FAO AlienErik or other virus experts!

Browntoa · 4 January 2010 at 5:42PM

I'd now follow that up with this

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

and post that log

this will remove stuff that Malwarebytes may miss

MiM · 5 January 2010 at 2:09PM

It's too long, won't let me post here. Says healh is "bad". Here;s a taster...

Registry Cleaner 1.1.28

Scan Started on: Tuesday, January 05, 2010 12:35:45

Starting scan Com/ActiveX Entries (Com/ActiveX Entries) at Tuesday, January 05, 2010 12:35:45
Error in HKEY_CLASSES_ROOT\CLSID\{1FF84C3B-1140-4eb6-BE38-4BE618D2E7D6}\InprocServer32\[(Default)]
Value is 'C:\WINDOWS\system32\eapa3hst.dll'
Deletion Key is HKEY_CLASSES_ROOT\CLSID\{1FF84C3B-1140-4eb6-BE38-4BE618D2E7D6}\
Error in HKEY_CLASSES_ROOT\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}\InprocServer32\[(Default)]
Value is 'C:\DOCUME~1\MIKE~1.MCG\LOCALS~1\Temp\InfoWindow.dll'
Deletion Key is HKEY_CLASSES_ROOT\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}\
Error in HKEY_CLASSES_ROOT\CLSID\{5A8371A3-0C6D-487b-B3C8-46D785C4C940}\InprocServer32\[(Default)]
Value is 'C:\WINDOWS\system32\eapahost.dll'
Deletion Key is HKEY_CLASSES_ROOT\CLSID\{5A8371A3-0C6D-487b-B3C8-46D785C4C940}\
Error in HKEY_CLASSES_ROOT\CLSID\{92820D66-F4B3-4EB6-91AD-016F2058E875}\LocalServer32\[(Default)]
Value is 'C:\Program Files\Google\Picasa3\Picasa3.exe /StiDevice:%1 /StiEvent:%2'
Deletion Key is HKEY_CLASSES_ROOT\CLSID\{92820D66-F4B3-4EB6-91AD-016F2058E875}\
Error in HKEY_CLASSES_ROOT\CLSID\{93EC2BBA-6680-4B8A-ABF4-9F091EE0A8D6}\InprocServer32\[(Default)]
Value is 'C:\Documents and Settings\mike.mcgeary\Application Data\Real\Update\setup\data\control.dll'
Deletion Key is HKEY_CLASSES_ROOT\CLSID\{93EC2BBA-6680-4B8A-ABF4-9F091EE0A8D6}\
Error in HKEY_CLASSES_ROOT\CLSID\{9DAA7B9D-CE5B-42CE-B942-32BBC284AC44}\InprocServer32\[(Default)]
Value is 'C:\WINDOWS\system32\eapa3hst.dll'
Deletion Key is HKEY_CLASSES_ROOT\CLSID\{9DAA7B9D-CE5B-42CE-B942-32BBC284AC44}\
Error in HKEY_CLASSES_ROOT\CLSID\{A02ED9E9-8D36-473A-98ED-C253A40765DE}\LocalServer32\[(Default)]
Value is 'C:\Program Files\HP\hpcoretech\soln\HPOSM.exe'
Deletion Key is HKEY_CLASSES_ROOT\CLSID\{A02ED9E9-8D36-473A-98ED-C253A40765DE}\
Error in HKEY_CLASSES_ROOT\CLSID\{B0E28D63-52F6-4e30-992B-78ECF97268E9}\InprocServer32\[(Default)]
Value is 'C:\WINDOWS\system32\eapa3hst.dll'
Deletion Key is HKEY_CLASSES_ROOT\CLSID\{B0E28D63-52F6-4e30-992B-78ECF97268E9}\
Error in HKEY_CLASSES_ROOT\CLSID\{3338A2DD-8C8E-4AC8-94E8-FD248849D77F}\[AppID]
Value is '{1F7595F7-05C5-489E-BB9F-6BA11ECD0CA0}'
Error in HKEY_CLASSES_ROOT\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\[AppID]
Value is '{C615554D-7B87-4275-84FF-8E0BA2AD071B}'
Error in HKEY_CLASSES_ROOT\CLSID\{6BC09693-0CE6-11D1-BAAE-00C04FC2E20D}\[AppID]
Value is '{A5CEB593-CCC3-486B-AB91-9C5C5ED4C9E1}'
Error in HKEY_CLASSES_ROOT\CLSID\{6BC096C4-0CE6-11D1-BAAE-00C04FC2E20D}\[AppID]
Value is '{A5CEB593-CCC3-486B-AB91-9C5C5ED4C9E1}'
Error in HKEY_CLASSES_ROOT\CLSID\{DAD90BC7-5321-4048-939A-694B0A274C02}\[AppID]
Value is '{DAD90BC7-5321-4048-939A-694B0A274C02}'
Error in HKEY_CLASSES_ROOT\CLSID\{E876339C-2984-41F8-A49A-F908555CE4C9}\[AppID]
Value is '{1F7595F7-05C5-489E-BB9F-6BA11ECD0CA0}'
Error in HKEY_CLASSES_ROOT\CLSID\{FF044937-3BF1-49B2-8DB1-E0CAE8B9A3DC}\[AppID]
Value is '{FF044937-3BF1-49B2-8DB1-E0CAE8B9A3DC}'
Error in HKEY_CLASSES_ROOT\DirectAnimation.PathControl\CLSID\[(Default)]
Value is '{D7A7D7C3-D47F-11D0-89D3-00A0C90833E6}'
Deletion Key is HKEY_CLASSES_ROOT\DirectAnimation.PathControl\
Error in HKEY_CLASSES_ROOT\DirectAnimation.Sequence\CLSID\[(Default)]
Value is '{4F241DB1-EE9F-11D0-9824-006097C99E51}'
Deletion Key is HKEY_CLASSES_ROOT\DirectAnimation.Sequence\
Error in HKEY_CLASSES_ROOT\DirectAnimation.SequencerControl\CLSID\[(Default)]
Value is '{B0A6BAE2-AAF0-11D0-A152-00A0C908DB96}'
Deletion Key is HKEY_CLASSES_ROOT\DirectAnimation.SequencerControl\
Error in HKEY_CLASSES_ROOT\DirectAnimation.SpriteControl\CLSID\[(Default)]
Value is '{FD179533-D86E-11D0-89D6-00A0C90833E6}'
Deletion Key is HKEY_CLASSES_ROOT\DirectAnimation.SpriteControl\
Error in HKEY_CLASSES_ROOT\DirectAnimation.StructuredGraphicsControl\CLSID\[(Default)]
Value is '{369303C2-D7AC-11D0-89D5-00A0C90833E6}'
Deletion Key is HKEY_CLASSES_ROOT\DirectAnimation.StructuredGraphicsControl\
Error in HKEY_CLASSES_ROOT\gds_deskband.Deskband\CLSID\[(Default)]
Value is '{38F4C281-2396-424B-8B62-F236B44ADB02}'
Deletion Key is HKEY_CLASSES_ROOT\gds_deskband.Deskband\
Error in HKEY_CLASSES_ROOT\gds_deskband.Deskband.1\CLSID\[(Default)]
Value is '{38F4C281-2396-424B-8B62-F236B44ADB02}'
Deletion Key is HKEY_CLASSES_ROOT\gds_deskband.Deskband.1\
Error in HKEY_CLASSES_ROOT\gds_deskband.DeskbandController\CLSID\[(Default)]
Value is '{CCE15A15-75F9-4F05-AFF0-194FB588D26B}'
Deletion Key is HKEY_CLASSES_ROOT\gds_deskband.DeskbandController\
Error in HKEY_CLASSES_ROOT\gds_deskband.DeskbandController.1\CLSID\[(Default)]
Value is '{CCE15A15-75F9-4F05-AFF0-194FB588D26B}'
Deletion Key is HKEY_CLASSES_ROOT\gds_deskband.DeskbandController.1\
Error in HKEY_CLASSES_ROOT\Internet.Profile.URL\CLSID\[(Default)]
Value is 'C5E953E4-5003-4606-87C1-E793861A6B69'
Deletion Key is HKEY_CLASSES_ROOT\Internet.Profile.URL\
Error in HKEY_CLASSES_ROOT\MailFileAtt\CLSID\[(Default)]
Value is '{00020D05-0000-0000-C000-000000000046}'
Deletion Key is HKEY_CLASSES_ROOT\MailFileAtt\
Error in HKEY_CLASSES_ROOT\mapifvbx.object\CLSID\[(Default)]
Value is '{41116C00-8B90-101B-96CD-00AA003B14FC}'
Deletion Key is HKEY_CLASSES_ROOT\mapifvbx.object\
Error in HKEY_CLASSES_ROOT\mapifvbx.object.1\CLSID\[(Default)]
Value is '{41116C00-8B90-101B-96CD-00AA003B14FC}'
Deletion Key is HKEY_CLASSES_ROOT\mapifvbx.object.1\
Error in HKEY_CLASSES_ROOT\PKMSA.AddStartAddress\CLSID\[(Default)]
Value is '3753737A-DD75-11D2-966A-00C04F79487A'
Deletion Key is HKEY_CLASSES_ROOT\PKMSA.AddStartAddress\
Error in HKEY_CLASSES_ROOT\PKMSA.AddStartAddress.1\CLSID\[(Default)]
Value is '3753737A-DD75-11D2-966A-00C04F79487A'
Deletion Key is HKEY_CLASSES_ROOT\PKMSA.AddStartAddress.1\
Error in HKEY_CLASSES_ROOT\PKMSA.CatalogCommands\CLSID\[(Default)]
Value is '3753737C-DD75-11D2-966A-00C04F79487A'
Deletion Key is HKEY_CLASSES_ROOT\PKMSA.CatalogCommands\
Error in HKEY_CLASSES_ROOT\PKMSA.CatalogCommands.1\CLSID\[(Default)]
Value is '3753737C-DD75-11D2-966A-00C04F79487A'
Deletion Key is HKEY_CLASSES_ROOT\PKMSA.CatalogCommands.1\
Error in HKEY_CLASSES_ROOT\PKMSA.StartAddressCommands\CLSID\[(Default)]
Value is '3753737B-DD75-11D2-966A-00C04F79487A'
Deletion Key is HKEY_CLASSES_ROOT\PKMSA.StartAddressCommands\
Error in HKEY_CLASSES_ROOT\PKMSA.StartAddressCommands.1\CLSID\[(Default)]
Value is '3753737B-DD75-11D2-966A-00C04F79487A'
Deletion Key is HKEY_CLASSES_ROOT\PKMSA.StartAddressCommands.1\
Error in HKEY_CLASSES_ROOT\Tahoe.CCMenu\CLSID\[(Default)]
Value is '9020EB60-77B2-11D3-83DA-00C04F505F43'
Deletion Key is HKEY_CLASSES_ROOT\Tahoe.CCMenu\
Error in HKEY_CLASSES_ROOT\Tahoe.CCMenu.1\CLSID\[(Default)]
Value is '9020EB60-77B2-11D3-83DA-00C04F505F43'
Deletion Key is HKEY_CLASSES_ROOT\Tahoe.CCMenu.1\
Error in HKEY_CLASSES_ROOT\Tahoe.FolderControl\CLSID\[(Default)]
Value is '787E8FD0-7AD6-11D3-83DA-00C04F505F43'
Deletion Key is HKEY_CLASSES_ROOT\Tahoe.FolderControl\
Error in HKEY_CLASSES_ROOT\Tahoe.FolderControl.1\CLSID\[(Default)]
Value is '787E8FD0-7AD6-11D3-83DA-00C04F505F43'
Deletion Key is HKEY_CLASSES_ROOT\Tahoe.FolderControl.1\
Error in HKEY_CLASSES_ROOT\Tahoe.NewCCWizardMenu\CLSID\[(Default)]
Value is '0948E980-3A31-11D3-83CF-00C04F505F43'
Deletion Key is HKEY_CLASSES_ROOT\Tahoe.NewCCWizardMenu\
Error in HKEY_CLASSES_ROOT\Tahoe.NewCCWizardMenu.1\CLSID\[(Default)]
Value is '0948E980-3A31-11D3-83CF-00C04F505F43'
Deletion Key is HKEY_CLASSES_ROOT\Tahoe.NewCCWizardMenu.1\

aliEnRIK · 5 January 2010 at 2:43PM

Goto C drive and find COMBOFIX.TXT

Post in SECTIONS

FAO AlienErik or other virus experts!

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free