1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack this thread. Att.MFDnNC

Discussion in 'Virus & Other Malware Removal' started by LadyPenelope, Jun 16, 2007.

Thread Status:
Not open for further replies.
  1. LadyPenelope

    LadyPenelope Thread Starter

    Joined:
    Jul 4, 2006
    Messages:
    27
    Sorry about the previous thread. :(
    The problems I am experiencing is an inability to play a movie file, downloaded from TVNZ, with windows mediaplayer.
    A security message keeps popping up saying I need a security update, but I have all the updates.
    I went to IE7 and windows mwdiaplayer11, but still no luck.
    Matters were made worse because of those two moves........ my computer almost slowed to a standstill and I couldnt even play music on mediaplatey from 'my music' files. :confused:

    I've gone back to IE6 and mediaplayer10 and things have speeded up back to normal.

    I have run the superantisptware and here is the log.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/17/2007 at 11:56 AM

    Application Version : 3.8.1002

    Core Rules Database Version : 3242
    Trace Rules Database Version: 1253

    Scan type : Quick Scan
    Total Scan Time : 00:23:58

    Memory items scanned : 492
    Memory threats detected : 1
    Registry items scanned : 915
    Registry threats detected : 41
    File items scanned : 14298
    File threats detected : 38

    Adware.MyWebSearch
    C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
    C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
    [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
    [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
    HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
    HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
    HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
    HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
    HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
    C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\4.BIN\MWSSRCAS.DLL
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
    HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
    HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
    HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32
    HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32#ThreadingModel
    HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\Programmable
    HKU\S-1-5-21-125703898-224621903-1653462319-1005\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
    HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
    HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
    HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
    HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
    HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\Programmable
    HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\TypeLib
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\TypeLib
    C:\PROGRAM FILES\MYWEBSEARCH\BAR\4.BIN\MWSOEMON.EXE
    C:\DOCUMENTS AND SETTINGS\PENE QUIN\START MENU\PROGRAMS\STARTUP\MYWEBSEARCH EMAIL PLUGIN.LNK
    C:\WINDOWS\Prefetch\MWSOEMON.EXE-10AD6785.pf

    Adware.HotBar (Low Risk)
    HKU\S-1-5-21-125703898-224621903-1653462319-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}
    HKCR\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}
    HKCR\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}
    HKCR\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}#AppID
    HKCR\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\Implemented Categories
    HKCR\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
    HKCR\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\InprocServer32
    HKCR\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\InprocServer32#ThreadingModel
    HKCR\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\Instance
    HKCR\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\Instance#CLSID
    HKCR\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\Instance\InitPropertyBag
    HKCR\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\Instance\InitPropertyBag#Url
    HKCR\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\ProgID
    HKCR\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\TypeLib
    HKCR\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\VersionIndependentProgID
    C:\PROGRAM FILES\HOTBAR\BIN\4.3.9.0\HBHOSTIE.DLL

    Adware.Tracking Cookie
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pene Quin\Cookies\pene [email protected][1].txt
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pene Quin\Cookies\pene [email protected][2].txt
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Pene Quin\Cookies\pene [email protected][1].txt
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pene Quin\Cookies\pene [email protected][1].txt
    C:\Documents and Settings\Pene Quin\Cookies\pene [email protected][2].txt
    C:\Documents and Settings\Pene Quin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pene Quin\Local Settings\Temp\Cookies\pene [email protected][1].txt
    C:\Documents and Settings\Pene Quin\Local Settings\Temp\Cookies\pene [email protected][1].txt
    C:\Documents and Settings\Pene Quin\Local Settings\Temp\Cookies\pene [email protected][1].txt
    C:\Documents and Settings\Pene Quin\Local Settings\Temp\Cookies\pene [email protected][1].txt
    C:\Documents and Settings\Pene Quin\Local Settings\Temp\Cookies\pene [email protected][1].txt
    C:\Documents and Settings\Pene Quin\Local Settings\Temp\Cookies\pene [email protected][2].txt
    C:\Documents and Settings\Pene Quin\Local Settings\Temp\Cookies\pene [email protected][1].txt
    C:\Documents and Settings\Ric Quin\Cookies\ric [email protected][1].txt
    C:\Documents and Settings\Ric Quin\Cookies\ric [email protected][1].txt
    C:\Documents and Settings\Ric Quin\Cookies\ric [email protected][2].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  3. LadyPenelope

    LadyPenelope Thread Starter

    Joined:
    Jul 4, 2006
    Messages:
    27
    Please read your last post in that thread...........

    I am only doing as you asked!!!!

    ยท Please paste that information here for me with a new HijackThis log.

    I took that to mean a new thread.:confused: :confused: :confused:
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/584951

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice