Libra

Hi noknojon, Thank you for your reply. Avast still isn't working and I haven't tried to remove it yet. I'll let you know how I make out. It seems that a lua accessed something, because I found an avast report for the web shield which showed two infections. It's set to "abort connection" so I don't understand this. Sincerely, Libra

This is the log: Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\HomePage (Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\User\Local Settings\Temp\fatemp-icon.exe (Trojan.Dropper) -> Quarantined and deleted successful ~~~~~~~~~~~ I wonder if the Registry fix regarding the Home Page Hijack could have anything to do with SpywareGuard? Thank you for helping me get a new malwarebytes that updated and ran. Sincerely, Libra

Hi Advanced Setup, I reinstalled Malwarebytes and it updated to database 4337! I ran a Quick Scan and it found three items: Broken.Open (Registry Data), Trojan.Dropper (file) and Hijack.HomeP (Registry data I think). I had it remove them and it required a reboot. When I rebooted I got an error message from Script Sentry: Error 70, Permission Denied in INI.Access.Write_INI. Is this a problem? Previously I tried to repair Avast and it didn't fix it. I guess I should remove and reinstall Avast. I would appreciate your advice on this and the Script Sentry error message. Am I suppose to be posting at that other link? I just noticed that the first item (Broken.Open) seems to relate to Script Sentry. I'll will post the contents of the log. Thank you. Sincerely, Libra

Thank you for your reply. So far, I disabled ZoneAlarm and tried to update. I still got the 732 (0, 0) error, so I enabled ZA again. I then used add/remove and removed malwarebytes. I then used the mbam_cleanup and rebooted the computer. I have to go out now, so I didn't try to install the latest version yet. I don't know if I mentioned it, but I used the eset online scanner (didn't scan for archives) and it only found Unlocker 1.8.7 which it called a varient of Win32/Adware.ADON application. I think that was a f/p but I had it delete it. (The Avast forum is recommending I remove ZA. Avast still isn't running. I guess I should continue with Malwarebytes and then attempt to reinstall Avast. I'm quite confused. I will try to install malwarebytes when I get back. Thank you. Sincerely, Libra

I am trying to run malwarebytes but I get error 732 (0, 0) when I attempt to update it. How can I update it? I was able to update and run Superantispyware which showed tracking cookies only. The reason I want to run a scan is because I noticed Avast says system is unsecure and the service is turned off. I tried to run a boot scan and full scan with avast but it couldn't. I went to services.msc and started avast and Windows said it started and stopped. This morning Seamonkey wouldn't open, or task manager - then I lost all icons on the desktop and used the tower button to shut down the computer. When it was turned on later, everything seemed okay until I noticed Avast not running this evening. This is an XPHomesp3 computer, fully updated with ZoneAlarm, Defensewall HIPS, script sentry, spywareblaster, MSVP Hosts file and spywareguard. I made an image of the computer last month and allowed COMSurrogate to access the internet - this occurred during the image so I thought it had to do with the program. The registry does NOT have the run registry entries for that malware. I would appreciate any help. Sincerely, Libra

Hi Redwolfe_98, Thank you for your reply. I agree with the security center disable and script sentry, since I have it on the XP computer, but the only thing I can think of about the IE homepage alert is that I have SpywareGuard on the XP, which alerts me to any change. I don't use Spybot anymore, but I never had it lock the homepage and I just checked SpywareBlaster and it's not locking the home page either. I will add them to the ignore list. Sincerely, Libra

Hi TeMerc, Thank you very much for explaining what these results mean and that I can set them to ignore. I will do that the next time I run the program. Sincerely, Libra

Hi, I ran Malwarebytes for the first time this evening and it reported three infected registry datas. I'm pretty sure that the second item, disable notify, refers to automatic updates and the windows firewall, which I have turned off. The first item mentions script sentry which I have installed on my computer and the third item mentions a browser hijack (I think). My homepage is what I have it set for. Could these be false positives? Here is my log file: Malwarebytes' Anti-Malware 1.41 Database version: 2977 Windows 5.1.2600 Service Pack 3 10/18/2009 1:49:14 AM mbam-log-2009-10-18 (01-47-20).txt Scan type: Quick Scan Objects scanned: 116287 Time elapsed: 1 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*) Good: (regedit.exe "%1") -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I'm sorry that I not run the mbam as instructed, but I ran it twice (because the log file didn't go into the program, but I copied the location and searched for it the second time) Shouldn't it go into the program under the log tab? In any event, after the second run I was not able to log out of my admin account or shut down the computer. Task Manager wouldn't come up either, but I eventually was able to log off. In view of this I was reluctant to run it again. Thank you for any help and guidance. Sincerely, Libra