Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

pop-up or whatever

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: pop-up or whatever

Unread postby dan12 » May 14th, 2008, 12:23 pm

I need to see the other reports I asked for!
Thanks :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Re: pop-up or whatever

Unread postby bushed51 » May 14th, 2008, 11:14 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:45 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {37CEA8AE-2C1F-4F88-8362-0BFFBA53D2FD} - (no file)
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll
O2 - BHO: (no name) - {71314E7C-1713-49FA-90F2-54D275023981} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [PCPitstop Registration Reminder] C:\Program Files\PCPitstop\Exterminate\Reminder.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Search - ?p=ZCfox000(2)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BAD4021-0343-487D-9AE0-8CFC7DCF790A}: NameServer = 204.50.96.7,204.50.96.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{422962E2-833F-4383-AB96-E305271E4F6F}: NameServer = 204.50.96.7,204.50.96.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BAD4021-0343-487D-9AE0-8CFC7DCF790A}: NameServer = 204.50.96.7,204.50.96.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{3BAD4021-0343-487D-9AE0-8CFC7DCF790A}: NameServer = 204.50.96.7,204.50.96.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

--
End of file - 7716 bytes
bushed51
Regular Member
 
Posts: 24
Joined: May 7th, 2008, 10:38 pm

Re: pop-up or whatever

Unread postby bushed51 » May 15th, 2008, 12:03 am

Dan I've started over.
I may ha found my down load Problem.
bushed51
Regular Member
 
Posts: 24
Joined: May 7th, 2008, 10:38 pm

Re: pop-up or whatever

Unread postby dan12 » May 15th, 2008, 2:59 am

Dan I've started over.
not quite sure what your telling me?

I need to see the eset and malwarebytes scans.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: pop-up or whatever

Unread postby bushed51 » May 15th, 2008, 7:57 am

SmitFraudFix v2.320

Scan done at 4:41:59.46, Thu 05/15/2008
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kel


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Kel\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 204.50.96.7
DNS Server Search Order: 204.50.96.8

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3BAD4021-0343-487D-9AE0-8CFC7DCF790A}: NameServer=204.50.96.7,204.50.96.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{422962E2-833F-4383-AB96-E305271E4F6F}: NameServer=204.50.96.7,204.50.96.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3BAD4021-0343-487D-9AE0-8CFC7DCF790A}: NameServer=204.50.96.7,204.50.96.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{422962E2-833F-4383-AB96-E305271E4F6F}: NameServer=204.50.96.7,204.50.96.8
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3BAD4021-0343-487D-9AE0-8CFC7DCF790A}: NameServer=204.50.96.7,204.50.96.8
HKLM\SYSTEM\CS2\Services\Tcpip\..\{422962E2-833F-4383-AB96-E305271E4F6F}: NameServer=204.50.96.7,204.50.96.8


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
bushed51
Regular Member
 
Posts: 24
Joined: May 7th, 2008, 10:38 pm

Re: pop-up or whatever

Unread postby dan12 » May 15th, 2008, 8:06 am

Why have you posted smitfraud post to me,I didn't ask for it!
This is what I asked for:
I need to see the eset and malwarebytes scans.


If you continue with smitfraud on a non infected system you will loose your desktop.
Please carry out instruction I give you, otherwise we are going to have problems.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: pop-up or whatever

Unread postby bushed51 » May 15th, 2008, 9:17 am

SmitFraudFix v2.320

Scan done at 6:03:42.60, Thu 05/15/2008
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3BAD4021-0343-487D-9AE0-8CFC7DCF790A}: NameServer=204.50.96.7,204.50.96.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{422962E2-833F-4383-AB96-E305271E4F6F}: NameServer=204.50.96.7,204.50.96.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3BAD4021-0343-487D-9AE0-8CFC7DCF790A}: NameServer=204.50.96.7,204.50.96.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{422962E2-833F-4383-AB96-E305271E4F6F}: NameServer=204.50.96.7,204.50.96.8
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3BAD4021-0343-487D-9AE0-8CFC7DCF790A}: NameServer=204.50.96.7,204.50.96.8
HKLM\SYSTEM\CS2\Services\Tcpip\..\{422962E2-833F-4383-AB96-E305271E4F6F}: NameServer=204.50.96.7,204.50.96.8


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
bushed51
Regular Member
 
Posts: 24
Joined: May 7th, 2008, 10:38 pm

Re: pop-up or whatever

Unread postby dan12 » May 15th, 2008, 9:28 am

I'm sorry but you are still sending me the smitfraud post, what are you struggling understanding?
we have covered that part of the infection where I needed the smitfraud reports, I don't need to see them any more.

I need to see the eset and malwarebytes scans


eset is an online scanner and malwarebytes I had you download earlier, I just want the results.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: pop-up or whatever

Unread postby bushed51 » May 15th, 2008, 4:23 pm

Malwarebytes' Anti-Malware 1.12
Database version: 752

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 150683
Time elapsed: 48 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 57

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\sysvideo32.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{71314e7c-1713-49fa-90f2-54d275023981} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71314e7c-1713-49fa-90f2-54d275023981} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kel\My Documents\DownUpdater.exe (Adware.CWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kel\My Documents\NowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.
C:\Old\Old System\System Volume Information\_restore{22460E2F-C87F-47B6-9D17-30459BB719FD}\RP8\A0009892.vxd (Adware.Winad) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001497.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001498.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001499.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001500.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001501.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001502.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001503.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001504.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001505.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001506.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001507.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001508.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001509.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001510.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001511.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001512.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001513.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001514.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001515.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001516.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001517.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001519.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001520.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001521.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001522.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001524.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001525.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001526.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001527.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001528.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001529.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001530.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP17\A0004606.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP17\A0004607.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP17\A0004608.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP17\A0004609.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP18\A0004695.dll (Adware.Shoper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP22\A0006075.exe (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP22\A0006099.exe (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000069.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000070.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000071.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000072.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000073.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000074.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000075.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000077.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000079.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000080.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000081.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000082.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000084.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000085.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000092.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
bushed51
Regular Member
 
Posts: 24
Joined: May 7th, 2008, 10:38 pm

Re: pop-up or whatever

Unread postby dan12 » May 15th, 2008, 4:31 pm

Thats fine, did you copy all the malwarebytes log as it seems as though its been cut off ?
Just need the eset scan now then.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: pop-up or whatever

Unread postby bushed51 » May 15th, 2008, 4:37 pm

For Esnt it is for MSN , fIREFOX they won't allow
bushed51
Regular Member
 
Posts: 24
Joined: May 7th, 2008, 10:38 pm

Re: pop-up or whatever

Unread postby dan12 » May 15th, 2008, 4:55 pm

Refer to this post here
Please use Internet Explorer as it uses ActiveX.



For Esnt it is for MSN , fIREFOX they won't allow


Do you mean do I use internet explorer or firefox, your correct that firefox doesn't support active x, so we need to use Internet explorer.
hope that helps :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: pop-up or whatever

Unread postby bushed51 » May 15th, 2008, 5:19 pm

yes it won't support Firefox
bushed51
Regular Member
 
Posts: 24
Joined: May 7th, 2008, 10:38 pm

Re: pop-up or whatever

Unread postby dan12 » May 15th, 2008, 5:28 pm

Do the scan using Internet explorer and let me have the results.
Thanks
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: pop-up or whatever

Unread postby bushed51 » May 16th, 2008, 12:49 am

Dan
I down loaded (Eset N032 antivirus) & did a scan
873 obj. scanned
0 infected
0 cleaned
there is no data sheet on it.
On Eset There was a Malwarebytes' Anti-Malware scan
It has 70 obj. in quarantine.
no fil data on obj.
bushed51
Regular Member
 
Posts: 24
Joined: May 7th, 2008, 10:38 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 282 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware