HI! Maybe someone here can help us. My wife's PC caught Multidropper FK trojan. Nothing we do will remove it. Malwarebytes detects it, cleans it but when we reboot, we get a blue screen of death. We have to go back to the last known good ssytem configuration. It even crashed when we try to go into safe mode. When we do reboot into the last known good system configuration, Multidropper FK is still there. How can we get rid of it? Here is the text from the log file: Malwarebytes' Anti-Malware 1.41 Database version: 2863 Windows 5.1.2600 Service Pack 3 9/26/2009 6:45:07 PM mbam-log-2009-09-26 (18-45-07).txt Scan type: Full Scan (C:\|) Objects scanned: 185741 Time elapsed: 1 hour(s), 6 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 13 Registry Values Infected: 4 Registry Data Items Infected: 2 Folders Infected: 2 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\LocalService\Application Data\twain_32 (Trojan.Zbot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds (Trojan.Zbot) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\francais.EXE (Worm.Archive) -> Quarantined and deleted successfully. C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe (Trojan.Agent) -> Delete on reboot.
