Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP VIRUS! I dont know what to do

Started by eggRoll94610 , Sep 12 2010 02:14 PM

  • Please log in to reply

#1
eggRoll94610
Posted 12 September 2010 - 02:14 PM

eggRoll94610

    New Member

  • Member
  • Pip
  • 9 posts
please help me! i am a newbie when it comes to computer fixes, but i think i have a virus. i check my little brother's computer today and it is lagging hardcore. also there is a weird pop up with an error message on it. the error message is c:\windows\system32\ribemago.dll. the error message pops up for a bunch of programs like notepad, AVG anti-virus, firefox, and a number of other auto start-up programs. can someone please help this newbie :) thanks
  • 0

Advertisements

#2
Rorschach112
Posted 13 September 2010 - 08:58 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
eggRoll94610
Posted 13 September 2010 - 01:25 PM

eggRoll94610

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ComboFix 10-09-12.04 - Christopher Tran 09/13/2010 11:35:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.183 [GMT -7:00]
Running from: c:\documents and settings\Christopher Tran\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Christopher Tran\Application Data\ShoppingReport
c:\documents and settings\Christopher Tran\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Christopher Tran\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Christopher Tran\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Christopher Tran\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Christopher Tran\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Christopher Tran\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Christopher Tran\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\Christopher Tran\Desktop\Your PC Protector.lnk
c:\documents and settings\Christopher Tran\Start Menu\Programs\Your PC Protector
c:\documents and settings\Christopher Tran\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk
c:\documents and settings\LocalService\Application Data\ShoppingReport
c:\documents and settings\LocalService\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\LocalService\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\LocalService\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\LocalService\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\LocalService\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\LocalService\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\LocalService\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\program files\Hotbar
c:\program files\Hotbar\bin\11.0.78.0\HotbarSAHook.dll
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.6.63\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\program files\Your PC Protector
c:\windows\system32\AutoRun.inf
c:\windows\system32\bevukeyo.dll
c:\windows\system32\bizikono.dll
c:\windows\system32\bodonope.dll
c:\windows\system32\bufezeza.dll
c:\windows\system32\config\systemprofile\Application Data\ShoppingReport
c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\Config.xml
c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\windows\system32\dajiwava.dll
c:\windows\system32\defohesi.dll
c:\windows\system32\digezuru.dll
c:\windows\system32\fareruta.dll
c:\windows\system32\fejolave.dll
c:\windows\system32\felazako.dll
c:\windows\system32\fonemike.dll
c:\windows\system32\fujegifu.dll
c:\windows\system32\furihepi.dll
c:\windows\system32\fusigoka.dll
c:\windows\system32\ganizoni.dll
c:\windows\system32\gofizesa.dll
c:\windows\system32\goradoja.dll
c:\windows\system32\gulobimu.dll
c:\windows\system32\gumapoke.dll
c:\windows\system32\hevotuza.dll
c:\windows\system32\hezaguga.dll
c:\windows\system32\hogumana.dll
c:\windows\system32\hojubipa.dll
c:\windows\system32\hokozoli.dll
c:\windows\system32\hutudoki.dll
c:\windows\system32\jaduzumi.dll
c:\windows\system32\jeribejo.dll
c:\windows\system32\jijuwajo.dll
c:\windows\system32\jisaleyu.dll
c:\windows\system32\jonefede.dll
c:\windows\system32\kirojeke.dll
c:\windows\system32\kofemube.dll
c:\windows\system32\kofipulo.dll
c:\windows\system32\kovabova.dll
c:\windows\system32\kusudewi.dll
c:\windows\system32\kuzeduhu.dll
c:\windows\system32\kuzeyogi.dll
c:\windows\system32\lajerode.dll
c:\windows\system32\lapujide.dll
c:\windows\system32\lonayemu.dll
c:\windows\system32\lukopijo.dll
c:\windows\system32\magohupa.dll
c:\windows\system32\mazimiru.dll
c:\windows\system32\meyeyihi.dll
c:\windows\system32\migitiho.dll
c:\windows\system32\mikolobe.dll
c:\windows\system32\mogeviga.dll
c:\windows\system32\musesiwo.dll
c:\windows\system32\nevoputo.dll
c:\windows\system32\nijetiyi.dll
c:\windows\system32\nitefufe.dll
c:\windows\system32\nonomaso.dll
c:\windows\system32\nuwuzeku.dll
c:\windows\system32\pabevajo.dll
c:\windows\system32\pihimage.dll
c:\windows\system32\punawuwu.dll
c:\windows\system32\razusula.dll
c:\windows\system32\rejufopa.dll
c:\windows\system32\rigagine.dll
c:\windows\system32\rizaluzo.dll
c:\windows\system32\rudahazi.dll
c:\windows\system32\sebajuyo.dll
c:\windows\system32\sesomowo.dll
c:\windows\system32\setunude.dll
c:\windows\system32\siruguhu.dll
c:\windows\system32\tadofuvo.dll
c:\windows\system32\takehola.dll
c:\windows\system32\tedegeru.dll
c:\windows\system32\telemize.dll
c:\windows\system32\telopezo.dll
c:\windows\system32\titewiko.dll
c:\windows\system32\titeyota.dll
c:\windows\system32\tosokevo.dll
c:\windows\system32\toturobe.dll
c:\windows\system32\vamodimu.dll
c:\windows\system32\vegibeya.dll
c:\windows\system32\viliwesi.dll
c:\windows\system32\vopeside.dll
c:\windows\system32\vufeguja.dll
c:\windows\system32\vulademu.dll
c:\windows\system32\vulayinu.dll
c:\windows\system32\wamonewe.dll
c:\windows\system32\wemafuni.dll
c:\windows\system32\wemipipo.dll
c:\windows\system32\wetidehu.dll
c:\windows\system32\winusime.dll
c:\windows\system32\wonupago.dll
c:\windows\system32\wugakuwa.dll
c:\windows\system32\yeneriho.dll
c:\windows\system32\yeyozoda.dll
c:\windows\system32\yigekote.dll
c:\windows\system32\yirozoyi.dll
c:\windows\system32\yozekute.dll
c:\windows\system32\yugovuji.dll
c:\windows\system32\yuwegiju.dll
c:\windows\system32\zilebobi.dll
c:\windows\system32\zodatibo.dll
c:\windows\system32\zorirako.dll
c:\windows\system32\zukuzibi.dll
c:\windows\system32\zupijulo.dll
c:\windows\Tasks\agxgijfz.job
c:\windows\Tasks\poqoghfq.job
c:\windows\Temp\tmp3.tmp
c:\windows\update.exe

----- BITS: Possible infected sites -----

hxxp://82.98.235.138
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USNJSVC
-------\Service_usnjsvc


((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))))
.

2010-09-12 19:09 . 2010-09-13 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-09-12 19:05 . 2010-09-13 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 18:51 . 2009-01-18 16:40 -------- d-----w- c:\program files\DNA
2010-09-13 18:51 . 2009-01-18 16:40 -------- d-----w- c:\documents and settings\Christopher Tran\Application Data\DNA
2010-09-12 19:12 . 2008-11-23 08:25 13891 ----a-w- c:\windows\wslttmp.dat
2010-09-12 19:10 . 2010-09-12 19:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-12 19:10 . 2010-09-12 19:10 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-12 19:10 . 2010-09-12 19:10 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-12 19:10 . 2010-09-12 19:10 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-12 19:05 . 2010-09-12 19:05 -------- d-----w- c:\program files\AVG
2010-09-12 18:21 . 2008-02-17 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-09-12 18:07 . 2007-11-24 09:56 -------- d-----w- c:\program files\Steam
2010-09-12 18:02 . 2009-09-07 02:42 99 ----a-w- c:\documents and settings\Christopher Tran\jagex_runescape_preferences2.dat
2010-09-12 18:02 . 2008-07-17 00:44 46 ----a-w- c:\documents and settings\Christopher Tran\jagex_runescape_preferences.dat
2010-09-12 04:53 . 2007-11-24 11:16 -------- d-----w- c:\program files\Warcraft III
2010-09-10 02:32 . 2010-01-17 15:53 -------- d-----w- c:\program files\BrowserQuest
2010-09-10 02:32 . 2010-01-17 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\BrowserQuest
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88b19ed4-c50d-461a-9fa8-dce5bd8ddeca}]
2010-02-15 05:07 56832 --sha-w- c:\windows\system32\toteduba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-06-30 21:22 2102600 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"wsaeclt"="c:\windows\wsaeclt.exe" [2008-06-14 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-12 2065760]

c:\documents and settings\Christopher Tran\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-27 67128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{7c358cb5-b4dc-49b4-837f-1ea944b43a19}"= "c:\windows\system32\ribemago.dll" [2010-04-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hirelebuk"= {7c358cb5-b4dc-49b4-837f-1ea944b43a19} - c:\windows\system32\ribemago.dll [2010-04-17 96768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-12 19:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\_bayarea_egg_roll\\counter-strike\\hl.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam\\steamapps\\jonathantran510\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\jimmy1228\\counter-strike\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqbam08.exe"=
"c:\\Program Files\\Steam\\steamapps\\natedogg98\\counter-strike\\hl.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/12/2010 12:10 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/12/2010 12:10 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [9/12/2010 12:07 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/12/2010 12:07 PM 308136]
R2 BrowserQuest Service;BrowserQuest Service;c:\documents and settings\All Users\Application Data\BrowserQuest\browserquest155.exe [9/9/2010 7:32 PM 61712]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [9/12/2010 12:09 PM 431432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-09-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]

2010-09-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Christopher Tran\Application Data\Mozilla\Firefox\Profiles\k3dw4nzk.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-vopisewim - c:\windows\system32\takehola.dll
HKLM-Run-fanojobaze - mikolobe.dll
SharedTaskScheduler-{0148824a-c8ad-4f08-b242-197610ada2b3} - c:\windows\system32\pakurowe.dll
SharedTaskScheduler-{452a3dcc-616f-415f-a049-d1c7efe79fc0} - c:\windows\system32\dirupahu.dll
SharedTaskScheduler-{5b260ba8-15f8-49b7-a540-47348675b5c9} - c:\windows\system32\sizesare.dll
SharedTaskScheduler-{43c8a82f-67bf-4fa4-8da3-34bbb013441f} - c:\windows\system32\sizesare.dll
SharedTaskScheduler-{a263cd88-ad63-44ff-954e-ffe7f601abf7} - c:\windows\system32\pagifali.dll
SharedTaskScheduler-{36b45a27-a10f-454a-ac6a-252387fdffe4} - c:\windows\system32\pagifali.dll
SharedTaskScheduler-{960594c3-355b-4689-89ab-c58a22b14746} - c:\windows\system32\pagifali.dll
SharedTaskScheduler-{5cfb351c-0521-4512-b6cd-d0e5a3a84f54} - c:\windows\system32\bufezika.dll
SharedTaskScheduler-{2b160ece-e3e2-43f8-8da7-ae8ccfbe8ab6} - c:\windows\system32\bufezika.dll
SharedTaskScheduler-{263e1de4-c6de-46ff-90d0-db9e51490510} - c:\windows\system32\bufezika.dll
SharedTaskScheduler-{42dae668-2438-4e7b-8153-f6aa73adf15d} - c:\windows\system32\fuzowezo.dll
SharedTaskScheduler-{9af8446d-45ca-4d37-b8af-fdd7c828760a} - c:\windows\system32\takehola.dll
SSODL-zujunevuj-{0148824a-c8ad-4f08-b242-197610ada2b3} - c:\windows\system32\pakurowe.dll
SSODL-jotofumah-{452a3dcc-616f-415f-a049-d1c7efe79fc0} - c:\windows\system32\dirupahu.dll
SSODL-tosenasin-{5b260ba8-15f8-49b7-a540-47348675b5c9} - c:\windows\system32\sizesare.dll
SSODL-kutubaduv-{43c8a82f-67bf-4fa4-8da3-34bbb013441f} - c:\windows\system32\sizesare.dll
SSODL-wujiyonip-{a263cd88-ad63-44ff-954e-ffe7f601abf7} - c:\windows\system32\pagifali.dll
SSODL-lafajudam-{36b45a27-a10f-454a-ac6a-252387fdffe4} - c:\windows\system32\pagifali.dll
SSODL-rugisujir-{960594c3-355b-4689-89ab-c58a22b14746} - c:\windows\system32\pagifali.dll
SSODL-finijasuk-{5cfb351c-0521-4512-b6cd-d0e5a3a84f54} - c:\windows\system32\bufezika.dll
SSODL-sehekugaz-{2b160ece-e3e2-43f8-8da7-ae8ccfbe8ab6} - c:\windows\system32\bufezika.dll
SSODL-mabitukik-{263e1de4-c6de-46ff-90d0-db9e51490510} - c:\windows\system32\bufezika.dll
SSODL-safimumis-{42dae668-2438-4e7b-8153-f6aa73adf15d} - c:\windows\system32\fuzowezo.dll
SSODL-yiruribub-{9af8446d-45ca-4d37-b8af-fdd7c828760a} - c:\windows\system32\takehola.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-13 11:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(340)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\ALCXMNTR.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Windows Live\Family Safety\fsssvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\BrowserQuest\browserquest.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-13 12:16:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-13 19:16

Pre-Run: 131,273,957,376 bytes free
Post-Run: 134,117,998,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 204D37C7A3D60EC1218CCB19B7F720FA
  • 0

#4
Rorschach112
Posted 13 September 2010 - 01:36 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo.com/forum/topic/286313-help-virus-i-dont-know-what-to-do/

Collect::
c:\windows\wslttmp.dat
c:\windows\system32\toteduba.dll
c:\windows\wsaeclt.exe
c:\windows\system32\ribemago.dll

Suspect::

Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

  • 0

#5
eggRoll94610
Posted 13 September 2010 - 01:44 PM

eggRoll94610

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts 
http://www.geekstogo.com/forum/topic/286313-help-virus-i-dont-know-what-to-do/

Collect::
c:\windows\wslttmp.dat
c:\windows\system32\toteduba.dll
c:\windows\wsaeclt.exe
c:\windows\system32\ribemago.dll

Suspect::

Save this as CFScript.txt


where do i put this? anywhere??? on a new notepad file?
  • 0

#6
Rorschach112
Posted 13 September 2010 - 01:45 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
open a new notepad file, paste that into it, save it as "CFScript.txt" to your desktop

then drag it into combofix
  • 0

#7
eggRoll94610
Posted 13 September 2010 - 01:56 PM

eggRoll94610

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok it is running the program now....so quick question should i now get an anti-virus software???

O and also i have a laptop but it is Windows 7...i have a paid anti virus called Webroot and the viruses are in quarantine, but does that mean the viruses could still spread and is it better to get rid of them; if so how do i go about doing that???
  • 0

#8
Rorschach112
Posted 13 September 2010 - 02:52 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
you appear to have AVG installed on the machine, that is fine

I will deal with the other machine after I fix this one.
  • 0

#9
eggRoll94610
Posted 13 September 2010 - 02:55 PM

eggRoll94610

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
i accidentally close the notepad after is there a way to get the file back?
  • 0

#10
Rorschach112
Posted 13 September 2010 - 03:07 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
that's fine

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#11
eggRoll94610
Posted 13 September 2010 - 08:13 PM

eggRoll94610

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4610

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/13/2010 2:58:21 PM
mbam-log-2010-09-13 (14-58-21).txt

Scan type: Quick scan
Objects scanned: 131207
Time elapsed: 14 minute(s), 53 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 95
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 26
Files Infected: 72

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\BrowserQuest\browserquest155.exe (Adware.Zwangi) -> Unloaded process successfully.
C:\Program Files\BrowserQuest\browserquest.exe (Adware.Zwangi) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\BrowserQuest\browserquest.dll (Adware.Agent.Gen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\shopperreports.asyncreporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f1a1892c-2a6c-4817-98b4-ff81443cba20} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e25da6d6-c365-46cf-abaf-dc5893135d7a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09325003-167c-483d-a4ba-8b3122abb432} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6dd76b7b-6423-4df0-9a07-84a6cad973a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7f6cfb6a-9227-4bb8-b941-f2b067e76f51} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ab0ee208-df60-4fa7-a617-c4269760033e} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e12aeab6-7d12-4c07-8e36-5892efb4dafb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2f2c137-a782-4fb5-81af-086156f5eb0a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1d06c9f-51f0-4476-bede-5ddf91be304e} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f3a32df2-7413-4fb1-b575-1ac920a17b76} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.asyncreporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdic (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{02aed140-2b62-4b49-8b3b-179020cc39b9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17bf1e05-c0e8-413c-bd1f-a481eea3b8e9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{83b2fe06-ba20-4f7d-96c6-6fc3a4e877d3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc7bd6f1-565c-47ce-a5bb-9c935e77b59d} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cfc16189-8a92-4a29-a940-60248385f426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbguru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbguru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.kopff (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{573f4abb-a1a2-44ed-9ba9-a8dad40aac46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71e02280-5212-45c3-b174-4d5a35da254f} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{396cfc12-932d-496b-a0a8-5d7201e105e1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{60da826c-b1c6-4358-bdec-4837ced45470} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74c22317-5b90-471f-9ad2-fec049870a16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c1089f63-7afc-4538-b0eb-bea0f4225a57} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.kopff.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillanvgtntrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillanvgtntrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillapsexecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5fe0ceae-cb69-40af-a323-40f94257dacb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65a16874-2ed0-460e-a547-5fe2ec3a13a7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2721a8e5-bfdb-4562-9912-9e0531ca616c} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillapsexecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reportdata (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reportdata.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.scopeexternal (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.scopeexternal.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dee758b4-c3fb-4a5b-9939-848b9c77a2fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiateorrandomts (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiateorrandomts.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggeronceinday (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggeronceinday.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21ba420e-161c-413a-b21e-4e42ae1f4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{453db0c5-f41c-4d97-8dd6-cc72ecd5f699} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4afc07d0-59bb-46b8-b097-1a46e88eef71} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6511ce4c-4722-40d0-ad3d-4afa2f50978a} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b86d82bf-d39f-439a-a07c-43eddc6f6ea6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da6305b9-0869-4235-8c1d-533a65e639e5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f8b4ec8a-2407-4be0-aee2-0f430d65a90d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{acc62306-9a63-4864-bd2f-c8825d2d7ea6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89f88394-3828-4d03-a0cf-8203604c3da6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d4233f04-1789-483c-a137-731e8f113dd5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BROWSERQUEST_SERVICE (Adware.Zwangi) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fanojobaze (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\Firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\Firefox\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\Firefox\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\Firefox\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\Firefox\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\Firefox\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\IE\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\IE\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\schtml (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\bamukitu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bulilufu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\genetoda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\huzitala.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lizazopi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mibewoja.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mobahibe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\petonuho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaruvofo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yiwuyipa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\BrowserQuest\browserquest.dll (Adware.Agent.Gen) -> Delete on reboot.
C:\Program Files\ShopperReports3\bin\3.0.268.0\Pltfrm.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\CntntCntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\Firefox\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\Firefox\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\Firefox\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\Firefox\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\Firefox\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\Firefox\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\Firefox\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Tran\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\schtml\dbsinit.exe (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\wispex.html (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\i1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\i2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\i3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\j1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\j2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\j3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\jj1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\jj2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\jj3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\l1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\l2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\l3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\pix.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\t1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\t2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\Thumbs.db (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\up1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\up2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\w1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\w11.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\w2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\w3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\w3.jpg (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\word.doc (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\wt1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\wt2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\wt3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\ShopperReports.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\ShopperReportsUninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.268.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\BrowserQuest\browserquest155.exe (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files\BrowserQuest\browserquest.exe (Adware.Zwangi) -> Quarantined and deleted successfully.
  • 0

#12
eggRoll94610
Posted 13 September 2010 - 08:17 PM

eggRoll94610

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
the anti virus website is taking very long it has been 2 hours and it is only at 22%
  • 0

#13
Rorschach112
Posted 14 September 2010 - 04:43 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yeah it takes a while
  • 0

#14
eggRoll94610
Posted 14 September 2010 - 05:49 PM

eggRoll94610

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
i am sorry but i am back in my college dorm room and i dont know the status with the computer....my mom and dad dont know what to do and my little brother is too young to understand what to do. after the scan will all the viruses be gone? if no i will have to finish this again some time next week or the week after
  • 0

#15
Rorschach112
Posted 15 September 2010 - 05:08 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
this will be the last step
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP