my virus scan...what's good and whats not? 1

[MattyG313]

i used malwarebytes to scan my c: drive but im not sure whats really an infection and what the computer thinks is one...any help would be appreciated



Malwarebytes' Anti-Malware 1.30
Database version: 1439
Windows 5.1.2600 Service Pack 3

12/2/2008 9:23:49 PM
mbam-log-2008-12-02 (21-23-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 214806
Time elapsed: 1 hour(s), 17 minute(s), 13 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 34
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 14

Memory Processes Infected:
C:\Program Files\tinyproxy\tinyproxy.exe (Trojan.Proxy) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{34b9c611-629c-43aa-9f9d-4b58086ea729} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34b9c611-629c-43aa-9f9d-4b58086ea729} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2231839a-f38e-4066-bf3c-959006189942} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2231839a-f38e-4066-bf3c-959006189942} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ipsec services (policyagent) (Trojan.Proxy) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ipsec services (policyagent) (Trojan.Proxy) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipsec services (policyagent) (Trojan.Proxy) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kprof (Rootkit.Poof) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Helper (Spyware.Banker) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\poof (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc (Spyware.LDPinch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\AdfGHost.Cli (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\BprintingHost.Serv (Fake.Dropped.Malware) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\VSAdd-in (Adware.Agent) -> No action taken.
C:\Program Files\TinyProxy (Trojan.Proxy) -> No action taken.

Files Infected:
C:\WINDOWS\system32\917671\917671.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\119987\119987.dll (Trojan.BHO) -> No action taken.
C:\Program Files\TinyProxy\tinyproxy.exe (Trojan.Proxy) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\tmark2.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\fmark2.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\bolivar20.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\ijjistarter2.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Dad\314_gotomypc.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Dad\370_gotomypc.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Dad\gotomypc_370.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Dad\Local Settings\Temp\tt_1224844691.exe (Trojan.FakeAlert) -> No action taken.

 

[BionicJohn]

Run Malwarebytes' Anti-Malware again.
When asked, at least quarantine the item.
A quick glance suggests deleting all the items you've listed is required.

"No action taken" will then become "Quarantined and deleted successfully".

Liverpool: Capital of Culture 2008
Anfield: Capital of Football since 1892
Iechyd da! John
Glannau Mersi, Lloegr.

 

[MattyG313]

yes but should i quarantine all of them?

 

[sggaunt]

Yes: As soon as possible.
In fact although Malware bytes comes highly recommended these days you should also run some more Scanners and do it in Safe mode.
e.g. SuperAntiSpyware and DrWeb Cureit.

 

[kjv1611]

I haven't tried SuperAntiSpyware nor DrWeb Cureit to date. Any thoughts on how good they are? Do they eat up system resources or not? How comparable to AVG, Avast, etc?

--

"If to err is human, then I must be some kind of human!" -Me

 

[sggaunt]

SAS and DrWeb are both one time (rather than real time)scanners, unless you want to get the paid version of SAS.
Both go quite deep and take a long time to run.

So unless you have a very fast machine I would not try to do anything else when running either of these scanners, but then again cleaning a system should be the priority.
In my experience both will find stuff that mainstream 'fast' scanners (like AVG) will miss.

 

[kjv1611]

Thanks for the info.

--

"If to err is human, then I must be some kind of human!" -Me