Anti-virus,spyware,malware programs

Mr. Snakey

Expert Member
Joined
Apr 9, 2006
Posts
21,752
Media
0
Likes
123
Points
193
Sexuality
No Response
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7918

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/10/2011 5:23:29 PM
mbam-log-2011-10-10 (17-23-29).txt

Scan type: Quick scan
Objects scanned: 175319
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 16
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 5

Memory Processes Infected:
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 2088 -> Unloaded process successfully.

Memory Modules Infected:
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Value: MyWebSearch bar Uninstall -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\uninstall fun web products.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.


Have a couple of questions.What is a rootkit?Is this something to be concerned about?Also,do these programs eliminate rootkits?
You are running Internet Explorer . Thats why i wanted you to do a scan. Infections in the Registry are bad. Going by the log you had 18 infections. Thats bad. Even worse is a infection in the memory process . This is all from running Internet Explorer. You did a quick scan. Now do a full scan. Choose drive c only. It is very important you do this. Get scanning. This is nothing to play with. Forget about rootkits for now. Please think about another browser. I see you deleted everything. Thats good. You can update Malwarebytes about 5 times a day. Don't be afraid to scan a couple times a day for now. Its very important you make sure this is gone. If not you won't have a computer. Once it it is clean, then try Superantispyware. I am going to take a closer look at the log and get back to you. It tells the whole story. Get scanning. Malwarebytes is something everyone running Windows should have.
 
Last edited:

likemHUNG12

Sexy Member
Joined
Nov 25, 2008
Posts
906
Media
0
Likes
36
Points
103
Sexuality
100% Gay, 0% Straight
Gender
Male
I quit IE9 a few days ago when I installed Firefox is my default browser now.I will do a full scan now.BRB

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7929

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/12/2011 4:03:46 PM
mbam-log-2011-10-12 (16-03-40).txt

Scan type: Full scan (C:\|)
Objects scanned: 311668
Time elapsed: 34 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\0PS72R2M\update_ztb_ff5[1].exe (PUP.Zugo) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\0PS72R2M\update_ztb_ff5[1].exe (PUP.Zugo) -> No action taken.


Should I remove these 2 items?
 
Last edited:

Mr. Snakey

Expert Member
Joined
Apr 9, 2006
Posts
21,752
Media
0
Likes
123
Points
193
Sexuality
No Response
I quit IE9 a few days ago when I installed Firefox is my default browser now.I will do a full scan now.BRB

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7929

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/12/2011 4:03:46 PM
mbam-log-2011-10-12 (16-03-40).txt

Scan type: Full scan (C:\|)
Objects scanned: 311668
Time elapsed: 34 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\0PS72R2M\update_ztb_ff5[1].exe (PUP.Zugo) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\0PS72R2M\update_ztb_ff5[1].exe (PUP.Zugo) -> No action taken.


Should I remove these 2 items?
Yes remove them. Look in your log. It says Internet Explorer. No mention of Firefox. Check and make sure your firewall is turned on. If not.Turn it on. Thats important. Run Superantispyware next. Thats a total of 30 infections so far.
 
Last edited:

likemHUNG12

Sexy Member
Joined
Nov 25, 2008
Posts
906
Media
0
Likes
36
Points
103
Sexuality
100% Gay, 0% Straight
Gender
Male
OK did a quick,and complete scan using Superantispyware.Detected 0 in memory,registry,and files.Did remove the 2 items in the full malewarebytes scan.Firewall is on.Think I set my default browser to Firefox.Should I uninstall IE9?
 

Mr. Snakey

Expert Member
Joined
Apr 9, 2006
Posts
21,752
Media
0
Likes
123
Points
193
Sexuality
No Response
OK did a quick,and complete scan using Superantispyware.Detected 0 in memory,registry,and files.Did remove the 2 items in the full malewarebytes scan.Firewall is on.Think I set my default browser to Firefox.Should I uninstall IE9?
Yes uninstall it. How is your computer running? Now is the time to take note of your surfing habits. Think before you click on a ad or a link. Never click on a email if you don't know the sender. That includes advertisements. Remember the term Safe Surfing. LPSG is a safe site. If it were not, i would not be here. The only computer that is a 100% safe is one that is unplugged and locked away in a bank vault somewhere. Thats includes Macs and people running Linux. Now you have Malwarebytes use it once or twice a week. Same with Superantispyware. Good luck to you. If you need more help get in touch with me. I am more than happy to help you.:smile:
 
Last edited:

ThickPup

Legendary Member
Verified
Gold
Joined
May 22, 2007
Posts
1,440
Media
34
Likes
2,409
Points
443
Location
Monmouth (New Jersey, United States)
Verification
View
Sexuality
100% Gay, 0% Straight
Gender
Male

Mr. Snakey

Expert Member
Joined
Apr 9, 2006
Posts
21,752
Media
0
Likes
123
Points
193
Sexuality
No Response
Great suggestions.

And YES, with that many programs going, I can bet that they are working against each other.

Love Malwarebytes!
Without getting into the specifications of the log, and the locations of the 30 infections i can tell you this was a very bad situation. If he had not removed them from his computer, his computer would have been unusable. Its a good thing he caught and removed everything. I am so glad i was able to help him.
 
Last edited: