Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

scared to click uninstall/change 'personal security'


  • Please log in to reply
22 replies to this topic

#1 nolove4mypc

nolove4mypc

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 PM

Posted 21 March 2010 - 11:16 PM

I followed all of the steps provided to remove 'personal security' but it still shows up in my installed programs list. before running 'malwarebytes' clicking on 'unistall/change' from my control panel would only start up 'personal security' again. How do I get it off the list without starting it?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:55 PM

Posted 22 March 2010 - 03:04 PM

Hello, sometimes they are just tricky.
We need a deeper look,please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic from step 9.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 nolove4mypc

nolove4mypc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 PM

Posted 23 March 2010 - 05:18 AM

I know you get bombarded with problems like these and I really appreciate your taking the time to help me. I'll do my best not to panic! lol
Unfortunately the problem has gotten worse! I hope I can explain this in such a way that gives you a better idea of what's going on.
We have Windows Vista with 2 user accounts; mine & my husband's. Personal Security was opened on my husbands account and it is on his list of installed programs.
1st thing I did was download Malwarebytes Anti-Malware on my account (thinking that it would protect the whole computer) and ran a full scan, which turned up 125+ issues that were promtly removed. Next I tried to back-up to disk but was unable to finish due to all but 1 of my disks being unable to format?? Keep in mind this is my account.
Ok, so I logged off my account and switched to my husband's. Not good! All of his desktop icons have disappeared. I can't open Windows Defender or access any of the features in the control panel. A dozen frantic clicks finally enabled me to open Internet Explorer which runs at a snails pace if at all. About 15 minutes into the session and warning box appears saying my computer is being attcked, do I want to fix it, I click no and the screen goes bright blue with a very large description( it's too big to read, goes off the screen) that I'm under attack. The CPU makes this long beep before crashing!
In those 15 min, I tried following the steps you suggested 6-9 but can't download anything! (sorry, that's not panic! lol)
Does this help at all? Please let me know what information you need to better understand what I can't accurately explain. Thank you !

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:55 PM

Posted 23 March 2010 - 01:19 PM

Ok we can try a few things.. First you need a CD or a flash drive to download things off another computer.
Try to get these and run them on the PC.

FixExe.reg

FixExe.reg
....click Run when the box opens

RKill....

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
You will need to run the application again if rebooting the computer occurs along the way as the malware programs will start again.



Now if they ran, run MBAM ,,post a log if it worked.

Also download SAS ,, and run it off the Device. Run it in Normal mode if needed. Run it If MBAM runs or not. Post a log if you get one.
If you had to reboot some where rerun RKill.

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.



I know this is a lot but I want to give you what you can try at once..
On another CD or on the Flash drive. Make this rescue disk. You will need to boot the PC from the disk and let it run..
Avira AntiVir Rescue System
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 nolove4mypc

nolove4mypc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 PM

Posted 23 March 2010 - 02:42 PM

Does it matter which account I'm using? Mine or my husbands? I can use my account freely but will it fix his account as I am the administrator? Also, I'm a little unclear as to what I do with the CD/flash drive. I have a Seagate portable 2.5 GB flash drive. Will that work? Oh, thank you for all your help! I Love this Site and have told all my facebook friends that it's the best!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:55 PM

Posted 23 March 2010 - 02:48 PM

Hi, that drive will work for all.. Download everything to it then either transfer or run them from the drive.
Yes be the ADministrator. :thumbsup:
and thanks

PS the first 2 tools hopefull will kill the malware stooping you from running things.

Edited by boopme, 23 March 2010 - 02:49 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 nolove4mypc

nolove4mypc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 PM

Posted 23 March 2010 - 03:31 PM

Thank you do much! Ok, I ran the SuperAntiSpyware on the infected account(computer) and quarantined/removed 298 threats in safe mode and rebooted. BUT Personal Security came right up and denied access to everything, even the log from SASW. So I switched back over to my account (same computer) and ran rkill. then I ran MAW again, here is that log:

Malwarebytes' Anti-Malware 1.43

Database version: 3458
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/23/2010 6:48:56 PM
mbam-log-2010-03-23 (18-48-56).txt

Scan type: Quick Scan
Objects scanned: 124917
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


running SASW now, must reboot for log, next post. :thumbsup:

Edited by nolove4mypc, 23 March 2010 - 08:06 PM.


#8 nolove4mypc

nolove4mypc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 PM

Posted 23 March 2010 - 08:16 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/23/2010 at 08:03 PM

Application Version : 4.34.1000

Core Rules Database Version : 4720
Trace Rules Database Version: 2532

Scan type : Complete Scan
Total Scan Time : 01:22:34

Memory items scanned : 566
Memory threats detected : 0
Registry items scanned : 8197
Registry threats detected : 4
File items scanned : 151113
File threats detected : 6

Adware.HBHelper
HKU\S-1-5-21-3250928081-3697380123-4224461162-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKU\S-1-5-21-3250928081-3697380123-4224461162-1005\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Adware.ShopAtHomeSelect
HKU\S-1-5-21-3250928081-3697380123-4224461162-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}

Adware.Tracking Cookie
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@cdn4.specificclick[2].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@www.myaccount.chase[2].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@doubleclick[2].txt

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-3250928081-3697380123-4224461162-1005\SOFTWARE\FunWebProducts

[b]Rogue.PersonalSecurity :thumbsup:
C:\PROGRAM FILES\PERSONSECURITY\PSECURITY.EXE
C:\Windows\Prefetch\PSECURITY.EXE-EF3DB2E4.pf

Adware.DoubleD
C:\PROGRAMDATA\{017115B5-2F29-4ECD-8FD6-329F9F107B86}\OFFLINE\B75FA91E\3E688669\STBSVC.EXE


going to switch over and see what happens!!!!!! :flowers:

#9 nolove4mypc

nolove4mypc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 PM

Posted 23 March 2010 - 08:28 PM

ok here is the log from my husband's account (yes, I was actually able to get it!!!!)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/23/2010 at 06:24 PM

Application Version : 4.34.1000

Core Rules Database Version : 4596
Trace Rules Database Version: 0

Scan type : Complete Scan
Total Scan Time : 00:46:05

Memory items scanned : 280
Memory threats detected : 0
Registry items scanned : 8191
Registry threats detected : 66
File items scanned : 27493
File threats detected : 232

Adware.HBHelper
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
HKCR\URLSearchHook.ToolbarURLSearchHook.1
HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
HKCR\URLSearchHook.ToolbarURLSearchHook
HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
C:\PROGRAM FILES\BLINGEE PLUS\TBHELPER.DLL
HKU\S-1-5-21-3250928081-3697380123-4224461162-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Adware.ShopAtHomeSelect
HKU\S-1-5-21-3250928081-3697380123-4224461162-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}

Adware.Tracking Cookie
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@pro-market[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@tracking.admarketplace[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads2.adultadvertising[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@www.ziporn[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@www.pornexa[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@louisvuitton.solution.weborama[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads.web-republic[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@pointroll[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@optimize.indieclick[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads1.adultadvertising[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@oasn04.247realmedia[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@mywebsearch[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@serving-sys[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@2o7[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@media6degrees[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@naiadsystems[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@apmebf[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@yourbleepbook[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@adserver.adtechus[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@realmedia[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@www.hardsextube[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads.addynamix[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads.crakmedia[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads.pointroll[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@content.yieldmanager[3].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads.pugetsoundsoftware[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@adecn[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@banner.adchemy[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@xxxblackbook[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@fastclick[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@cdn4.specificclick[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@trafficmp[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@rts.pgmediaserve[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads.bridgetrack[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@wt.xxxmatch[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@collective-media[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads.undertone[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@yadro[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@adxpansion[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@interclick[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads.watchmygf[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@www.pornhub[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@questionmarket[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@statcounter[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@pornhub[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@247realmedia[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@clients.pointroll[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@clickbank[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@yieldmanager[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@1.bfugmedia[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@a1.interclick[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@network.realmedia[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@lfstmedia[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@viacom.adbureau[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ad.yieldmanager[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@adbrite[3].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@casalemedia[3].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@burstnet[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@advertising[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@viacom.adbureau[3].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads.whaleads[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@specificclick[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@lockedonmedia[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@1.sharkadnetwork[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@exposedteensluts[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@doubleclick[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ad.wsod[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@zedo[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@atdmt[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@invitemedia[3].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@msnportal.112.2o7[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@electronicarts.112.2o7[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ziporn[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@weborama[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@at.atwola[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@adultadworld[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ad.zanox[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@specificmedia[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@viacom.adbureau[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@kontera[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@www.yourbleepbook[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads1.exgfnetwork[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ru4[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@tribalfusion[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@eotrack[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads.adgoto[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@srv.clickfuse[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@hardsextube[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@tour1.xxxmatch[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@audit.median[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@richmedia.yahoo[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@dev.hardsextube[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@content.yieldmanager[4].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@www.tracklead[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@mediaplex[4].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@bs.serving-sys[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@adultfriendfinder[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@stolenteengfs[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@revsci[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@adserver.hardsextube[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@azjmp[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@uac.advertising[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@imrworldwide[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@indieclick[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads.gamersmedia[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@eas.apm.emediate[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@adfarm1.adition[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads.myaxxess[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@adinterax[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@www3.addfreestats[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@media.adfrontiers[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@www.burstnet[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@hackedbleepbook[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@www.erosexus[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@tacoda[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@clicks.collegeeducationscholarship[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@affiliate.revenueads[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@videoegg.adbureau[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@pornexa[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@tattoofinder[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@xxxmatch[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@burstbeacon[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@chitika[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@m1.webstats.motigo[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@click.superpaysys[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@blog.pornhub[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@www.burstbeacon[2].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@mediaplex[1].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@ad.yieldmanager[1].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@socialmedia[2].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@adbrite[2].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@mywebsearch[2].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@mywebsearch[4].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@mywebsearch[1].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@invitemedia[1].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@lfstmedia[2].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@invitemedia[2].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@www.myaccount.chase[2].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@realmedia[1].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@ads.bridgetrack[2].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\bolls@doubleclick[1].txt
C:\Users\Bolls\AppData\Roaming\Microsoft\Windows\Cookies\Low\bolls@ads.bleepingcomputer[1].txt
.kanoodle.com [ C:\Users\Bolls\AppData\Roaming\MozillaControl\profiles\MozillaControl\6agvgls9.slt\cookies.txt ]
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads.weread[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@adbrite[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@ads.pointroll[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@mediaplex[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@mediaplex[3].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@content.yieldmanager[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@mywebsearch[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@mywebsearch[3].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@azjmp[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@a1.interclick[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@advertising[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@casalemedia[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@invitemedia[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@lynxtrack[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@statsadv.dada[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@www.x3track[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@adserver.adtechus[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@adinterax[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@rts.pgmediaserve[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@specificclick[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@msnportal.112.2o7[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@collective-media[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@chitika[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@adxpansion[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@tribalfusion[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@adbrite[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@richmedia.yahoo[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@serving-sys[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@ads.whaleads[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@www.googleadservices[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@ads.watchmygf[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@eyewonder[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@ads.crakmedia[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@advertising[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@content.yieldmanager[3].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@content.yieldmanager[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@mywebsearch[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@www.erosexus[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@specificmedia[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@realmedia[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@insightexpressai[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@statcounter[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@media.legacy[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@ad.wsod[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@ads.bridgetrack[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@ad.yieldmanager[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@trafficmp[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@apmebf[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@adecn[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@naiadsystems[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@bs.serving-sys[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@invitemedia[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@eb.adbureau[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@ads.undertone[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@wt.xxxmatch[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@apmebf[3].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@tour1.xxxmatch[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@247realmedia[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@a1.interclick[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@atdmt[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@cdn4.specificclick[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@doubleclick[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@fastclick[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@imrworldwide[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@interclick[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@lfstmedia[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@media6degrees[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@mediaplex[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@pornhub[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@questionmarket[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@revsci[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@statcounter[3].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@www.pornhub[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@www.tubepornfilm[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@www.tubepornfilm[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\Low\glen@xxxmatch[2].txt
.kanoodle.com [ C:\Users\Glen\AppData\Roaming\MozillaControl\profiles\MozillaControl\0yscvdmu.slt\cookies.txt ]

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-3250928081-3697380123-4224461162-1006\SOFTWARE\FunWebProducts
HKU\S-1-5-21-3250928081-3697380123-4224461162-1006\SOFTWARE\MyWebSearch
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Type
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Start
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ObjectName

Adware.180solutions/Seekmo
HKU\S-1-5-21-3250928081-3697380123-4224461162-1006\Software\seekmosa
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Reset Cursor.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Adware.Zango/ShoppingReport
HKCR\CntntCntr.CntntDic
HKCR\CntntCntr.CntntDic\CLSID
HKCR\CntntCntr.CntntDic\CurVer
HKCR\CntntCntr.CntntDic.1
HKCR\CntntCntr.CntntDic.1\CLSID
HKCR\CntntCntr.CntntDisp
HKCR\CntntCntr.CntntDisp\CLSID
HKCR\CntntCntr.CntntDisp\CurVer
HKCR\CntntCntr.CntntDisp.1
HKCR\CntntCntr.CntntDisp.1\CLSID
HKCR\WeatherDPA.WeatherController
HKCR\WeatherDPA.WeatherController\CLSID
HKCR\WeatherDPA.WeatherController\CurVer
HKCR\WeatherDPA.WeatherController.1
HKCR\WeatherDPA.WeatherController.1\CLSID
HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}
HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\LocalServer32
HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\ProgID
HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\Programmable
HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\TypeLib
HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\VersionIndependentProgID
HKU\S-1-5-21-3250928081-3697380123-4224461162-1006\Software\ShoppingReport

Adware.MediaAccessStartup
HKU\S-1-5-21-3250928081-3697380123-4224461162-1006\Software\Media Access Startup

Adware.Gamevance
HKCR\GamevanceText.Linker
HKCR\GamevanceText.Linker\CLSID
HKCR\GamevanceText.Linker\CurVer
HKCR\GamevanceText.Linker.1
HKCR\GamevanceText.Linker.1\CLSID
HKCR\AppId\GamevanceText.DLL
HKCR\AppId\GamevanceText.DLL#AppID
HKU\S-1-5-21-3250928081-3697380123-4224461162-1006\Software\gvtl

Trojan.Agent/Gen-Nullo[Short]
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSIMG32.DLL
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\RICHED20.DLL

Adware.Generic
C:\PROGRAMDATA\{017115B5-2F29-4ECD-8FD6-329F9F107B86}\OFFLINE\15D3A7BB\3E688669\STBAPPHELPER.EXE
C:\PROGRAMDATA\{017115B5-2F29-4ECD-8FD6-329F9F107B86}\OFFLINE\4F73E13A\3E688669\STBAPP.DLL
C:\PROGRAMDATA\{017115B5-2F29-4ECD-8FD6-329F9F107B86}\OFFLINE\C3C6C2CD\3E688669\STBIE.DLL
C:\PROGRAMDATA\{017115B5-2F29-4ECD-8FD6-329F9F107B86}\OFFLINE\CE8732D\3E688669\PRODUCTINFO.DLL
C:\PROGRAMDATA\{017115B5-2F29-4ECD-8FD6-329F9F107B86}\OFFLINE\MFILEBAGIDE.DLL\BAG\PRODUCTINFO.DLL
C:\USERS\GLEN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\PRODUCTINFO.DLL



and here is the log from MBAM

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/23/2010 8:24:52 PM
mbam-log-2010-03-23 (20-24-52).txt

Scan type: Quick Scan
Objects scanned: 126021
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\OEActiveXDLL.DesktopOEAddin1 (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


:thumbsup:

#10 nolove4mypc

nolove4mypc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 PM

Posted 23 March 2010 - 08:31 PM

:flowers: :thumbsup: :trumpet: :huh:

Thank you! Thank You! THANK YOU!

WAS SECONDS AWAY FROM REMOVING HIS ENTIRE ACCOUNT!

YOU KICK AZZ! :huh:

one more tiny issue: Personal Security still shows in his control panel installed programs! I ain't clicking on it!!!!
:inlove:

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:55 PM

Posted 23 March 2010 - 09:13 PM

You did real well here :thumbsup:
OK now we need to update and run MBAM again. We'll use FULL,that should scan all accounts.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Now from Internet Explorer: I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
How's things now? Azz Kikker :flowers:

Edited by boopme, 23 March 2010 - 09:14 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 nolove4mypc

nolove4mypc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 PM

Posted 24 March 2010 - 09:45 AM

Ok, I'm back at it! I don't know how you high-tech techs do this all day! lol

log from MBAM

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/24/2010 9:36:42 AM
mbam-log-2010-03-24 (09-36-42).txt

Scan type: Full Scan (C:\|)
Objects scanned: 315337
Time elapsed: 1 hour(s), 14 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


That's good news right?!?!?

ok, will reboot & return


C:\Program Files\puredefmusic\toolbar\1.bin\p3highin.exe Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\puredefmusic\toolbar\1.bin\p3medint.exe Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\puredefmusic\toolbar\1.bin\p3Plugin.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\ProgramData\{017115B5-2F29-4ECD-8FD6-329F9F107B86}\OFFLINE\29A73ACD\3E688669\stb0.dll probably a variant of Win32/Adware.DoubleD.AB application cleaned by deleting - quarantined
C:\ProgramData\{017115B5-2F29-4ECD-8FD6-329F9F107B86}\OFFLINE\BED3DEFB\3E688669\stbasst.exe probably a variant of Win32/Adware.DoubleD.AF application cleaned by deleting - quarantined
C:\ProgramData\{017115B5-2F29-4ECD-8FD6-329F9F107B86}\OFFLINE\EB91CE86\3E688669\stbdl.exe a variant of Win32/Adware.DoubleD.AF application cleaned by deleting - quarantined
C:\ProgramData\{017115B5-2F29-4ECD-8FD6-329F9F107B86}\OFFLINE\mFileBagIDE.dll\bag\FFToolbar.xpi probably a variant of Win32/Adware.DoubleD.AF application deleted - quarantined
C:\ProgramData\{017115B5-2F29-4ECD-8FD6-329F9F107B86}\OFFLINE\mFileBagIDE.dll\bag\stbpx.exe probably a variant of Win32/Adware.DoubleD.AF application cleaned by deleting - quarantined
C:\Users\Bolls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\27ab4de5-740a2f19 multiple threats deleted - quarantined
C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\DoubleD\Desktop Smiley Toolbar\3.10.0.11120\bin\stbup.exe a variant of Win32/Adware.DoubleD.AB application cleaned by deleting - quarantined
C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\DoubleD\Desktop Smiley Toolbar\3.9.1.9350\bin\stbup.exe a variant of Win32/Adware.DoubleD.AB application cleaned by deleting - quarantined
C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbdl.exe a variant of Win32/Adware.DoubleD.AF application cleaned by deleting - quarantined
C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe a variant of Win32/Adware.DoubleD.AB application cleaned by deleting - quarantined
C:\Windows\Installer\MSI480E.tmp probably a variant of Win32/Agent trojan cleaned by deleting - quarantined


I hope I did that right!

Edited by nolove4mypc, 24 March 2010 - 01:31 PM.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:55 PM

Posted 24 March 2010 - 10:37 AM

No sorry hon,it did not update

Yours
Malwarebytes' Anti-Malware 1.43
Database version: 3458

Mine
Malwarebytes' Anti-Malware 1.44
Database version: 3908

Is it saying it did?

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Edited by boopme, 24 March 2010 - 10:37 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 nolove4mypc

nolove4mypc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 PM

Posted 24 March 2010 - 01:33 PM

Oh crap, I updated MBAM after I scanned! Do I do it again???

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:55 PM

Posted 24 March 2010 - 02:17 PM

Yes and post again ,,I think we'll find stuff
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users