cannot get online except in safe mode logs Malwarebytes' Anti-Malware 1.40 Database version: 2551 Windows 5.1.2600 Service Pack 2 (Safe Mode) 8/28/2009 4:01:53 PM mbam-log-2009-08-28 (16-01-53).txt Scan type: Full Scan (C:\|) Objects scanned: 177546 Time elapsed: 26 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 9 Registry Values Infected: 10 Registry Data Items Infected: 9 Folders Infected: 4 Files Infected: 15 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99403345-3788-443b-9f1b-45497401e6b3} (Trojan.BHO.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{99403345-3788-443b-9f1b-45497401e6b3} (Trojan.BHO.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\browserctl (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\browserctl (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\browserctl (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UltraVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\gxvxc (Rootkit.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\captcha7 (Trojan.GamesThief) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\personalav (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysberay2 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bd8d16d2-a7f5-448a-91c7-d9601fb4f547}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f6566960-3e8f-49ac-afbc-2938b520de87}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bd8d16d2-a7f5-448a-91c7-d9601fb4f547}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f6566960-3e8f-49ac-afbc-2938b520de87}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{bd8d16d2-a7f5-448a-91c7-d9601fb4f547}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f6566960-3e8f-49ac-afbc-2938b520de87}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\linda gallagher\Start Menu\Programs\UltraVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\catsr.dll (Trojan.BHO.H) -> Delete on reboot. C:\Program Files\captcha7.dll (Trojan.GamesThief) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msxmlm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\linda gallagher\My Documents\UltraVideo\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Program Files\BrowserCtl\BrowserCtl.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\srpira1250294135.eXE (Spyware.LdPinch) -> Quarantined and deleted successfully. C:\Documents and Settings\linda gallagher\Start Menu\Programs\UltraVideo\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Program Files\PersonalAV\PAV.exe (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Uninstall\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\PersonalAV\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\WINDOWS\freddy58.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\freddy60.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\ld12.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\b4657.dat (Worm.KoobFace) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.40 Database version: 2551 Windows 5.1.2600 Service Pack 2 (Safe Mode) 8/28/2009 4:01:53 PM mbam-log-2009-08-28 (16-01-53).txt Scan type: Full Scan (C:\|) Objects scanned: 177546 Time elapsed: 26 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 9 Registry Values Infected: 10 Registry Data Items Infected: 9 Folders Infected: 4 Files Infected: 15 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99403345-3788-443b-9f1b-45497401e6b3} (Trojan.BHO.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{99403345-3788-443b-9f1b-45497401e6b3} (Trojan.BHO.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\browserctl (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\browserctl (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\browserctl (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UltraVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\gxvxc (Rootkit.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\captcha7 (Trojan.GamesThief) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\personalav (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysberay2 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bd8d16d2-a7f5-448a-91c7-d9601fb4f547}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f6566960-3e8f-49ac-afbc-2938b520de87}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bd8d16d2-a7f5-448a-91c7-d9601fb4f547}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f6566960-3e8f-49ac-afbc-2938b520de87}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{bd8d16d2-a7f5-448a-91c7-d9601fb4f547}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f6566960-3e8f-49ac-afbc-2938b520de87}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\linda gallagher\Start Menu\Programs\UltraVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\catsr.dll (Trojan.BHO.H) -> Delete on reboot. C:\Program Files\captcha7.dll (Trojan.GamesThief) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msxmlm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\linda gallagher\My Documents\UltraVideo\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Program Files\BrowserCtl\BrowserCtl.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\srpira1250294135.eXE (Spyware.LdPinch) -> Quarantined and deleted successfully. C:\Documents and Settings\linda gallagher\Start Menu\Programs\UltraVideo\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Program Files\PersonalAV\PAV.exe (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Uninstall\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\PersonalAV\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\WINDOWS\freddy58.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\freddy60.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\ld12.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\b4657.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
