OMG 334 infected files found

toejumper

Hi, have done the antispyware scan

SUPERAntiSpyware Scan Log
Generated 03/14/2009 at 10:54 AM
Application Version : 4.25.1014
Core Rules Database Version : 3794
Trace Rules Database Version: 1750
Scan type : Complete Scan
Total Scan Time : 01:30:09
Memory items scanned : 559
Memory threats detected : 0
Registry items scanned : 5498
Registry threats detected : 12
File items scanned : 21241
File threats detected : 108
Adware.Tracking Cookie
\Documents and Settings\Steph\Cookies\steph@atwola[2].txt
\Documents and Settings\Steph\Cookies\steph@mywebsearch[2].txt
\Documents and Settings\Steph\Cookies\steph@avgtechnologies.112.2o7[1].txt
\Documents and Settings\Steph\Cookies\steph@eas.apm.emediate[2].txt
\Documents and Settings\Steph\Cookies\steph@bs.serving-sys[1].txt
\Documents and Settings\Steph\Cookies\steph@ad.yieldmanager[2].txt
\Documents and Settings\Steph\Cookies\steph@ads.aol.co[1].txt
\Documents and Settings\Steph\Cookies\steph@at.atwola[2].txt
\Documents and Settings\Steph\Cookies\steph@2o7[1].txt
\Documents and Settings\Steph\Cookies\steph@www.googleadservices[2].txt
\Documents and Settings\Steph\Cookies\steph@atdmt[2].txt
\Documents and Settings\Steph\Cookies\steph@tradedoubler[2].txt
\Documents and Settings\Steph\Cookies\steph@overture[1].txt
\Documents and Settings\Steph\Cookies\steph@mediaplex[2].txt
\Documents and Settings\Steph\Cookies\steph@kontera[1].txt
\Documents and Settings\Steph\Cookies\steph@roiservice[1].txt
\Documents and Settings\Steph\Cookies\steph@track.adform[2].txt
\Documents and Settings\Steph\Cookies\steph@statse.webtrendslive[2].txt
\Documents and Settings\Steph\Cookies\steph@aoluk.122.2o7[1].txt
\Documents and Settings\Steph\Cookies\steph@uk.sitestat[1].txt
\Documents and Settings\Steph\Cookies\steph@serving-sys[2].txt
\Documents and Settings\Steph\Cookies\steph@ads.pointroll[2].txt
\Documents and Settings\Steph\Cookies\steph@revsci[2].txt
\Documents and Settings\Steph\Cookies\steph@doubleclick[1].txt
\Documents and Settings\Steph\Cookies\steph@uk.at.atwola[1].txt
\Documents and Settings\Steph\Cookies\steph@apmebf[2].txt
\Documents and Settings\Steph\Cookies\steph@www.googleadservices[1].txt
\Documents and Settings\Steph\Cookies\steph@questionmarket[2].txt
\Documents and Settings\Steph\Cookies\steph@supportsoft.122.2o7[2].txt
\Documents and Settings\Steph\Cookies\steph@tacoda[1].txt
\Documents and Settings\Steph\Cookies\steph@advertising[2].txt
\Documents and Settings\David\Cookies\david@e-2dj6wfliwoczcho.stats.esomniture[2].txt
\Documents and Settings\David\Cookies\david@indextools[1].txt
\Documents and Settings\David\Cookies\david@adrevenue[1].txt
\Documents and Settings\David\Cookies\david@incredimailltd.112.2o7[1].txt
\Documents and Settings\David\Cookies\david@ehg-littlewoods.hitbox[2].txt
\Documents and Settings\David\Cookies\david@e-2dj6wgkysjczokp.stats.esomniture[2].txt
\Documents and Settings\David\Cookies\david@e-2dj6wfmiopc5khp.stats.esomniture[2].txt
\Documents and Settings\David\Cookies\david@track.omguk[2].txt
\Documents and Settings\David\Cookies\david@ads.pointroll[2].txt
\Documents and Settings\David\Cookies\david@e-2dj6wjkogiczokp.stats.esomniture[2].txt
\Documents and Settings\David\Cookies\david@imrworldwide[1].txt
\Documents and Settings\David\Cookies\david@e-2dj6wfkiuoc5seq.stats.esomniture[1].txt
\Documents and Settings\David\Cookies\david@ehg-hobsons.hitbox[1].txt
\Documents and Settings\David\Cookies\david@e-2dj6wjmiggcpibo.stats.esomniture[2].txt
\Documents and Settings\David\Cookies\david@bizrate[1].txt
\Documents and Settings\David\Cookies\david@e-2dj6wgkogidpkcp.stats.esomniture[2].txt
\Documents and Settings\David\Cookies\david@e-2dj6wbmyqmcpekq.stats.esomniture[1].txt
\Documents and Settings\David\Cookies\david@atwola[2].txt
\Documents and Settings\David\Cookies\david@apmebf[2].txt
\Documents and Settings\David\Cookies\david@tracking.summitmedia.co[1].txt
\Documents and Settings\David\Cookies\david@bannersng.yell[1].txt
\Documents and Settings\David\Cookies\david@e-2dj6wfkoshdpkgp.stats.esomniture[1].txt
\Documents and Settings\David\Cookies\david@bizrate.co[2].txt
\Documents and Settings\David\Cookies\david@ads.itv[2].txt
\Documents and Settings\David\Cookies\david@tracking.dc-storm[1].txt
\Documents and Settings\David\Cookies\david@indexstats[1].txt
\Documents and Settings\David\Cookies\david@e-2dj6wfmiwgazeeq.stats.esomniture[2].txt
\Documents and Settings\David\Cookies\david@www.burstnet[1].txt
\Documents and Settings\David\Cookies\david@server.iad.liveperson[1].txt
\Documents and Settings\David\Cookies\david@server.iad.liveperson[2].txt
\Documents and Settings\David\Cookies\david@vhost.oddcast[2].txt
\Documents and Settings\David\Cookies\david@ads.uknetguide.co[1].txt
\Documents and Settings\David\Cookies\david@tracking.webdiversity.co[1].txt
\Documents and Settings\David\Cookies\david@e-2dj6wjmigoc5kaq.stats.esomniture[2].txt
\Documents and Settings\David\Cookies\david@aoleusearch.122.2o7[1].txt
\Documents and Settings\David\Cookies\david@e-2dj6wakiwgazicp.stats.esomniture[2].txt
\Documents and Settings\David\Cookies\david@e-2dj6whl4kgczmdp.stats.esomniture[1].txt
\Documents and Settings\David\Cookies\david@e-2dj6wfkyqicjaco.stats.esomniture[2].txt
\Documents and Settings\David\Cookies\david@e-2dj6wbmyejazcco.stats.esomniture[2].txt
\Documents and Settings\David\Cookies\david@paypal.112.2o7[1].txt
\Documents and Settings\David\Cookies\david@goodyear.122.2o7[1].txt
\Documents and Settings\David\Cookies\david@122.2o7[2].txt
\Documents and Settings\David\Cookies\david@ads.aol.co[2].txt
\Documents and Settings\David\Cookies\david@counter.hitslink[1].txt
\Documents and Settings\David\Cookies\david@ehg-flextech.hitbox[1].txt
\Documents and Settings\David\Cookies\david@ad1.emediate[2].txt
\Documents and Settings\David\Cookies\david@media.adrevolver[1].txt
\Documents and Settings\David\Cookies\david@discountedorfree.co[1].txt
\Documents and Settings\laura\Cookies\laura@www.googleadservices[1].txt
\Documents and Settings\laura\Cookies\laura@ehg-rodale.hitbox[2].txt
\Documents and Settings\laura\Cookies\laura@www.googleadservices[3].txt
\Documents and Settings\laura\Cookies\laura@ad.uk.tangozebra[1].txt
\Documents and Settings\laura\Cookies\laura@smileycentral[1].txt
\Documents and Settings\laura\Cookies\laura@apmebf[2].txt
\Documents and Settings\laura\Cookies\laura@imrworldwide[2].txt
\Documents and Settings\laura\Cookies\laura@ad.zanox[2].txt
\Documents and Settings\laura\Cookies\laura@www3.addfreestats[1].txt
\Documents and Settings\laura\Cookies\laura@www6.addfreestats[1].txt
\Documents and Settings\laura\Cookies\laura@stat.dealtime[1].txt
\Documents and Settings\laura\Cookies\laura@ehg-mgnlimited.hitbox[2].txt
\Documents and Settings\laura\Cookies\laura@ads.stardoll[1].txt
\Documents and Settings\laura\Cookies\laura@track.webtrekk[1].txt
\Documents and Settings\laura\Cookies\laura@media.adrevolver[1].txt
\Documents and Settings\laura\Cookies\laura@optimost[1].txt
\Documents and Settings\laura\Cookies\laura@ehg-dig.hitbox[2].txt
\Documents and Settings\laura\Cookies\laura@server.lon.liveperson[2].txt
\Documents and Settings\laura\Cookies\laura@server.lon.liveperson[3].txt
\Documents and Settings\laura\Cookies\laura@ads.digiguide[2].txt
\Documents and Settings\laura\Cookies\laura@eyewonder[1].txt
\Documents and Settings\laura\Cookies\laura@112.2o7[2].txt
\Documents and Settings\laura\Cookies\laura@trinitymirror.112.2o7[1].txt
\Documents and Settings\laura\Cookies\laura@tracking.summitmedia.co[1].txt
\Documents and Settings\laura\Cookies\laura@nickelodeonuk.112.2o7[1].txt
\Documents and Settings\laura\Cookies\laura@cz7.clickzs[1].txt
\Documents and Settings\laura\Cookies\laura@ad1.emediate[2].txt
\Documents and Settings\laura\Cookies\laura@aoleusearch.122.2o7[1].txt
\Documents and Settings\laura\Cookies\laura@ads.aol.co[1].txt
Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-678682093-1089027286-1792981731-1007\SOFTWARE\FunWebProducts
HKCR\CLSID\!!9AFB8248-617F-460d-9366-D71CDEDA3179}
HKCR\CLSID\!!9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc

aliEnRIK

Are you able to run COMBOFIX now?

if not id suggest updating and running another scan with MALWAREBYTES as 'mywebsearch' can grow at an unbelievable rate

toejumper

no just get a blank white page with combofix, going to do a malwarebytes now. thanks steph

aliEnRIK

Just realised that your AVG is broken
Shut AVG down then ~

Use the 32 bit AVG removal tool
http://www.avg.com/download-tools

Then either reinstall it or install AVIRA in its place

Download AVIRA ANTI VIRUS PERSONAL (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_antivir/

aliEnRIK

FIX this using hijack too ~
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

toejumper

only instaled avg on monday, did have mcafee for 3 years.
ran malwarebytes no infections found

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)

toejumper

will i be able to reinstall using the avg disc, as this is not the free version

toejumper

Hi have fixed this, but how will i know if its been repaired
O14 - IERESET.INF:START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
thanks steph

aliEnRIK

toejumper wrote: »

will i be able to reinstall using the avg disc, as this is not the free version

Should be able to yes

(The firewall is full of 'holes' by the way ~ I sure as hell wouldnt ever PAY for AVG, let alone use it)

aliEnRIK

toejumper wrote: »

Hi have fixed this, but how will i know if its been repaired
O14 - IERESET.INF:START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
thanks steph

FIXing is removing it