We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

help please!

2»

Comments

  • Malwarebytes' Anti-Malware 1.41
    Database version: 3257
    Windows 5.1.2600 Service Pack 3
    11/29/2009 4:59:57 PM
    mbam-log-2009-11-29 (16-59-57).txt
    Scan type: Full Scan (C:\|)
    Objects scanned: 89974
    Time elapsed: 17 minute(s), 16 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 5
    Registry Keys Infected: 38
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 7
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    C:\Program Files\Content Management Wizard\1.1.0.1870\CMWIE.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOn.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Web Search Operator\3.1.0.1840\WSO.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Textual Content Provider\1.1.0.1610\TCPIE.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll (Adware.Agent) -> Delete on reboot.
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\Program Files\Content Management Wizard\1.1.0.1870\CMWIE.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOn.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Web Search Operator\3.1.0.1840\WSO.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Textual Content Provider\1.1.0.1610\TCPIE.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll (Adware.Agent) -> Delete on reboot.
    C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\V2AIIRNQ\productinfo[1].dll (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\user\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
  • Have i done it wrong again?
  • 4743hudsonj
    4743hudsonj Posts: 3,298 Forumite
    i would lock down on your kids usage of the computer if i were you, theyre obviously gain on very dodgy sites.
    Back by no demand whatsoever.
  • like what please? for future ref
  • 4743hudsonj
    4743hudsonj Posts: 3,298 Forumite
    well im not to sure, i can suggest this and this

    Both are freee and easy to set up, and hopefully will help to prevent future infection.

    I could also suggest keeping Malwarebytes for a monthly quickscan and remove AVG via this (top one) and using this instead.

    if you get infected with this lot running then you have something very nasty.

    K9 will help keep your kids of unwanted sites.
    Back by no demand whatsoever.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    TICK these and click to FIX them ~
    C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe
    C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.koower.com/
    R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [408809432] C:\PROGRA~1\eGames\POKERM~1\Register\EGAMES~1.EXE /r "C:\PROGRA~1\eGames\POKERM~1\Register\EGAMES~1.rpd "
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse.com/games/SproutLauncher.cab


    Its clearly still not clean

    Please run COMBOFIX
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Shut down your anti virus
    Follow the simple instructions it gives
    Post the COMPLETE log it creates here (Split into sections if need be)

    If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
    :idea:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.5K Banking & Borrowing
  • 254.2K Reduce Debt & Boost Income
  • 455.1K Spending & Discounts
  • 246.6K Work, Benefits & Business
  • 603K Mortgages, Homes & Bills
  • 178.1K Life & Family
  • 260.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.