Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

safenavweb [RESOLVED]


  • This topic is locked This topic is locked

#16
jlovesjoy1

jlovesjoy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thanks Harry
  • 0

Advertisements


#17
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
OK jlovesjoy1,
Copy or print these instructions out. If you have a problem stop and ask. This machine is severly infected, and its going to take quite a bit of work to clean it out.

Here we go:

Remove this folder:
C:\Documents and Settings\Owner.RADIO

Follow these instructions, download to a disk and transfer to the infected machine:
    • NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.
  • Download FixIEDef.exe by ShadowPuterDude to the Desktop.
    Note: FixIEDef now supports Non-English Language Systems

  • Double-click FixIEDef.exe:
    Posted Image

  • That will open the About FixIEDef screen. Click OK to continue:
    Posted Image

  • Next, press the Scan! button:
    Posted Image

  • FixIEDef needs to run as Administrator to perform correctly. This message simply confirms it was able to run with admin privileges. Click OK to continue:
    Posted Image

  • Wait for the scan to finish. It shouldn't take very long:

    Posted Image

    Posted Image

    • WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed.
  • After the !!! All Finished !!! message is displayed, click Exit:
    Posted Image

  • Post the FixIEDef log file, located on the Desktop.

    Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

    See: http://www.beyondlog...processutil.htm


    Mirrors: Alternate official download locations for FixIEDef.exe

    http://it-mate.co.uk...ef/fixiedef.exe
    http://hosts-file.ne...ef/fixiedef.exe
    http://avant.it-mate...=Tools/FixIEDef
    http://archives.myst...pyware/FixIEDef

Download Hijackthis from HERE
Run HJT and copy the log from that, post it here.

Harry
  • 0

#18
jlovesjoy1

jlovesjoy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Give me a moment, I am able to go to different web addresses now on the affected pc. But I am about to print instructions thanks
  • 0

#19
jlovesjoy1

jlovesjoy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Harry got a message that says: owner.radio is a Windows System folder and is required for Windows to run properly. It cannot be deleted.

What do I do?
  • 0

#20
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Download and run the FixIEDef and HJT

Post the logs

Harry
  • 0

#21
jlovesjoy1

jlovesjoy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
ok, doing it now
  • 0

#22
jlovesjoy1

jlovesjoy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
********************************************************************************
* *
* FixIEDef Log *
* Version 1.2.10.3145 *
* *
********************************************************************************

Created at 09:22:30 on Sunday, March 16, 2008

Time Zone : (GMT-06:00) Central Time (US & Canada)

Operating System : Microsoft Windows XP Professional
Service Pack Level: Service Pack 2
System Langauge : English
Processor : X86
Boot State : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL
C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL
C:\Program Files\Need2Find\bar\1.bin\N2FFXTBR.JAR
C:\Program Files\Need2Find\bar\1.bin\N2NTSTBR.JAR
C:\Program Files\Need2Find\bar\1.bin\PARTNER.DAT
C:\Program Files\Need2Find\bar\Cache\00067978
C:\Program Files\Need2Find\bar\Cache\00082573
C:\Program Files\Need2Find\bar\Cache\14758D89
C:\Program Files\Need2Find\bar\Cache\14759EFE
C:\Program Files\Need2Find\bar\Cache\files.ini
C:\Program Files\Need2Find\bar\History\search
C:\Program Files\Need2Find\bar\Settings\prevcfg.htm
C:\Program Files\PestCapture\PestCapture.exe
C:\Program Files\PestCapture\Uninstall.exe
C:\Program Files\PestCapture\PestCapture0.dll
C:\Program Files\PestCapture\PestCapture1.dll
C:\Program Files\PestCapture\PestCapture2.dll
C:\Program Files\PestCapture\PestCapture3.dll
C:\Program Files\PestCapture\PestCapture.lic
C:\Program Files\PestCapture\PestCapture0.pc
C:\Program Files\PestCapture\PestCapture1.pc
C:\WINDOWS\system32\actskn45.ocx

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

C:\Program Files\Need2Find\bar\1.bin
C:\Program Files\Need2Find\bar\Cache
C:\Program Files\Need2Find\bar\History
C:\Program Files\Need2Find\bar\Settings
C:\Program Files\Need2Find\bar
C:\Program Files\Need2Find
C:\Program Files\PestCapture
C:\Program Files\Common Files\PCTurboPro Free

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!
  • 0

#23
jlovesjoy1

jlovesjoy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
This log is from HiJack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:12 AM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner.RADIO\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {EDE63024-F2E2-AA1D-B95B-888A328229E6} - C:\WINDOWS\system32\rccixfp.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZRxdm701MMUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O21 - SSODL: bxsbang - {56902E4C-E785-4CC4-A6F8-60B23E7DDE2C} - C:\WINDOWS\bxsbang.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sprint PCS v3 Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 6937 bytes
  • 0

#24
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Ok,
Since this machine was used by the previous owner we are removing some questionable items. You should open the control panel, go to add/remove programs and get of:
My Web Search
MySpace
and any other program you see there that is unwanted.


Please download LSPFix from here.
Save it to your desktop just in case we need to restore your internet connection.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {EDE63024-F2E2-AA1D-B95B-888A328229E6} - C:\WINDOWS\system32\rccixfp.dll (file missing)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZRxdm701MMUS
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O21 - SSODL: bxsbang - {56902E4C-E785-4CC4-A6F8-60B23E7DDE2C} - C:\WINDOWS\bxsbang.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [b] C:\Program Files\RXToolBar 
    C:\WINDOWS\system32\rccixfp.dll 
    C:\Program Files\MyWebSearch 
    C:\Program Files\MySpace 
    C:\WINDOWS\privacy_danger\index.htm [/b]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [b] purity [/b]
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Post up the results, and a status report on the performance there :)

Harry
  • 0

#25
jlovesjoy1

jlovesjoy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
My Log file from OT MoveIt2

[Custom Input]
< purity >
C:\Documents and Settings\Owner.RADIO\Application Data\Мicrosoft.NET moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03162008_111310
  • 0

Advertisements


#26
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Ok, how about the MBAM results?
  • 0

#27
jlovesjoy1

jlovesjoy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
MBam Log

Malwarebytes' Anti-Malware 1.08
Database version: 495

Scan type: Quick Scan
Objects scanned: 31284
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 181
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{379ca512-7f3a-4fb8-a35d-fb2fcef9e6f9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6cfe1b8e-536b-4d04-bc65-3b3d3f13f044} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{665eadde-d769-4c2e-9e97-cbdc41ca5a1f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b847a1a-a872-95fc-8e22-f8b4ae044657} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{70f17c8c-1744-41b6-9d07-575db448dcc5} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.searchitem (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.searchitem.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{020b1227-417d-4682-9ac3-61f43cb5b6b1} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cerberus.scanner (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cerberus.scanner.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{125494b2-acad-414c-98b9-452f3ef7703a} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.ignorelist (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.ignorelist.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.runas (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.runas.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3d00a39c-655b-428b-aeb2-2fba03dcc49c} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.logrecord (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.logrecord.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{408f660a-9465-44a3-b557-8709dfd992bc} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.log (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.log.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.paths (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.paths.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.backup (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.backup.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ee6bf73-b370-4d13-9126-eb0071178f2e} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.threat (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.threat.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{97f56e12-c706-4aeb-9ffb-133c05ee5d38} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.quarantine (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.quarantine.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9bb7e700-4e48-476d-b75c-6f47606be988} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cerberus.enginelistener (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cerberus.enginelistener.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cbcaca58-1aee-4600-8cf0-e8b30bff1535} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cerberus.threatcollection (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cerberus.threatcollection.1 (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d6d64cdf-0363-4261-b723-29a3af365e1d} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{27ed4ac2-b6d8-4079-9831-017a100b391e} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3f6d6c35-fb73-45e6-9473-bb4cc25ce019} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{715d709b-2b10-42fa-a069-297d25d93601} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{872c1b1e-3cf0-4d3a-95e5-a0c662d2854c} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{886b1d08-b404-40f0-aa18-4e416682a2e9} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8b5f65cf-0b0a-4291-8da2-86d7f7b0a6db} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{925b0211-a1c1-4712-8fca-5f5b8101736d} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b01e37c4-5497-4d58-9ffd-d5653b8dc866} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ccaa201c-c48d-48a8-a1e8-846562cbf1c1} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d483521b-d5cc-43ff-a45a-9be4a8e6606e} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ed2aff47-b7be-4273-a203-c796e87f72d2} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0fa7ed9-5a0a-4374-b63e-bebafd52192e} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f5dee77c-87eb-4e00-bbf9-8cbf3bdea7af} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fb5ddab7-6aa5-4e97-9541-5a75addf4aba} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fddf521b-0ebe-4d15-838c-73e2d851161b} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ff609434-eb47-481b-ba0e-1d2b467629a5} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{60f94d7d-563e-4942-b5ec-2de9c135c139} (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{035c1836-0d78-dabc-f4a7-d5d0517ee1f9} (Rogue.MalwareWiped) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmotoolbar.seekmotoolband (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmotoolbar.seekmotoolband.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53e0b6e8-a51d-448b-b692-40b67b285543} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MalwareWipe.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adwareremover2007 (Rogue.AdwareRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AdwareRemover2007 (Rogue.AdwareRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Cerberus.EXE (Rogue.Antivirus.Gold) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MalwareWipe.EXE (Rogue.MalwareWiped) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{b33de756-deee-4d7a-87db-1d905ba2aa21} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SpamBlockerUtility 4.8.4 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Common Files\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.RADIO\Start Menu\Programs\AdwareRemover2007 (Rogue.AdwareRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.RADIO\Application Data\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.RADIO\Application Data\Yourprivacyguard\Logs (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\obeieyab.exe (Adware.HotBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.RADIO\Application Data\installer_en[1].exe (Rogue.PCPrivacyTool) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yourprivacyguard\mc.exe (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.RADIO\Start Menu\Programs\AdwareRemover2007\AdwareRemover2007.lnk (Rogue.AdwareRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.RADIO\Start Menu\Programs\AdwareRemover2007\Uninstall.lnk (Rogue.AdwareRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.RADIO\Application Data\Yourprivacyguard\Logs\update.log (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.RADIO\Desktop\AdwareRemover2007.lnk (Rogue.AdwareRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.RADIO\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.RADIO\Desktop\Click to Find and Fix Errors.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.RADIO\Desktop\Find And Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.RADIO\Desktop\Repair Your Registry.lnk (Rogue.Link) -> Quarantined and deleted successfully.
  • 0

#28
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hey jlovesjoy1,
Is that the complete log?

Also, post me up a fresh HJT log, looks like we are making progress.

Harry
  • 0

#29
jlovesjoy1

jlovesjoy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
That is all from MBAM

New HiJack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:51 AM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner.RADIO\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh....ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh....ar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 4524 bytes
  • 0

#30
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Lets take a peek here:
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

How is it working?

Harry
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP