1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

URGENT!! Possibly badly infected PC

Discussion in 'Virus & Other Malware Removal' started by chrisdood, Dec 31, 2012.

Thread Status:
Not open for further replies.
  1. chrisdood

    chrisdood Thread Starter

    Joined:
    May 12, 2012
    Messages:
    3
    Here is my Malwarebytes Log.

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2012.12.31.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: RENICK [administrator]

    Protection: Enabled

    12/31/2012 1:35:44 PM
    MBAM-log-2012-12-31 (15-39-49).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 295039
    Time elapsed: 1 hour(s), 44 minute(s), 6 second(s)

    Memory Processes Detected: 1
    C:\WINDOWS\system32\dmwu.exe (PUP.InstallBrain) -> 1832 -> No action taken.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 19
    HKCR\CLSID\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> No action taken.
    HKCR\TypeLib\{44444444-4444-4444-4444-440244184402} (PUP.215Apps) -> No action taken.
    HKCR\Interface\{55555555-5555-5555-5555-550255185502} (PUP.215Apps) -> No action taken.
    HKCR\CrossriderApp0021802.BHO.1 (PUP.215Apps) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick Plugin (PUP.215Apps) -> No action taken.
    HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> No action taken.
    HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> No action taken.

    Registry Values Detected: 6
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶»
    äG\Ê -> No action taken.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> No action taken.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> No action taken.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolba...YUS&si=&a=oiStShJFW5gZj2udnJXzOA&n=2011032918 -> No action taken.
    HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 6090eeb2a3a4f4e56db467a8e6061ff4 -> No action taken.

    Registry Data Items Detected: 2
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Folders Detected: 5
    C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Shared (PUP.MyWebSearch) -> No action taken.
    C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] (PUP.PlaySushi) -> No action taken.
    C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome (PUP.PlaySushi) -> No action taken.
    C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components (PUP.PlaySushi) -> No action taken.

    Files Detected: 14
    C:\Program Files\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll (PUP.215Apps) -> No action taken.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SBOCPBR5\Shopping-Sidekick[1] (PUP.215Apps) -> No action taken.
    C:\Documents and Settings\Owner\My Documents\Downloads\IWantThis.exe (Adware.GamePlayLabs) -> No action taken.
    C:\Program Files\Shopping Sidekick Plugin\Shopping Sidekick Plugin-bg.exe (PUP.215Apps) -> No action taken.
    C:\Program Files\Shopping Sidekick Plugin\Shopping Sidekick Plugin.exe (PUP.215Apps) -> No action taken.
    C:\Program Files\Shopping Sidekick Plugin\Shopping Sidekick PluginGui.exe (PUP.215Apps) -> No action taken.
    C:\Program Files\Shopping Sidekick Plugin\Uninstall.exe (PUP.215Apps) -> No action taken.
    C:\WINDOWS\system32\dmwu.exe (PUP.InstallBrain) -> No action taken.
    C:\Program Files\FunWebProducts\Shared\00F4F0B6.dat (PUP.MyWebSearch) -> No action taken.
    C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome.manifest (PUP.PlaySushi) -> No action taken.
    C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\install.rdf (PUP.PlaySushi) -> No action taken.
    C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome\pstextlinks.jar (PUP.PlaySushi) -> No action taken.
    C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\PlaySushiFF.dll (PUP.PlaySushi) -> No action taken.
    C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\PlaySushiFF.xpt (PUP.PlaySushi) -> No action taken.

    (end)


    What should I do?
     
  2. 87654321

    87654321

    Joined:
    Mar 10, 2012
    Messages:
    542
    Select all and click remove. After all you ran MB to find threats to your computer.
     
  3. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Happy New Year.

    Once you have followed the advice given please post the new log that shows the deletions.

    I would then advise you to run the following scans and post those logs also.

    All the detections shown by Malwarebytes are adware related which can hijack your start page and search engines, but will cause no harm to the PC. ADWCleaner is dedicated to cleaning out these kinds of infections and will reset the browsers search and start pages back to default. RogueKiller will check for anything more serious.

    Please run these two scans and post the logs:

    SCAN 1
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 2
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page click on this: [​IMG]

    • Quit all running programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - URGENT Possibly badly
  1. aboodian
    Replies:
    0
    Views:
    400
  2. Skullz7
    Replies:
    0
    Views:
    268
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1083181

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice