Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various Infections


  • Please log in to reply
8 replies to this topic

#1 mscanlon302

mscanlon302

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 18 January 2009 - 07:24 PM

I have run AntiSpyWare in safe mode and came out with the following:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/18/2009 at 07:05 PM

Application Version : 4.24.1004

Core Rules Database Version : 3714
Trace Rules Database Version: 1689

Scan type : Complete Scan
Total Scan Time : 01:04:36

Memory items scanned : 178
Memory threats detected : 0
Registry items scanned : 5772
Registry threats detected : 30
File items scanned : 21592
File threats detected : 64

Trojan.Unclassified/Helper-DD
HKLM\Software\Classes\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}#AppID
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\InprocServer32
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\InprocServer32#ThreadingModel
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\ProgID
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\Programmable
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\TypeLib
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\VersionIndependentProgID
HKCR\main.BHO.1
HKCR\main.BHO.1\CLSID
HKCR\main.BHO
HKCR\main.BHO\CLSID
HKCR\main.BHO\CurVer
HKCR\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573}
HKCR\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573}\1.0
HKCR\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573}\1.0\0
HKCR\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573}\1.0\0\win32
HKCR\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573}\1.0\FLAGS
HKCR\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573}\1.0\HELPDIR
C:\PROGRAM FILES\COMMON\_HELPER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKU\S-1-5-21-996015299-2318263756-776673639-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKCR\Interface\{986A8AC1-AB4D-4F41-9068-4B01C0197867}
HKCR\Interface\{986A8AC1-AB4D-4F41-9068-4B01C0197867}\ProxyStubClsid
HKCR\Interface\{986A8AC1-AB4D-4F41-9068-4B01C0197867}\ProxyStubClsid32
HKCR\Interface\{986A8AC1-AB4D-4F41-9068-4B01C0197867}\TypeLib
HKCR\Interface\{986A8AC1-AB4D-4F41-9068-4B01C0197867}\TypeLib#Version

Adware.IWinGames
HKU\S-1-5-21-996015299-2318263756-776673639-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}

Adware.Tracking Cookie
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@data.coremetrics[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@hitbox[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@mediaplex[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@zedo[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@www.burstnet[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@media.adrevolver[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@fastclick[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@ads.lucidmedia[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@www.shopica[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@questionmarket[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@overture[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@tripod[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@cache.trafficmp[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@ehg.hitbox[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@shopica[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@revsci[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@advertising[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@ads.pointroll[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@tribalfusion[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@www.web-stat[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@adopt.specificclick[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@serving-sys[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@interclick[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@adopt.euroclick[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@azjmp[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@2o7[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@yieldmanager[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@specificclick[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@specificmedia[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@doubleclick[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@media.mtvnservices[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@kontera[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@trafficmp[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@a.websponsors[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@ads.addynamix[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@ehg-ripedigitalentertainment.hitbox[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@rotator.adjuggler[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@realmedia[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@clickbank[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@adbrite[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@live-antispyware-scanner[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@eb.adbureau[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@statse.webtrendslive[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@adserver.adtechus[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@atdmt[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@tacoda[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@at.atwola[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@www.mynetfinder[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@bs.serving-sys[1].txt

Adware.MyWebSearch/FunWebProducts
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}

Trojan.Dropper/YYY-Gen
C:\DOCUMENTS AND SETTINGS\TERESA SCANLON\LOCAL SETTINGS\TEMP\YYY1459.EXE
C:\DOCUMENTS AND SETTINGS\TERESA SCANLON\LOCAL SETTINGS\TEMP\YYY1462.EXE

Trojan.FakeAlert-TMPX
C:\DOCUMENTS AND SETTINGS\TERESA SCANLON\LOCAL SETTINGS\TEMP\~TMPA.EXE
C:\DOCUMENTS AND SETTINGS\TERESA SCANLON\LOCAL SETTINGS\TEMP\~TMPE.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Teresa Scanlon\Local Settings\Temporary Internet Files\Content.IE5\N6US0S6Q\shopica_logo_bott[1].gif
C:\Documents and Settings\Teresa Scanlon\Local Settings\Temporary Internet Files\Content.IE5\RIOJJ3PQ\footer_dots[1].gif
C:\Documents and Settings\Teresa Scanlon\Local Settings\Temporary Internet Files\Content.IE5\I11FXHIP\async_ads_rs[1].htm
C:\Documents and Settings\Teresa Scanlon\Local Settings\Temporary Internet Files\Content.IE5\L8AA0OYJ\shopica_logo_top[1].gif
C:\Documents and Settings\Teresa Scanlon\Local Settings\Temporary Internet Files\Content.IE5\RIOJJ3PQ\style[1].css
C:\Documents and Settings\Teresa Scanlon\Local Settings\Temporary Internet Files\Content.IE5\I11FXHIP\pop_under[1].htm
C:\Documents and Settings\Teresa Scanlon\Local Settings\Temporary Internet Files\Content.IE5\RIOJJ3PQ\sp[1].gif
C:\Documents and Settings\Teresa Scanlon\Local Settings\Temporary Internet Files\Content.IE5\L8AA0OYJ\search[1].htm
C:\Documents and Settings\Teresa Scanlon\Local Settings\Temporary Internet Files\Content.IE5\N6US0S6Q\js[1].js


Any help would be appreciated!

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:50 PM

Posted 18 January 2009 - 08:27 PM

Best to use more than one program. Use MalwareBytes Antimalware. Be sure to UPDATE before scanning.
Instructions for using MBAM are in the link below.
http://www.bleepingcomputer.com/forums/ind...st&p=944365

Allow Secunia online scanner to scan your programs for missing security updates. After installing the latest Sun Java program go to Add/Remove program and remove all OLD Java programs. Old Java programs are known to be exploited by malware.

Post back with the logs and any problems you are still experiencing.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 mscanlon302

mscanlon302
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 19 January 2009 - 09:16 AM

MBAM results:

Malwarebytes' Anti-Malware 1.33
Database version: 1666
Windows 5.1.2600 Service Pack 3

1/19/2009 9:15:27 AM
mbam-log-2009-01-19 (09-15-27).txt

Scan type: Quick Scan
Objects scanned: 56143
Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/piratepoppers.1.0.0.39.dll (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{38d97cce-7243-4b6e-b6a8-dd872ad3eb33} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6868afe5-f258-47dc-bc37-0821f96dc1d2} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{49e67060-2c0d-415e-94c7-52a49f73b2f1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49e67060-2c0d-415e-94c7-52a49f73b2f1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\PiratePoppers.1.0.0.39.dll (Adware.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Documents and Settings\Teresa Scanlon\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Teresa Scanlon\Local Settings\Temp\~tmpg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\PiratePoppers.1.0.0.39.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\PiratePoppers.1.0.0.39.inf (Adware.Agent) -> Quarantined and deleted successfully.

#4 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:50 PM

Posted 19 January 2009 - 09:35 AM

You should run both scans again. Post back with the logs and any comments or problems you are still experiencing.

You can block the Ad/ tracking cookies from ever installing on your computer by following the steps below.
This applies to Internet explorer browsers.
Click on tools
click on internet options
click on privacy tab
click on advanced button
put a check in the box next to override automatic cookie handling
put a check in the box next to first party accept
put a check in the box next to block third party cookies (those are the ad/ tracking cookies that AVG deletes)
Click OK to exit
Then just run another quick scan with SAS to remove the third party cookies that were installed before changing the settings.

Click start, All programs, Accessories, System tools, Disk Cleanup, Put a check next to all items except "compress old files".
Click on the more options tab, click on the "cleanup" button next to "system restore" (this will remove all of the restore points but the last one as many are infected) click OK and allow cleanup to run.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 mscanlon302

mscanlon302
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 19 January 2009 - 10:33 AM

SUPERAntiSpy log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/19/2009 at 10:25 AM

Application Version : 4.24.1004

Core Rules Database Version : 3714
Trace Rules Database Version: 1689

Scan type : Quick Scan
Total Scan Time : 00:27:48

Memory items scanned : 178
Memory threats detected : 0
Registry items scanned : 632
Registry threats detected : 1
File items scanned : 9452
File threats detected : 24

Adware.Tracking Cookie
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@mediaplex[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@fastclick[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@questionmarket[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@247realmedia[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@cache.trafficmp[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@revsci[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@advertising[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@ads.pointroll[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@serving-sys[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@adopt.euroclick[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@interclick[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@2o7[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@specificclick[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@doubleclick[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@trafficmp[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@realmedia[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@ar.atwola[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@atwola[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@edge.ru4[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@adserver.adtechus[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@atdmt[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@tacoda[2].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@at.atwola[1].txt
C:\Documents and Settings\Teresa Scanlon\Cookies\teresa_scanlon@bs.serving-sys[2].txt

Adware.MyWebSearch/FunWebProducts
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}

#6 mscanlon302

mscanlon302
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 19 January 2009 - 10:44 AM

MBAM log:

Malwarebytes' Anti-Malware 1.33
Database version: 1666
Windows 5.1.2600 Service Pack 3

1/19/2009 10:44:17 AM
mbam-log-2009-01-19 (10-44-16).txt

Scan type: Quick Scan
Objects scanned: 56582
Time elapsed: 10 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:50 PM

Posted 19 January 2009 - 10:53 AM

You are certainly a person of few words.

Post the MBAM log, too.

You can also check in your Add/Remove program for any of the items listed below. SAS and MBAM may have removed them but double check and if there remove them.

1) Click on Start, Settings, Control Panel

2) Double click on Add/Remove Programs

3) Find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with FunWebProducts.

* My Web Search (Smiley Central or FWP product as applicable)
* My Way Speedbar (Smiley Central or other FWP as applicable)
* My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
* My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
* Search Assistant - My Way
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 mscanlon302

mscanlon302
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 19 January 2009 - 11:15 AM

I have posted the MBAM log above.

As for the WebSearch items, I do not see them in my add/remove programs listing.

Thank you for your help.

#9 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:50 PM

Posted 19 January 2009 - 11:22 AM

You appear to be free of malware. I would suggest though that you run more scans after updating during the next week.
Surf Safe.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users