URGENT!! Possibly badly infected PC

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

chrisdood

Thread Starter
Joined
May 12, 2012
Messages
3
Here is my Malwarebytes Log.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.31.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: RENICK [administrator]

Protection: Enabled

12/31/2012 1:35:44 PM
MBAM-log-2012-12-31 (15-39-49).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 295039
Time elapsed: 1 hour(s), 44 minute(s), 6 second(s)

Memory Processes Detected: 1
C:\WINDOWS\system32\dmwu.exe (PUP.InstallBrain) -> 1832 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 19
HKCR\CLSID\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440244184402} (PUP.215Apps) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550255185502} (PUP.215Apps) -> No action taken.
HKCR\CrossriderApp0021802.BHO.1 (PUP.215Apps) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick Plugin (PUP.215Apps) -> No action taken.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> No action taken.

Registry Values Detected: 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶»
äG\Ê -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolba...YUS&si=&a=oiStShJFW5gZj2udnJXzOA&n=2011032918 -> No action taken.
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 6090eeb2a3a4f4e56db467a8e6061ff4 -> No action taken.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 5
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (PUP.MyWebSearch) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] (PUP.PlaySushi) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome (PUP.PlaySushi) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components (PUP.PlaySushi) -> No action taken.

Files Detected: 14
C:\Program Files\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll (PUP.215Apps) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SBOCPBR5\Shopping-Sidekick[1] (PUP.215Apps) -> No action taken.
C:\Documents and Settings\Owner\My Documents\Downloads\IWantThis.exe (Adware.GamePlayLabs) -> No action taken.
C:\Program Files\Shopping Sidekick Plugin\Shopping Sidekick Plugin-bg.exe (PUP.215Apps) -> No action taken.
C:\Program Files\Shopping Sidekick Plugin\Shopping Sidekick Plugin.exe (PUP.215Apps) -> No action taken.
C:\Program Files\Shopping Sidekick Plugin\Shopping Sidekick PluginGui.exe (PUP.215Apps) -> No action taken.
C:\Program Files\Shopping Sidekick Plugin\Uninstall.exe (PUP.215Apps) -> No action taken.
C:\WINDOWS\system32\dmwu.exe (PUP.InstallBrain) -> No action taken.
C:\Program Files\FunWebProducts\Shared\00F4F0B6.dat (PUP.MyWebSearch) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome.manifest (PUP.PlaySushi) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\install.rdf (PUP.PlaySushi) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome\pstextlinks.jar (PUP.PlaySushi) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\PlaySushiFF.dll (PUP.PlaySushi) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\PlaySushiFF.xpt (PUP.PlaySushi) -> No action taken.

(end)


What should I do?
 
Joined
Mar 10, 2012
Messages
542
Select all and click remove. After all you ran MB to find threats to your computer.
 
Joined
May 7, 2011
Messages
14,142
Happy New Year.

Once you have followed the advice given please post the new log that shows the deletions.

I would then advise you to run the following scans and post those logs also.

All the detections shown by Malwarebytes are adware related which can hijack your start page and search engines, but will cause no harm to the PC. ADWCleaner is dedicated to cleaning out these kinds of infections and will reset the browsers search and start pages back to default. RogueKiller will check for anything more serious.

Please run these two scans and post the logs:

SCAN 1
Click on this link to download : ADWCleaner and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and click on this icon on your desktop:


You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.





SCAN 2
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page click on this:


  • Quit all running programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished.
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
  • NOTE: DO NOT attempt to remove anything that the scan detects.

 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top