Help
This post has been edited by hamluis: 30 March 2011 - 04:35 PM
Reason for edit: Moved from XP to Am I Infected.
registry errors
#16
- Member
-
- Group: Members
- Posts: 115
- Joined: 29-March 11
- Gender:Female
Posted 30 March 2011 - 03:27 PM
and my avg looks different than the post that eyesee put on were it says "is THIS what it looks like"
Back to top
#17
- Member
-
- Group: Members
- Posts: 115
- Joined: 29-March 11
- Gender:Female
Posted 30 March 2011 - 04:13 PM
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6219
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
30/03/2011 3:11:11 PM
mbam-log-2011-03-30 (15-11-11).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 201174
Time elapsed: 34 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
......PLZ tell me how seriouse these 3 infections are...thx
www.malwarebytes.org
Database version: 6219
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
30/03/2011 3:11:11 PM
mbam-log-2011-03-30 (15-11-11).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 201174
Time elapsed: 34 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
......PLZ tell me how seriouse these 3 infections are...thx
#18
- Bleepin Teck Shop
-
- Group: BC Advisor
- Posts: 3,446
- Joined: 15-July 06
- Gender:Male
- Location:In the middle of Kansas
Posted 30 March 2011 - 04:15 PM
I saw that you edited your post to include more info on what you are seeing.
Looks like they are trying to upsell you to the full version.
Let us know how MalwareBytes turns out
Looks like they are trying to upsell you to the full version.
Let us know how MalwareBytes turns out
In the beginning there was the command line.
#19
- Member
-
- Group: Members
- Posts: 115
- Joined: 29-March 11
- Gender:Female
Posted 30 March 2011 - 04:31 PM
it told me to restrt my comp. like u said it mite. so i did so but one thing i dont understand is y it told me my firewall is not on but when i go to the settings it says it on?(seemed like it took a little bit longer tho which scared the sh*t out of me") but it seemed like it worked. so should i uninstall my avg.? so those registry items infected is now fixed? now i will continue to download other programs u told me 2... thank you so much for all ur help...
This post has been edited by westsyde: 30 March 2011 - 04:37 PM
#20
- Bleepin Teck Shop
-
- Group: BC Advisor
- Posts: 3,446
- Joined: 15-July 06
- Gender:Male
- Location:In the middle of Kansas
Posted 30 March 2011 - 04:52 PM
It will take a little longer to boot as it has some cleanup to do.
This isnt a very good picture but is the one on the left what your AVG looks like?
If MalwareBytes only found 3 infections that isnt bad at all.
But 3 is 3 too many.
The programs that Cryptodan is having you use are the programs that we use routinely here at BC.
They are all free.
This isnt a very good picture but is the one on the left what your AVG looks like?
If MalwareBytes only found 3 infections that isnt bad at all.
But 3 is 3 too many.
The programs that Cryptodan is having you use are the programs that we use routinely here at BC.
They are all free.
In the beginning there was the command line.
#21
- Member
-
- Group: Members
- Posts: 115
- Joined: 29-March 11
- Gender:Female
Posted 30 March 2011 - 05:00 PM
ya that is exactly what my avg screen looks like... is that good or bad?
#22
- Member
-
- Group: Members
- Posts: 115
- Joined: 29-March 11
- Gender:Female
Posted 30 March 2011 - 05:16 PM
so if i reboot in safe mode there is no chance of my computer screwing up or deleating everything is there? because i have absolutly nothing on backup discs(your old post about all the programs tells me to reboot in safe mode for the super anti spyware program...) sorry if its a stupid question but i just dont want to lose everything
thx
thx
#23
- Bleepin Teck Shop
-
- Group: BC Advisor
- Posts: 3,446
- Joined: 15-July 06
- Gender:Male
- Location:In the middle of Kansas
Posted 30 March 2011 - 05:33 PM
westsyde, on 30 March 2011 - 05:00 PM, said:
ya that is exactly what my avg screen looks like... is that good or bad?
Thats what the real AVG looks like. The fake looks different.
Since MalwareBytes only found a few things I would run Super in regular mode and you should be fine
I would consider backing up your personal data somehow sometime in the future.
Nothing lasts forever.
Im not that familiar with GMer but plenty of our folks that frequent this forum are.
Now that you are moved to the Am I Infected forum our Malware people can take a better look at the situation for you.
They are the best there is. You can trust them and please take their advice to heart.
You have done a really good job!
I hope everything works out for you!
In the beginning there was the command line.
#24
- Member
-
- Group: Members
- Posts: 115
- Joined: 29-March 11
- Gender:Female
Posted 30 March 2011 - 05:48 PM
should i have my avg anti virus disabled when i do the SUPER ANTI_SPYWARE SCAN reccomended by cryptodan?
and with that GMER rootkit scanning program at the bottom of the information about it posted by cryptodan on page 1 of this forum it says that GMER may crash. does that mean crash my computer? im just curiouse because i will have to back up my computer first than
and with that GMER rootkit scanning program at the bottom of the information about it posted by cryptodan on page 1 of this forum it says that GMER may crash. does that mean crash my computer? im just curiouse because i will have to back up my computer first than
This post has been edited by westsyde: 30 March 2011 - 08:29 PM
#25
- Member
-
- Group: Members
- Posts: 115
- Joined: 29-March 11
- Gender:Female
Posted 30 March 2011 - 10:42 PM
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/30/2011 at 09:14 PM
Application Version : 4.50.1002
Core Rules Database Version : 6719
Trace Rules Database Version: 4531
Scan type : Complete Scan
Total Scan Time : 01:16:19
Memory items scanned : 427
Memory threats detected : 0
Registry items scanned : 5328
Registry threats detected : 50
File items scanned : 48972
File threats detected : 2
Adware.CouponBar
HKLM\Software\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32#ThreadingModel
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ProgID
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Programmable
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\TypeLib
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\VersionIndependentProgID
HKCR\TTB000001.TTB000001.1
HKCR\TTB000001.TTB000001.1\CLSID
HKCR\TTB000001.TTB000001
HKCR\TTB000001.TTB000001\CLSID
HKCR\TTB000001.TTB000001\CurVer
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0\win32
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\FLAGS
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\HELPDIR
C:\WINDOWS\COUPONSBAR.DLL
HKLM\Software\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32#ThreadingModel
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ProgID
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\Programmable
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\TypeLib
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\VersionIndependentProgID
HKCR\ToolBand.TTB000000.1
HKCR\ToolBand.TTB000000.1\CLSID
HKCR\ToolBand.TTB000000
HKCR\ToolBand.TTB000000\CLSID
HKCR\ToolBand.TTB000000\CurVer
C:\WINDOWS\COUPON~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKU\S-1-5-21-3401816946-2314443066-3265076212-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKU\S-1-5-21-3401816946-2314443066-3265076212-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\ProxyStubClsid
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\ProxyStubClsid32
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\TypeLib
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\TypeLib#Version
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\ProxyStubClsid
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\ProxyStubClsid32
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\TypeLib
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\TypeLib#Version
http://www.superantispyware.com
Generated 03/30/2011 at 09:14 PM
Application Version : 4.50.1002
Core Rules Database Version : 6719
Trace Rules Database Version: 4531
Scan type : Complete Scan
Total Scan Time : 01:16:19
Memory items scanned : 427
Memory threats detected : 0
Registry items scanned : 5328
Registry threats detected : 50
File items scanned : 48972
File threats detected : 2
Adware.CouponBar
HKLM\Software\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32#ThreadingModel
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ProgID
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Programmable
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\TypeLib
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\VersionIndependentProgID
HKCR\TTB000001.TTB000001.1
HKCR\TTB000001.TTB000001.1\CLSID
HKCR\TTB000001.TTB000001
HKCR\TTB000001.TTB000001\CLSID
HKCR\TTB000001.TTB000001\CurVer
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0\win32
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\FLAGS
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\HELPDIR
C:\WINDOWS\COUPONSBAR.DLL
HKLM\Software\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32#ThreadingModel
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ProgID
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\Programmable
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\TypeLib
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\VersionIndependentProgID
HKCR\ToolBand.TTB000000.1
HKCR\ToolBand.TTB000000.1\CLSID
HKCR\ToolBand.TTB000000
HKCR\ToolBand.TTB000000\CLSID
HKCR\ToolBand.TTB000000\CurVer
C:\WINDOWS\COUPON~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKU\S-1-5-21-3401816946-2314443066-3265076212-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKU\S-1-5-21-3401816946-2314443066-3265076212-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\ProxyStubClsid
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\ProxyStubClsid32
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\TypeLib
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\TypeLib#Version
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\ProxyStubClsid
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\ProxyStubClsid32
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\TypeLib
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\TypeLib#Version
#26
- Bleepin Teck Shop
-
- Group: BC Advisor
- Posts: 3,446
- Joined: 15-July 06
- Gender:Male
- Location:In the middle of Kansas
Posted 31 March 2011 - 01:54 PM
Only a few items there as well.
Did you tell Sas to remove them?
Unless anybody else sees something, I think you are in good shape!
Good job
Did you tell Sas to remove them?
Unless anybody else sees something, I think you are in good shape!
Good job
In the beginning there was the command line.
#27
- Bleepin Madman
-
- Group: BC Advisor
- Posts: 18,367
- Joined: 08-September 08
- Gender:Male
- Location:Catonsville, Md
Posted 31 March 2011 - 02:33 PM
Any more issues?
My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.
#28
- Member
-
- Group: Members
- Posts: 115
- Joined: 29-March 11
- Gender:Female
Posted 31 March 2011 - 04:29 PM
yes i did remove those items. so do i need to download GMER still? so far my computer is running pretty good(for a old computer) i thank you guys so much for helping me. i dont think i have any more issues right now. 
#29
- Bleepin Madman
-
- Group: BC Advisor
- Posts: 18,367
- Joined: 08-September 08
- Gender:Male
- Location:Catonsville, Md
Posted 31 March 2011 - 05:01 PM
It wouldnt hurt to run it.
My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.
#30
- Member
-
- Group: Members
- Posts: 115
- Joined: 29-March 11
- Gender:Female
Posted 31 March 2011 - 09:39 PM
ok thaank you vary much for your help- Greatly appreciated
