vVIRUS ALERT IN SYSTEM TRAY

Computing.Net > Forums > Security and Virus > vVIRUS ALERT IN SYSTEM TRAY

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

vVIRUS ALERT IN SYSTEM TRAY

Name: umair_
Date: October 5, 2008 at 06:57:49 Pacific
OS: XP PROFESSIONAL
CPU/Ram: P3/512

Comment:

Hi all,
There's an Icon which shows a question mark and a red alert for a virus on sys tray.along with that windows security alert and spyware alert boxes keep popping up indicating that my pc is infected with spywares n viruses and after sumtime internet explorer opens up with sum virus cleaning site like virus2008 remover.
i have N0D32 antivirus installed but it was only able to find few infected files with TROJAN virus which were deleted , after that i installed a-squraed anti malware which also found infected files and coockies that were deleted but the problem still persists.
Kindly help me get rid of this virus

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: October 5, 2008 at 07:45:37 Pacific

Reply:

Please download Malwarebytes' Anti-Malware from one of these sites:
MalwareBytes1
MalwareBytes2
1. Double Click mbam-setup.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Response Number 2

Name: umair_
Date: October 5, 2008 at 07:57:27 Pacific

Reply:

Thanx
antimalware found infected files which were quarantined and after reboot, alert messages are not popping but my computer is working slow
so is my computer secured or not ?
this logfie is after the infected files were quarantined. shall i delete them aswell
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:26 PM, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\FlashGet\flashget.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\downloads\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {1034F0AD-1A6C-4B40-885F-49A4B24F2DF6} - C:\WINDOWS\system32\compatU.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {6C0A09F5-348F-42CD-819F-A232E432728E} - C:\WINDOWS\system32\compatU.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - d:\FlashFXP\IEFlash.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [rF9iXThBen] C:\Documents and Settings\All Users\Application Data\gtanahcn\udwhafwh.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.exe
O4 - Global Startup: WordWeb.lnk = D:\Program Files\WordWeb\wweb32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} (CPlayFirstDairyDashWControl Object) - http://download.playfirst.com/play/...
O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://download.playfirst.com/play/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr0...
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/de...
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://download.playfirst.com/play/...
O16 - DPF: {8E08B582-D18C-4099-A53A-85CC07B357CB} - http://scanner.win-x-defenders.com/...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://games.bigfishgames.com/en_di...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylo...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adob...
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} (CPlayFirstDreamChronControl Object) - http://download.playfirst.com/play/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10649 bytes

Response Number 3

Name: jabuck
Date: October 5, 2008 at 08:46:47 Pacific

Reply:

In my response Item 6. tells you what to do to delete the malware and Item 9. tells you to make a copy and post the results so please read the directions and follow them.
Then we can continue.

Response Number 4

Name: umair_
Date: October 6, 2008 at 00:55:52 Pacific

Reply:

Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2
10/5/2008 8:06:55 PM
mbam-log-2008-10-05 (20-06-55).txt
Scan type: Quick Scan
Objects scanned: 50910
Time elapsed: 28 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 92
Registry Values Infected: 8
Registry Data Items Infected: 38
Folders Infected: 4
Files Infected: 29
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Program Files\iWin Games\iWinGamesHookIE.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\xgpsarbm.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\nkefbltdntd.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\neksolda.dll (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\changerbho.changerbho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\changerbho.changerbho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{495874fe-4a82-4ad1-9476-0b957e0b95eb} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e3ed53c5-7ad5-4df5-9734-afb6e7e5d9db} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\trustincontext.contextualads (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\trustincontext.contextualads.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0edc6c20-a31c-11db-8ab9-0800200c9a66} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3aac4c68-afc8-11db-80ef-8af955d89593} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0edc6c20-a31c-11db-8ab9-0800200c9a66} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3aac4c68-afc8-11db-80ef-8af955d89593} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adzgaloregames (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\smart antivirus 2009 (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{406750cf-f50e-473b-ade6-175cd5e545ab} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{16d1db95-aafc-427d-81fd-e98028ca7bb7} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{0c3f9c5e-34f0-4b16-b8b7-3505cd992add} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{3e83238c-a186-4c98-9a91-44b4be62a5ec} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{85af4583-ad9c-4d25-9323-6611490213f0} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85af4583-ad9c-4d25-9323-6611490213f0} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d06d3dd-1132-4056-88a5-edc1b768160e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{028fedee-348c-bc40-5df1-46ef01de4a0b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{028fedee-348c-bc40-5df1-46ef01de4a0b} (Adware.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xgpsarbm (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\neksolda (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdbti.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: () -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126 85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{378101e6-e22e-40e7-98cb-531df82d581d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9362caad-b8ac-438b-b2be-5204b7098bdc}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b9da915e-153d-42e1-8fac-006733dc6eb0}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b9da915e-153d-42e1-8fac-006733dc6eb0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{efa85af2-0f62-4831-8234-f7669966952b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f483b255-7c1b-47b5-a18a-8183445c9685}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126 85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{378101e6-e22e-40e7-98cb-531df82d581d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9362caad-b8ac-438b-b2be-5204b7098bdc}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b9da915e-153d-42e1-8fac-006733dc6eb0}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b9da915e-153d-42e1-8fac-006733dc6eb0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{efa85af2-0f62-4831-8234-f7669966952b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f483b255-7c1b-47b5-a18a-8183445c9685}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126 85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{378101e6-e22e-40e7-98cb-531df82d581d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9362caad-b8ac-438b-b2be-5204b7098bdc}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{b9da915e-153d-42e1-8fac-006733dc6eb0}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{b9da915e-153d-42e1-8fac-006733dc6eb0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{efa85af2-0f62-4831-8234-f7669966952b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{f483b255-7c1b-47b5-a18a-8183445c9685}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.126,85.255.112.227 -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Adzgalore Games Collection (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\waqas\Start Menu\Programs\Adzgalore Games Collection (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\waqas\Application Data\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\waqas\Application Data\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\kdbti.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
C:\Program Files\iWin Games\iWinGamesHookIE.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\ewpe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\BattlesOfHelicopters.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\BobAndBill.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\CrazyBlocks.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\Lines.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\VideoPool.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\waqas\Start Menu\Programs\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\waqas\Start Menu\Programs\Adzgalore Games Collection\Crazy Blocks.lnk (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\waqas\Start Menu\Programs\Adzgalore Games Collection\Lines.lnk (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\waqas\Start Menu\Programs\Adzgalore Games Collection\The Battles Of Helicopters.lnk (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\waqas\Start Menu\Programs\Adzgalore Games Collection\Video Pool.lnk (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\waqas\Application Data\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xgpsarbm.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\nkefbltdntd.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\fkebanrw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\dkwqgnbe.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\neksolda.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\waqas\Desktop\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\waqas\Desktop\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\waqas\Desktop\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\waqas\Favorites\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\waqas\Favorites\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\waqas\Favorites\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\klhdzfqajytvd.dll (Adware.BHO) -> Delete on reboot.

Response Number 5

Name: jabuck
Date: October 6, 2008 at 14:37:15 Pacific

Reply:

Please post the scan results in the order that they are requested.
Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 7 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
Please download ComboFix to the desktop from one of the following links:
Link1
Link 2
Link 3
Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
In your case to run Combofix do the following:
1. Go offline turn off your Eset antivirus, A-Squared and any other antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.

Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.
Post a new Hijack this log please.

Multimediacontroller HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Services \ TCPIP \ Parameters getplus r ocx	hijack.displayproperties HKEY_local_machine\system\currentcontrolset\services\tcpip\paramters getplus r _ocx
See More

Sponsored Link

Ads by Google

notepad virus o rwhat?

Google redirect virus hel...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: vVIRUS ALERT IN SYSTEM TRAY

Virus Alert in system tray

Summary

www.computing.net/answers/security/virus-alert-in-system-tray/18423.html

system alert pop up in system tray

Summary

www.computing.net/answers/security/system-alert-pop-up-in-system-tray/21838.html

System Alert icon in System Tray (A

Summary

www.computing.net/answers/security/system-alert-icon-in-system-tray-a/20331.html

From the Geek Dictionary
Noob - Perpetual newb, person that will never cease to be a newbie because he or...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 7 Days.
Discuss in The Lounge
Poll History

Recent Posts
Disable USB

over heading

laptop turns off suddenly

Claris Cad

NIC not working

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE