|
Answer» Hi,
I was recently watching a show on Fox.com and an antispyware program popped up on my screen and started scanning my computer, so I immediately stopped the scan and DELETED the program. Or so I thought. Now, every time I log on to my account (the only account on the computer) I KEEP getting these little black windows that pop up and tell me that there has been some sort of error.
I first went to the post that said to do this stuff before I POSTED and I did and this is the report for the SUPERAntiSpyware scan:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/29/2009 at 05:59 PM
Application Version : 4.25.1012
Core Rules Database Version : 3743
Trace Rules Database Version: 1711
Scan type : Complete Scan
Total Scan Time : 01:04:33
Memory items scanned : 556
Memory threats detected : 4
Registry items scanned : 6361
Registry threats detected : 211
File items scanned : 79273
File threats detected : 32
Trojan.Smitfraud Variant-Gen/Bensorty
C:\WINDOWS\SYSTEM32\GSDRGFDRRGND.DLL
C:\WINDOWS\SYSTEM32\GSDRGFDRRGND.DLL
HKLM\Software\Classes\CLSID\{D5BF4552-94F1-42BD-F434-3604812C807D}
HKCR\CLSID\{D5BF4552-94F1-42BD-F434-3604812C807D}
HKCR\CLSID\{D5BF4552-94F1-42BD-F434-3604812C807D}
HKCR\CLSID\{D5BF4552-94F1-42BD-F434-3604812C807D}#ThreadingModel
HKCR\CLSID\{D5BF4552-94F1-42BD-F434-3604812C807D}\InProcServer32
HKCR\CLSID\{D5BF4552-94F1-42BD-F434-3604812C807D}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf4552-94f1-42bd-f434-3604812c807d}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{D5BF4552-94F1-42BD-F434-3604812C807D}
HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5BF4552-94F1-42BD-F434-3604812C807D}
Trojan.Dropper/Gen-NV
C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\WINLOGNN.EXE
C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\WINLOGNN.EXE
[lrijh8s73jhbfgfd] C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\WINLOGNN.EXE
[lrijh8s73jhbfgfd] C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\WINLOGNN.EXE
C:\DOCUMENTS AND SETTINGS\PHIXIUS\LOCAL SETTINGS\TEMP\WINLOGNN.EXE
C:\WINDOWS\Prefetch\WINLOGNN.EXE-1008CFA5.pf
Trojan.Downloader-Gen/A
C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\A.EXE
C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\A.EXE
C:\WINDOWS\Prefetch\A.EXE-2C1E3FDA.pf
Trojan.Csrssc/Systemc-B
C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\CSRSSC.EXE
C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\CSRSSC.EXE
[tezrtsjhfr84iusjfo84f] C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\CSRSSC.EXE
C:\DOCUMENTS AND SETTINGS\PHIXIUS\LOCAL SETTINGS\TEMP\CSRSSC.EXE
C:\WINDOWS\Prefetch\CSRSSC.EXE-326D7AD2.pf
Trojan.FakeAlert-GenA
[MSFox] C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\A.EXE
C:\DOCUMENTS AND SETTINGS\PHIXIUS\LOCAL SETTINGS\TEMP\A.EXE
Malware.Safety Bar
HKLM\Software\Classes\CLSID\{052b12f7-86fa-4921-8482-26c42316b522}
HKCR\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}
HKCR\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}
HKCR\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}\Implemented Categories
HKCR\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}\InprocServer32
HKCR\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\SAFETY BAR\SAFETYBAR.DLL
HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522}
HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{052B12F7-86FA-4921-8482-26C42316B522}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyBar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyBar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyBar#UninstallString
Trojan.Unclassified/MSXML71
HKLM\Software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}
HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}
HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}
HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}#Install
HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}\InprocServer32
HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}\InprocServer32#ThreadingModel
HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}\ProgID
HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}\Programmable
HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}\TypeLib
HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}\VersionIndependentProgID
HKCR\XML.XML.1
HKCR\XML.XML.1\CLSID
HKCR\XML.XML
HKCR\XML.XML\CLSID
HKCR\XML.XML\CurVer
HKCR\TypeLib\{48DE7E85-178E-CA61-5325-23647F3D90CC}
HKCR\TypeLib\{48DE7E85-178E-CA61-5325-23647F3D90CC}\.0
C:\WINDOWS\SYSTEM32\MSXML71.DLL
HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d}
Adware.MyWebSearch
HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Browser Hijacker.BestSafetyGuide
HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA}
Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
HKLM\SOFTWARE\Microsoft\MSSMGR#LID
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#OCCUR
C:\WINDOWS\SYSTEM32\OT.ICO
C:\WINDOWS\SYSTEM32\TS.ICO
Adware.MyWebSearch/FunWebProducts
HKU\s-1-5-21-2831675395-3779781758-680594672-1007\SOFTWARE\Fun Web Products
HKLM\SOFTWARE\Fun Web Products
HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
HKLM\SOFTWARE\Fun Web Products#CacheDir
HKLM\SOFTWARE\Fun Web Products\ScreenSaver
HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
HKLM\SOFTWARE\Fun Web Products\ScreenSaver#PM
HKLM\SOFTWARE\Fun Web Products\Settings
HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn
HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn
HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\Promos
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#iexplore.exe.pos
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#firefox.exe.pos
HKU\s-1-5-21-2831675395-3779781758-680594672-1007\SOFTWARE\FunWebProducts
HKLM\SOFTWARE\FunWebProducts
HKLM\SOFTWARE\FunWebProducts\Installer
HKLM\SOFTWARE\FunWebProducts\Installer#Dir
HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall
HKLM\SOFTWARE\FunWebProducts\Installer#sr
HKLM\SOFTWARE\FunWebProducts\Installer#pl
HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection
HKLM\SOFTWARE\FunWebProducts\Installer#CacheDir
HKLM\SOFTWARE\FunWebProducts\Installer\downloaded
HKU\s-1-5-21-2831675395-3779781758-680594672-1007\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch\bar
HKLM\SOFTWARE\MyWebSearch\bar#pid
HKLM\SOFTWARE\MyWebSearch\bar#Dir
HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
HKLM\SOFTWARE\MyWebSearch\bar#sr
HKLM\SOFTWARE\MyWebSearch\bar#pl
HKLM\SOFTWARE\MyWebSearch\bar#Id
HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision
HKLM\SOFTWARE\MyWebSearch\bar#sscLabel
HKLM\SOFTWARE\MyWebSearch\bar#sscURL
HKLM\SOFTWARE\MyWebSearch\bar#Flags
HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
HKLM\SOFTWARE\MyWebSearch\bar#DSSEnabled
HKLM\SOFTWARE\MyWebSearch\bar#tiec
HKLM\SOFTWARE\MyWebSearch\bar#SearchProvider
HKLM\SOFTWARE\MyWebSearch\SearchAssistant
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CurInstall
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pl
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#eintl
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fs
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sscEnabled
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ConfigDateStamp
HKLM\SOFTWARE\MyWebSearch\SkinTools
HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKLM\Software\FocusInteractive
HKLM\Software\FocusInteractive\bar
HKLM\Software\FocusInteractive\bar\Switches
HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
HKLM\Software\FocusInteractive\bar\Switches#msn.exe
HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
HKLM\Software\FocusInteractive\bar\Switches#waol.exe
HKLM\Software\FocusInteractive\bar\Switches#aim.exe
HKLM\Software\FocusInteractive\bar\Switches#icq.exe
HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll
HKLM\Software\FocusInteractive\bar\Switches#au
HKLM\Software\FocusInteractive\bar\Switches#ok
HKLM\Software\FocusInteractive\bar\Switches#od
HKLM\Software\FocusInteractive\bar\Switches#nk
HKLM\Software\FocusInteractive\bar\Switches#nd
HKLM\Software\FocusInteractive\Email-IM
HKLM\Software\FocusInteractive\Email-IM\0
HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
HKLM\Software\FocusInteractive\Email-IM\0#AppName
HKLM\Software\FocusInteractive\Outlook
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\History
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch
C:\Program Files\FunWebProducts\ScreenSaver\Images\0021736A.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\FunWebProducts\Shared
C:\Program Files\FunWebProducts
Trojan.Security Toolbar
C:\Documents and Settings\Phixius\Favorites\Antivirus Test Online.url
Trojan.Incestuously
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#incestuously [ {03413bf7-e34c-445b-bfc0-a2b127255871} ]
Trojan.Unclassified/MSFox
HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Run#MSFox [ C:\DOCUME~1\Phixius\LOCALS~1\Temp\a.exe ]
HKLM\SOFTWARE\Mozilla\MSFox
HKLM\SOFTWARE\Mozilla\MSFox#Str5
HKLM\SOFTWARE\Mozilla\MSFox#Str9
HKLM\SOFTWARE\Mozilla\MSFox#Str6
HKLM\SOFTWARE\Mozilla\MSFox#Str7
HKLM\SOFTWARE\Mozilla\MSFox#Str8
HKLM\SOFTWARE\Mozilla\MSFox#Str4
HKLM\SOFTWARE\Mozilla\MSFox#Str10
HKLM\SOFTWARE\Mozilla\MSFox#Str1
HKLM\SOFTWARE\Mozilla\MSFox#Str0
HKLM\SOFTWARE\Mozilla\MSFox#Int2
HKLM\SOFTWARE\Mozilla\MSFox#Int3
Trojan.Unclassified/Cognac
HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Run#Cognac [ C:\DOCUME~1\Phixius\LOCALS~1\Temp\~tmpe.exe ]
Rogue.MSAntiSpyware2009
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd
Adware.MyWebSearch-Installer
C:\DOCUMENTS AND SETTINGS\PHIXIUS\DESKTOP\UNUSED DESKTOP SHORTCUTS\ZWINKYSETUP2.2.50.1-3.ZJFOX000.EXE
Adware.ClickSpring/Yazzle
C:\WINDOWS\PREFETCH\YAZZLE1162OINUNINSTALLER.EXE-1ED8E2D1.PF
I am now running the Malwarebytes Anti-Malware program.Ok, and here are my Malwarebytes' Anti-Malware log and HijackThis log.
Now that I have ran all of these programs my computer no longer seems to be bringing up the little black windows with errors anymore.
Also, in case you need to know, my computer information is:
MS Windows XP Professional SP3, INTEL Pentium 4 CPU, 2.80GHz, 512MB RAM, Intel 82845G/GL/GE/PE/GU Graphics Controls
That's about all I know about it. I really hope that this will fix everything on my computer. I use this computer for school so I have a ton of school work SAVED on here.
[attachment deleted by admin]
|
