Jump to content

Recommended Posts

Greetings and thanks in advance for your assistance.

Mcafee caught 2 viruses, but I was certain more were present. After running the free version of MWB, it found approx. 53 more infected files. My log file is below.

Now, when logged into my user account, no programs will start. When I attempt to run them from either the desktop or the program files group, windows ask me to choose a program. I have not tried system restore yet. Please help me. I'm not interested in re-loading my OS tonight. Thankfully, I have recently backed up all of my data.

Thanks in advance.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6585

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

5/15/2011 2:42:55 PM

mbam-log-2011-05-15 (14-42-55).txt

Scan type: Full scan (C:\|)

Objects scanned: 396536

Time elapsed: 1 hour(s), 19 minute(s), 48 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 29

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 7

Files Infected: 16

Memory Processes Infected:

c:\program files\search guard plus\searchguardplus.exe (PUP.Fbsearch) -> 3728 -> Not selected for removal.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:

c:\program files\search guard plus\searchguardplus.exe (PUP.Fbsearch) -> Not selected for removal.

c:\programdata\lltsvynvhbvpa.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.

c:\Users\Dad\AppData\Local\aox.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\Dad\AppData\Local\fcc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\Dad\AppData\Local\mfwmlerl.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Users\Dad\AppData\Local\wre.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\Dad\AppData\Local\Temp\93DD.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

c:\Users\Dad\AppData\Local\Temp\setup128797696.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

c:\Users\Dad\AppData\Local\Temp\setup287784960.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

c:\Users\Dad\AppData\Local\Temp\setup3856201728.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

c:\Users\Dad\AppData\Local\Temp\setup3903583232.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

c:\Users\Dad\AppData\Roaming\Adobe\plugs\mmc113.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\Dad\AppData\Roaming\Adobe\plugs\mmc327042789.txt (Rogue.Installer.Gen) -> Quarantined and deleted successfully.

c:\Users\Dad\AppData\Local\Temp\0.5901122935113406.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\Dad\AppData\Local\Temp\0.9947313513450042.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please download exeHelper from one of these two places:

http://www.raktor.net/exeHelper/exeHelper.com

http://www.raktor.net/exeHelper/exeHelper.scr

Save it to your Desktop and run it. When it finishes, restart your computer and see if you can run .exe files now.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.