Jump to content

im infected really bad


Recommended Posts

basicly my gf downloaded an infected torrent

it has majorly messed up my laptop internet explorers dont work i cant update anything not even mwb or avira and not even my new blackberry

i dont know what is happening mwb has removed 33 infected files and after 8 reboots and scans i keep getting the same 2 infections

this is the log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4437

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

16/08/2010 22:07:06

mbam-log-2010-08-16 (22-07-06).txt

Scan type: Quick scan

Objects scanned: 154647

Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 38

Registry Values Infected: 10

Registry Data Items Infected: 2

Folders Infected: 11

Files Infected: 35

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5d55c6cc-b365-425f-b3d0-30d1159af63f} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5d55c6cc-b365-425f-b3d0-30d1159af63f} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5d55c6cc-b365-425f-b3d0-30d1159af63f} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d55c6cc-b365-425f-b3d0-30d1159af63f} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbliteax.info (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{6f098504-cdb1-420f-a2e6-ddc0b835fedf} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{4d1ec4ca-4b92-4324-b8f8-c9a6ed06a8ae} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4d1ec4ca-4b92-4324-b8f8-c9a6ed06a8ae} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{4e674574-3f0b-491d-8ae3-f90b43a34fd6} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4e674574-3f0b-491d-8ae3-f90b43a34fd6} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbliteax.info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbliteax.userprofiles (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbliteax.userprofiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HBLiteSA (Adware.HotBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{538ffcaf-2e83-4ac0-9c14-8bc046af4923} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{538ffcaf-2e83-4ac0-9c14-8bc046af4923} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bregapesepe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hblitesa (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Adware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\affotmfe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xnunivirebanu (Trojan.Agent.U) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\hblite@hblite.com (Adware.HotBar) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\Users\dan\AppData\Roaming\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\ProgramData\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files (x86)\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files (x86)\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files (x86)\HBLite\bin\11.0.258.0 (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files (x86)\HBLite\bin\11.0.258.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files (x86)\HBLite\bin\11.0.258.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files (x86)\HBLite\bin\11.0.258.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:

C:\Users\dan\AppData\Local\RC71818.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\Program Files (x86)\HBLite\bin\11.0.258.0\HBLiteSA.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Windows\System32\wovup.exe (Trojan.Adware) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\jovup.dll (Adware.EZlife) -> Quarantined and deleted successfully.

C:\Program Files (x86)\HBLite\bin\11.0.258.0\HBLiteSAAX.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Windows\System32\fovup.dll (Adware.BHO) -> Quarantined and deleted successfully.

C:\Windows\System32\jovup.dll (Adware.BHO) -> Quarantined and deleted successfully.

C:\Users\dan\AppData\Local\Temp\Free.Movie.License2.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\Users\dan\AppData\Local\Temp\gwxtykb.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\Users\dan\AppData\Local\Temp\iexplorer.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Users\dan\downloads\AudacitySetup.exe (Adware.HotBar) -> Quarantined and deleted successfully.

C:\ProgramData\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\ProgramData\HBLiteSA\HBLiteSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\ProgramData\HBLiteSA\HBLiteSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\ProgramData\HBLiteSA\HBLiteSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\ProgramData\HBLiteSA\HBLiteSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files (x86)\HBLite\bin\11.0.258.0\HBLiteSAHook.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files (x86)\HBLite\bin\11.0.258.0\HBLiteUninstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files (x86)\HBLite\bin\11.0.258.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files (x86)\HBLite\bin\11.0.258.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files (x86)\HBLite\bin\11.0.258.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Windows\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Users\dan\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\dan\AppData\Local\Temp\iexplarer.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\dan\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\dan\AppData\Local\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\dan\AppData\Local\geacwniyr\tncwktbshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

C:\Users\dan\AppData\Local\Temp\zu6l6zds.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\dan\AppData\Local\owobeyeyo.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\fovup.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

any suggestions???????????

Link to post
Share on other sites

Hi,

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.