Jump to content

Recommended Posts

Hello;

Thank you so much for having this site and offering your time to help computer illiterate people like me. I got the 'popups' on my computer for 'anti-malware doctor' -- I figured right off it was some kind of 'crap'. Quick research led me here, after a few false starts. I am following these instructions...

http://forums.malwarebytes.org/index.php?showtopic=69723

...and have hit a snag:

I already had malwarebytes installed on my computer from doing prior maintenance-- I have run a full scan and a quick scan--- tho not in that order:

1. full scan with malwarebytes first

2. full scan with mcafee

3. quick scan with malwarebytes

The full scan of Malwarebytes removed a number of items-- do you need this information from the log?:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4359

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/2/2011 8:23:25 AM

mbam-log-2011-04-02 (08-23-25).txt

Scan type: Full scan (C:\|D:\|F:\|)

Objects scanned: 485468

Time elapsed: 7 hour(s), 36 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 9

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\SmileyCentralPFSetup2.3.70.1.SA.HP.ZNfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

F:\Seagate Sync\VOL\My Documents\Downloads\SmileyCentralPFSetup2.3.70.1.SA.HP.ZNfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

The Mcafee scan removed 3 items. Sorry, I don't know beans about computers.. am battling serious nervousness about this, and I don't know how to find a log for what was removed by Mcafee.

The 'quick scan' with malwarebytes I did after that with malwarebytes found nothing:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4359

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/2/2011 3:28:46 PM

mbam-log-2011-04-02 (15-28-46).txt

Scan type: Quick scan

Objects scanned: 155153

Time elapsed: 23 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

AFTER running the quick scan & finding nothing--- I am still concerned that I am infected... Prior to restarting my computer I was still getting a redirect from Google.. not often, not with every search... just 'here & there' being sent to ad-sites when I tried to pull up McAfee from Google.. ALSO, there are a number of items missing from my system tray that are usually there... and I get a lot of error messages regarding 'exporer.exe' not properly starting, when i restart my computer.

Once it has STARTED it works fine, except with the missing system tray items.

So, I started following your directions on the link above. The 'snag' I have hit is here--

DeFogger - Disable

* Please download the following tool DeFogger to your desktop.

* Double click DeFogger to run the tool.

* The application window will appear

* Click the Disable button to disable your CD Emulation drivers.

* Click Yes to continue

* A 'Finished!' message will appear

* Click OK

* DeFogger will now ask to reboot the machine - click OK

I clicked 'yes' to continue, it didn't ask me to reboot. Not sure if I should continue with the next step, if I cannot run this and the . Here's the log it generated:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 18:47 on 02/04/2011 (HP_Administrator)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

The current 'box' for Defogger tells me, if I'm getting help, to wait until I hear from you before I 're-enable' so I am kinda circling the airport just now. Any advice you can give would be GREAT!!! (that is begging!)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.