittany\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\brittany@atwola[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@123count[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@2.go.globaladsales[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@5.go.globaladsales[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@ad.associatedcontent[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@ad.pcpoint[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@adinsert.buddymedia[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@ads.hairboutique[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@ads.realtechnetwork[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@ads.shopthescene[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@adserver.adreactor[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@anat.tacoda[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@au.2.cqcounter[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@bizrate[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@buzzymultimedia[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@chitika[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@clickaider[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@clickshapers[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@counter.inkfrog[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@counter.surfcounters[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@e-2dj6wak4emdzakp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@e-2dj6wgkoehdzwbq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@e-2dj6whkospd5ikq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@e-2dj6whlysnczgdo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@e-2dj6wjlywkcjedo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@e-2dj6wjmiaic5ofo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@eas.apm.emediate[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@eba-stats[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@femalefirst.co[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@femalefirst.uk.intellitxt[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@fliptrack[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@gcc-00.googleadservices[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@gcc-08.googleadservices[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@homeclick[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@iacas.adbureau[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@iad.liveperson[3].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@insightexpressai[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@link.mercent[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@lookery.adbureau[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@media.mtvnservices[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@media6degrees[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@partners.tattomedia[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@qnsr[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@richmedia.yahoo[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@sales.liveperson[3].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@sales.liveperson[7].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@sales.liveperson[8].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@satelitemusical[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@secure.w3track[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@server.iad.liveperson[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@server.iad.liveperson[4].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@server.iad.liveperson[5].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@server.iad.liveperson[6].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@server.iad.liveperson[8].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@seventeen[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@silo.thefind[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@socialmedia[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@spafinder[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@stat.dealtime[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@stats.channel4[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@stats.sphere[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@targetdirectories.advertserve[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@teen-summer-camps[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@teenvogue[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@thefind[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@thenewmedia.bigcartel[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@toddlercostumesexpress[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@toplist[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@tracking.foundry42[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@tracking.foundry42[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@tracking.foxnews[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@tremor.adbureau[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@vortexmediagroup[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@webtrends.moxymedia[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@webtrends.moxymedia[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.femalefirst.co[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.googleadservices[10].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.googleadservices[11].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.googleadservices[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.googleadservices[3].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.googleadservices[4].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.googleadservices[5].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.googleadservices[6].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.googleadservices[7].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.googleadservices[8].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.googleadservices[9].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.lensdiscounters[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.lensdiscounters[3].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.seventeen[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www.teenreads[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@www1.addfreestats[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@xms.missionmedia[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mertes@earthlink.net\Cookies\owner@xmstrack.missionmedia[1].txt
C:\found.000\dir0007.chk\mertes@earthlink.net\Cookies\brittany@a.websponsors[1].txt
C:\found.000\dir0007.chk\mertes@earthlink.net\Cookies\brittany@account.toontown[2].txt
C:\found.000\dir0007.chk\mertes@earthlink.net\Cookies\brittany@adknowledge[2].txt
C:\found.000\dir0007.chk\mertes@earthlink.net\Cookies\brittany@adopt.hbmediapro[1].txt
C:\found.000\dir0007.chk\mertes@earthlink.net\Cookies\brittany@ads.jackpot[1].txt
C:\found.000\dir0007.chk\mertes@earthlink.net\Cookies\brittany@atwola[1].txt
C:\found.000\dir0007.chk\mertes@earthlink.net\Cookies\brittany@azjmp[2].txt
C:\found.000\dir0007.chk\mertes@earthlink.net\Cookies\brittany@creativeby.viewpoint[1].txt
C:\found.000\dir0007.chk\mertes@earthlink.net\Cookies\brittany@dist.belnk[1].txt
C:\found.000\dir0007.chk\mertes@earthlink.net\Cookies\brittany@partner2profit[2].txt
C:\found.000\dir0007.chk\mertes@earthlink.net\Cookies\brittany@rightmedia[1].txt
C:\found.000\dir0007.chk\mertes@earthlink.net\Cookies\brittany@www.screensavers[2].txt

Trojan.Unknown Origin
C:\WINDOWS\TEMPF.TXT

#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:41 AM

Posted 21 May 2008 - 05:57 AM

ATF must not be working right, did you select all?

Try running MBAM next

http://www.bleepingcomputer.com/forums/ind...mp;#entry811062
Chewy

No. Try not. Do... or do not. There is no try.

#4 moonfang

moonfang
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 23 May 2008 - 05:09 AM

ok...here is the log from running the Malwarebytes program.

thanks.

Malwarebytes' Anti-Malware 1.12
Database version: 779

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 194559
Time elapsed: 1 hour(s), 3 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Owner\Start Menu\Programs\IMVU (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\About IMVU.url (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Forgot my password.url (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Help.url (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Uninstall.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:41 AM

Posted 23 May 2008 - 05:43 AM

Any of that stuff that's listed in add/remove programs would help with a manual uninstall

IMVU seems to be infiltrated?

reboot and run quick scan with MBAM again, what OS is this?

Edited by DaChew, 23 May 2008 - 05:44 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#6 moonfang

moonfang
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 24 May 2008 - 11:54 AM

what do you mean by this:

Any of that stuff that's listed in add/remove programs would help with a manual uninstall

my computer has really slowed down with the downloading of these software programs.

i will do a quick scan an post that shortly.

i am running windows XP home.

thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users