Please help. I am unable to run any of these programs listed under your repair advice. I already had Malwarebytes and Superantispyware and Avira on my computer. Every time I open IE from the desktop. I always get the same message. A window opens labeled "Open with" then says " Choose the program you want to use to open this file. Recommended programs lists Internet Explorer, but when selected it asks if I want to run this file, then Back to the Open with box. Everything in my Starts list gives the same message. All shortcuts to. When I try to open the security center it says Application not found. Can you help me?? Please
sdsurfer 0 Newbie Poster
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Hi and welcome to the Daniweb forums :).
==========
Run the following, then try the programs again:
sdsurfer 0 Newbie Poster
The program looks like it loaded. Then when I clicked run. A window opens labeled "Open with" then says " Choose the program you want to use to open this file. Recommended programs lists Internet Explorer, but when selected it asks if I want to run this file, then Back to the Open with box. Any other ideas? Please
Hi and welcome to the Daniweb forums :).
==========
Run the following, then try the programs again:
colinperman 0 Newbie Poster
The program looks like it loaded. Then when I clicked run. A window opens labeled "Open with" then says " Choose the program you want to use to open this file. Recommended programs lists Internet Explorer, but when selected it asks if I want to run this file, then Back to the Open with box. Any other ideas? Please
Hi i had this problem 3 days ago,just run a full security scan with your internet security,and run full scan on windows defender,they should pick it up the second time round,mine did (norton)and removed it for me.
This is what norton found.
Updated: April 20, 2010 4:20:07 PM
Also Known As: Trojan-Spy.HTML.Smitfraud.c [Kaspersky], Phish-BankFraud.eml.a [McAfee], Trj/Citifraud.A [Panda Software], generic5 [AVG]
Type: Trojan
Infection Length: Varies
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
Disable System Restore (Windows Me/XP).
Update the virus definitions.
Run a full system scan.
Edited by colinperman because: n/a
sdsurfer 0 Newbie Poster
Please help. I am unable to run any of these programs listed under your repair advice. I already had Malwarebytes and Superantispyware and Avira on my computer. Every time I open IE from the desktop. I always get the same message. A window opens labeled "Open with" then says " Choose the program you want to use to open this file. Recommended programs lists Internet Explorer, but when selected it asks if I want to run this file, then Back to the Open with box. Everything in my Starts list gives the same message. All shortcuts to. When I try to open the security center it says Application not found. Can you help me?? Please
colinperman 0 Newbie Poster
Please help. I am unable to run any of these programs listed under your repair advice. I already had Malwarebytes and Superantispyware and Avira on my computer. Every time I open IE from the desktop. I always get the same message. A window opens labeled "Open with" then says " Choose the program you want to use to open this file. Recommended programs lists Internet Explorer, but when selected it asks if I want to run this file, then Back to the Open with box. Everything in my Starts list gives the same message. All shortcuts to. When I try to open the security center it says Application not found. Can you help me?? Please
When promted you are opening a virus/trojan,just cancel when promted.
When on ,try taking the battery off ,leave it crash, leave for a couple of second then replace the battery.
Restart your computer as normal then try to do a full scan,keep canceling there request's(Thats the virus)not windows.
I had the same virus, its a pain but just cancel there every request do not try to select any program,on top of the box it will tell you which program is trying to open. (.exe.)a virus,just blank it an cancel.
jholland1964 650 Posting Expert Team Colleague Featured Poster
Hi i had this problem 3 days ago,just run a full security scan with your internet security,and run full scan on windows defender,they should pick it up the second time round,mine did (norton)and removed it for me.
This is what norton found.
Updated: April 20, 2010 4:20:07 PM
Also Known As: Trojan-Spy.HTML.Smitfraud.c [Kaspersky], Phish-BankFraud.eml.a [McAfee], Trj/Citifraud.A [Panda Software], generic5 [AVG]
Type: Trojan
Infection Length: Varies
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
Disable System Restore (Windows Me/XP).
Update the virus definitions.
Run a full system scan.
You have somewhat hijacked this thread. It is not necessary to post the name of an infection found on YOUR machine, this implies it is the same infection that is on the poster's machine and it may not be the case at all.
He has all ready posted that he is Unable to run any security programs so your solution will not work. Also, bad advice telling a poster to disable System Restore. One cannot be infected via System Restore unless System Restore is used. It is better to have an infected Restore point available in case an attempted fix goes wrong rather than No restore point at all.
You also seem to be assuming the poster is running a laptop with your advice to
When on ,try taking the battery off ,leave it crash, leave for a couple of second then replace the battery.
and if you are telling somebody who is running a tower then you are having them do something which could seriously injure them by reaching into an electrically connected tower and removing the battery. Pay attention to what you are posting, better yet, do better research.
Edited by jholland1964 because: n/a
colinperman 0 Newbie Poster
Towers do not have battery's.
Err . . . Actually they do and some people will recommend messing with this tiny battery to remove persistent malware, though that may not be the best idea..... Hence Judy's concern about messing with a live box :)
Do you have any advice for this poster?
Edited by PhilliePhan because: Clarify a misstatement without adding a post to thread
colinperman 0 Newbie Poster
Did not mention disable system restore.
Did mention turning off and then on as normal.
Turning back on will give a chance of using there virus protection.
Any advice on there help topic?
Im sorry for my assumption on a laptop,it was indeed a tower but ithink they can work that out for there self.
jholland1964 650 Posting Expert Team Colleague Featured Poster
Did not mention disable system restore.
Your post clearly says
Disable System Restore (Windows Me/XP).
By telling the poster to turn off System Restore he loses restore points.
Im sorry for my assumption on a laptop,it was indeed a tower but ithink they can work that out for there self.
Poster said nothing about it being a laptop. You assumed it was a laptop. However, if YOU assumed it was a laptop then another person reading your instruction, KNOW you are speaking to somebody using a tower and so may assume that this would be all right to do this on a running tower.
Do you have any advice for this poster?
Yes, first of all don't follow colinperman's advice and wait for Crunchie's next set of instructions.
Edited by jholland1964 because: n/a
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
The program looks like it loaded. Then when I clicked run. A window opens labeled "Open with" then says " Choose the program you want to use to open this file. Recommended programs lists Internet Explorer, but when selected it asks if I want to run this file, then Back to the Open with box. Any other ideas? Please
Try following thse instructions;
Method 2: Fixing the association settings using Registry editor
Click Start, Run and type Command
Type the following commands one by one:cd\windows
regedit
If Registry Editor opens successfully, then navigate to the following key:HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command
Double-click the (Default) value in the right pane
Delete the current value data, and then type:"%1" %*
(ie., quote-percent-one-quote-space-percent-asterisk.)
Navigate to:HKEY_CLASSES_ROOT\.exe
In the right-pane, set (default) to exefile
Exit the Registry Editor.If you're unable to launch Regedit.exe even from Command Prompt, try this:
copy regedit.exe regedit.com
regedit.com
found here; http://windowsxp.mvps.org/exefile.htm
sdsurfer commented: Very helpful. This cured my problem. Thank you +1
sdsurfer 0 Newbie Poster
Thank you everyone for trying to help. Nothing has worked yet. But I will keep trying your advice. FYI it is a desktop I am having problems with. Thanks
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe
* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run then try to immediately run the following.
Now download and run exeHelper.
* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.[/LIST]
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
==
Immediately try and install/run Malwarebytes anti-malware.
Let us know how you go.
sdsurfer 0 Newbie Poster
Thank you, I followed the directions on the website you sent me http://windowsxp.mvps.org/exefile.htm and it worked. Then I ran Malwarebytes and Superantispyware and my computer looks back to normal. Thank you so much for your help. I thought it was time for a new computer.
My next question is this. I have been unable to download the new version of the adobe flash player. I have tried to download it, but get same error message each time.
"Failed to install.
For troubleshooting tips, please see http://www.adobe.com/go/tn_19166"
But this reference has not been helpful to me...
Any advice? Or is there somewhere else I should ask this question?
Thank you for all your time and effort it is greatly appreciated.
jholland1964 650 Posting Expert Team Colleague Featured Poster
You need to post all the logs from Malwarebytes and Superantispyware so crunchie can read them and determine what OTHER steps need to be done. It is very rare for this type of infection to be completely removed with just those beginning steps. It is up to crunchie to determine if something else needs to be done. He "might" say it is fully clean, but if you don't let him see the logs then you will not know and the computer could end up right back the way it was.
sdsurfer 0 Newbie Poster
exeHelper by Raktor
Build 20100414
Run at 21:00:16 on 05/04/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Removing HKCR\secfile
Resetting filetype association for .com
Removing HKCR\secfile
Resetting userinit and shell values...
Resetting policies...
--Finished--
I think this is the log.txt you are looking for. Please let me know if not and what i should do. Thank you all for your time and effort.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.Once you've gotten one of them to run then try to immediately run the following.
Now download and run exeHelper.
* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.[/LIST]Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
==
Immediately try and install/run Malwarebytes anti-malware.
Let us know how you go.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Need the logs from MalwarebytesAnti-Malware and superantispyware.
sdsurfer 0 Newbie Poster
warebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 3
5/4/2010 9:41:36 PM
mbam-log-2010-05-04 (21-41-36).txt
Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 76806
Time elapsed: 32 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
sdsurfer 0 Newbie Poster
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/02/2010 at 11:28 PM
Application Version : 4.27.1000
Core Rules Database Version : 4317
Trace Rules Database Version: 2165
Scan type : Quick Scan
Total Scan Time : 01:16:06
Memory items scanned : 428
Memory threats detected : 0
Registry items scanned : 510
Registry threats detected : 97
File items scanned : 10454
File threats detected : 39
Adware.Tracking Cookie
C:\Documents and Settings\Alyson\Cookies\alyson@doubleclick[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@interclick[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@www.googleadservices[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@cdn4.specificclick[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@imrworldwide[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@ru4[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@realmedia[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@tradedoubler[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@serving-sys[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@ad.yieldmanager[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@pointroll[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@bs.serving-sys[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@ad.wsod[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@ads.pointroll[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@specificclick[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@content.yieldmanager[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@at.atwola[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@apmebf[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@data.coremetrics[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@collective-media[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@revsci[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@adbrite[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@streamlivesex[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@a1.interclick[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@media6degrees[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@invitemedia[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@richmedia.yahoo[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@advertising[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@eyewonder[1].txt
C:\Documents and Settings\Alyson_2\Cookies\alyson_2@doubleclick[1].txt
C:\Documents and Settings\Alyson_2\Cookies\alyson_2@statcounter[1].txt
C:\Documents and Settings\Alyson_2\Cookies\alyson_2@dmtracker[1].txt
C:\Documents and Settings\Alyson_2\Cookies\alyson_2@invitemedia[2].txt
C:\Documents and Settings\Alyson_2\Cookies\alyson_2@media6degrees[1].txt
C:\Documents and Settings\Alyson_2\Cookies\alyson_2@revsci[1].txt
C:\Documents and Settings\Alyson_2\Cookies\alyson_2@ad.yieldmanager[1].txt
C:\Documents and Settings\Alyson_2\Cookies\alyson_2@content.yieldmanager[1].txt
C:\Documents and Settings\Alyson_2\Cookies\alyson_2@at.atwola[1].txt
Adware.MyWebSearch
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
Adware.MyWebSearch/FunWebProducts
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32#ThreadingModel
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ProgID
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\VersionIndependentProgID
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ProgID
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\Programmable
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\VersionIndependentProgID
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32#ThreadingModel
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32#ThreadingModel
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ProgID
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\Programmable
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\TypeLib
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\VersionIndependentProgID
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32#ThreadingModel
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ProgID
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\VersionIndependentProgID
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32#ThreadingModel
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\Programmable
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\TypeLib
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32#ThreadingModel
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus\1
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ProgID
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Programmable
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\TypeLib
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Version
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\VersionIndependentProgID
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32#ThreadingModel
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus\1
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ProgID
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Programmable
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\TypeLib
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Version
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\VersionIndependentProgID
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32#ThreadingModel
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ProgID
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\Programmable
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\TypeLib
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\VersionIndependentProgID
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\FLAGS
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
Edited by mike_2000_17 because: Fixed formatting
sdsurfer 0 Newbie Poster
Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 3
5/4/2010 10:06:52 PM
mbam-log-2010-05-04 (22-06-52).txt
Scan type: Quick Scan
Objects scanned: 29765
Time elapsed: 23 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Delete on reboot.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
jholland1964 650 Posting Expert Team Colleague Featured Poster
sdsurfer, both the MBA-M program in the SUPERAntispyware programs you are running are woefully out of date.
The MBA-M program is probably at least 2 years old. Current version is 1.46 and its latest database is 4067
The SUPERAntispyware program may very well be that old also. Your version is 4.27 and current version is 4.36.1006 with database of Core : 4891 Trace : 2703
You need to update both programs FULLY and run new, full scan with them and have each one remove whatever they find.
sdsurfer 0 Newbie Poster
I updated the Malware program and here is the new log. The Superantispyware has been locking up my computer when I try to update it. Any advice would be great. Thanks again.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
5/5/2010 8:54:39 PM
mbam-log-2010-05-05 (20-54-39).txt
Scan type: Quick scan
Objects scanned: 165040
Time elapsed: 26 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 6
Files Infected: 39
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Alyson\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\SYSTEM32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson_2\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Alyson\Local Settings\Temp\10.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson\Local Settings\Temp\D.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson\Local Settings\Temp\8.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson\Local Settings\Temp\9.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson\Local Settings\Temp\4.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson\Local Settings\Temp\B.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson\Local Settings\Temp\C.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson\Local Settings\Temp\17.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson\Local Settings\Temp\1B.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson\Local Settings\Temp\1D.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson\Local Settings\Temp\26.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson\Local Settings\Temp\6.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson\Local Settings\Temp\7.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson\Local Settings\Temp\A.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alyson_2\Local Settings\Temp\2.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\mu1050699592v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\mu1050699592v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\mu1050699592v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\mu1050699592v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\mu1050699592v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\mu1050699592v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\mu1050699592v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\mu1050699592v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\wu1050699592v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\wu1050699592v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\wu1050699592v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\wu1050699592v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\wu1050699592v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\wu1050699592v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\wu1050699592v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\wu1050699592v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\_u1050699592v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\_u1050699592v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\_u1050699592v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SysWoW32\_u1050699592v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
jholland1964 650 Posting Expert Team Colleague Featured Poster
If I were you I would just uninstall that SUPERAntispyware program. There is a possibility it was damaged by the infections.
You should now try to do the following:
First of all;
Click on Start, Settings, Control Panel
Double click on Add/Remove Programs
Find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with FunWebProducts.
* My Web Search (Smiley Central or FWP product as applicable)
* My Way Speedbar (Smiley Central or other FWP as applicable)
* My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
* My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
* Search Assistant - My Way
Now none of those may still be listed there but you need to check and see and Uninstall any of them you may find listed.
Next, open My Computer, Drive C, and double-click on the Program Files folder
Right-click and delete the folders for:
* FunWebProducts
* MyWebSearch
After that continue with the instructions below:
Run the ESET Online Scanner and attach the ScanLog with your post for assistance.
* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Reboot the computer. Download DDS by sUBs and save it to your Desktop.
• If your AV has a script blocker, please disable it
• DoubleClick on dds.scr to run the tool
* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).
• Copy&Paste the DDS.txt into your post for assistance.
• Please post Attach.txt as an attachment to your post - there is no need to Zip it. If you don’t know how to post an attachment, please Copy&Paste it along with the DDS.txt scanlog.
Also please post the ESET Scanner log which can be found at C:\Program Files\EsetOnlineScanner\log.txt.
sdsurfer 0 Newbie Poster
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/05/2010 at 11:28 PM
Application Version : 4.27.1000
Core Rules Database Version : 4895
Trace Rules Database Version: 2707
Scan type : Complete Scan
Total Scan Time : 02:17:38
Memory items scanned : 448
Memory threats detected : 0
Registry items scanned : 5569
Registry threats detected : 20
File items scanned : 25892
File threats detected : 45
Adware.Tracking Cookie
C:\Documents and Settings\Alyson\Cookies\alyson@doubleclick[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@interclick[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@tradedoubler[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@serving-sys[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@insightexpressai[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@ad.yieldmanager[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@pointroll[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@bs.serving-sys[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@d.mediaforceads[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@ad.wsod[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@ads.pointroll[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@content.yieldmanager[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@collective-media[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@revsci[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@adbrite[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@media6degrees[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@a1.interclick[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@content.yieldmanager[3].txt
C:\Documents and Settings\Alyson\Cookies\alyson@invitemedia[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@richmedia.yahoo[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@d3.zedo[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@advertising[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@lockedonmedia[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@zedo[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@uniontribune.122.2o7[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@legolas-media[1].txt
Adware.MyWebSearch/FunWebProducts
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
Trojan.Agent/Gen-RogueAV
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP362\A0236894.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237158.EXE
Trojan.Dropper/Sys-NV
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237160.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237182.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237183.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237184.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237185.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237187.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237188.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237189.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237190.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237191.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237192.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237193.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237194.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237195.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237196.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237197.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237198.DLL
Edited by mike_2000_17 because: Fixed formatting
jholland1964 650 Posting Expert Team Colleague Featured Poster
Lots of tracking cookies there. Your settings in your browser are obviously incorrect. Do the following;
Open Internet Explorer. Go to Tools, Internet Options. On the first Tab, General, click Browsing History, Settings. Make sure there is a dot in Every visit to the Page. Disk space to use, lower that. I have mine set on 15 but whatever you choose it certainly doesn't need to be a high number. Choose how many days to keep in History. I have mine set on 7 but if you want more then choose the number of days you want. Click Ok. Next go to the Privacy Tab. Click Advanced. When that opens put Check Marks in Override Default Cookie handling, Accept 1s Party Cookies, Block 3rd party cookies and Accept Session Cookies. Click ok. Close that out.
In Firefox go to Tools, Options, Privacy. Check mark IN Accept Cookies From Sites and NO check mark in Accept 3rd Party Cookies. Click ok and exit.
I will watch for your other logs.
sdsurfer 0 Newbie Poster
Done. Why can I not download Adobe Flash Player?
sdsurfer 0 Newbie Poster
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
5/6/2010 10:05:02 PM
mbam-log-2010-05-06 (22-05-02).txt
Scan type: Full scan (A:\|C:\|D:\|E:\|)
Objects scanned: 231983
Time elapsed: 2 hour(s), 10 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237172.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237173.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237174.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237175.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237176.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237177.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237178.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237179.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237180.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237181.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0237186.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
sdsurfer 0 Newbie Poster
SUPERAntiSpyware Scan Log
[url]http://www.superantispyware.com[/url]
Generated 05/06/2010 at 09:34 PM
Application Version : 4.27.1000
Core Rules Database Version : 4895
Trace Rules Database Version: 2707
Scan type : Complete Scan
Total Scan Time : 01:49:56
Memory items scanned : 449
Memory threats detected : 0
Registry items scanned : 5570
Registry threats detected : 20
File items scanned : 25166
File threats detected : 13
Adware.Tracking Cookie
C:\Documents and Settings\Alyson\Cookies\alyson@doubleclick[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@ads.shutterfly[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@superstats[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@ad.yieldmanager[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@pointroll[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@ads.pointroll[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@boardserver.superstats[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@content.yieldmanager[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@collective-media[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@revsci[2].txt
C:\Documents and Settings\Alyson\Cookies\alyson@content.yieldmanager[3].txt
C:\Documents and Settings\Alyson\Cookies\alyson@richmedia.yahoo[1].txt
C:\Documents and Settings\Alyson\Cookies\alyson@advertising[1].txt
Adware.MyWebSearch/FunWebProducts
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
Edited by mike_2000_17 because: Fixed formatting
jholland1964 650 Posting Expert Team Colleague Featured Poster
It still appears to me that you have not followed any of the instructions given except the install of the new MBA-M version. Otherwise you seem to still have the old version of SUPERAntispyware on your computer so it is out of date. You showed My Web Search files in the logs. I gave instructions for removal. I don't know that you did that. Your last SUPERAntispyware log, still out of date. also still shows tracking cookies showing me you have also not done the changes recommended for Internet Explorer.
The only comment you have made is
Done. Why can I not download Adobe Flash Player?
Exactly WHAT was done? The last thing you need to be doing is installing unnecessary programs onto an infected computer. You need to complete all requests which included updating the two programs, including the uninstall of the old SUPERAntispyware program and the install of the newest version, running DDS scanner, running ESET Online Scanner, removing MyWebSearch, the change of security settings in IE. As far as I can see only one of those steps have been completed, the update of MBA-M.
Until all steps have been completed and noted in a reply and all logs have been posted for all programs requested then this thread can go no farther.
Edited by jholland1964 because: n/a
sdsurfer 0 Newbie Poster
I had updated both programs and run again. Like you said.
Now I have uninstalled Superantispyware and downloaded again, and is running now. I made the changes to IE yesterday, like you requested.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.