Solved Computer is very badly infected, help please

Dell / Dell dc051
June 22, 2011 at 06:53:26
Specs: Windows XP, 3.058 GHz / 502 MB
My pc is badly infected, need help please!

My pc is running extremely slow everytime i start up, closing apps/windows is taking too long.My account was also stolen (i recover it back on iphone) So to attempt to battle this, i decided to download malwarebyte, after a quick scan, i've recieved the following:

www.malwarebytes.org

Database version: 6911

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/21/2011 7:32:24 PM
mbam-log-2011-06-21 (19-32-24).txt

Scan type: Quick scan
Objects scanned: 299117
Time elapsed: 59 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 29
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 27
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\harmon\application data\hotbar_icons (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lord of the ring\application data\hotbar_icons (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\piyara singh help\application data\hotbar_icons (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\harmon\application data\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\harmon\application data\shoppingreport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\harmon\application data\shoppingreport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\harmon\application data\shoppingreport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\harmon\application data\shoppingreport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\harmon\application data\shoppingreport\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\lord of the ring\application data\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\lord of the ring\application data\shoppingreport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\lord of the ring\application data\shoppingreport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\lord of the ring\application data\shoppingreport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\lord of the ring\application data\shoppingreport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\lord of the ring\application data\shoppingreport\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\piyara singh help\application data\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\piyara singh help\application data\shoppingreport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\piyara singh help\application data\shoppingreport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\piyara singh help\application data\shoppingreport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\piyara singh help\application data\shoppingreport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\piyara singh help\application data\shoppingreport\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\piyara singh help\application data\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\piyara singh help\application data\weatherdpa\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\piyara singh help\application data\weatherdpa\Weather\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\piyara singh help\application data\weatherdpa\Weather\weatherdpa\weather_xml (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Delete on reboot.
c:\documents and settings\piyara singh help\local settings\temporary internet files\Content.IE5\4RJTQ95B\hotbar[1].exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lord of the ring\Desktop\repair your registry.lnk (Rogue.Link) -> Quarantined and deleted successfully.
c:\documents and settings\piyara singh help\Desktop\repair your registry.lnk (Rogue.Link) -> Quarantined and deleted successfully.
c:\documents and settings\harmon\application data\hotbar_icons\3bsoftware_icon_1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\harmon\application data\hotbar_icons\registryrepair.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lord of the ring\application data\hotbar_icons\3bsoftware_icon_1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\lord of the ring\application data\hotbar_icons\registryrepair.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\piyara singh help\application data\hotbar_icons\3bsoftware_icon_1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\piyara singh help\application data\hotbar_icons\registryrepair.ico (Adware.Hotbar) -> Quarantined and deleted successfully.


I was surprised by the amount of malwares i got, so i went for avg full computer scan but did not detect any viruses/other threat.

However i got some result from avg scan few months ago (i dont know how to copy result from avg, so i have to type them myself):

User: NT AUTHORITY/SYSTEM
Source: IDP
Event description: Process KQNTQV.EXE was detected.

Another result:

Virus found Skintrim C:/system volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}-\RP452\A0519688.exe

Last year, i've recieved another trojans found from avg, it is generic trojan horse, there are 4 of them as far as i can remember. (i've deleted the event history, so i cant specify it)


Now with the spybot result, i cannot find them but this may do:


--- Report generated: 2010-04-25 13:15 ---

Zango.AntiSpamBar: [SBI $757358C2] Link (File, fixed)
C:\Documents and Settings\lord of the ring\Desktop\Repair Your Registry.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Zango.AntiSpamBar: [SBI $757358C2] Link (File, fixed)
C:\Documents and Settings\PIYARA SINGH help\Desktop\Repair Your Registry.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Zango.ShoppingReport: [SBI $3AAAC358] Data (File, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\ShoppingReport\cs\db\Aliases.dbs
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Zango.ShoppingReport: [SBI $19242A91] Web page (File, fixed)
C:\Documents and Settings\harmon\Application Data\ShoppingReport\cs\report\aggr_storage.xml
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Zango.ShoppingReport: [SBI $19242A91] Web page (File, fixed)
C:\Documents and Settings\lord of the ring\Application Data\ShoppingReport\cs\report\aggr_storage.xml
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Zango.ShoppingReport: [SBI $19242A91] Web page (File, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\ShoppingReport\cs\report\aggr_storage.xml
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Zango.ShoppingReport: [SBI $27553E1B] Program directory (Directory, fixed)
C:\Documents and Settings\harmon\Application Data\ShoppingReport\cs\dwld\

Zango.ShoppingReport: [SBI $27553E1B] Program directory (Directory, fixed)
C:\Documents and Settings\lord of the ring\Application Data\ShoppingReport\cs\dwld\

Zango.ShoppingReport: [SBI $27553E1B] Program directory (Directory, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\ShoppingReport\cs\dwld\

Zango.ShoppingReport: [SBI $448F9F84] Program directory (Directory, fixed)
C:\Documents and Settings\harmon\Application Data\ShoppingReport\cs\

Zango.ShoppingReport: [SBI $448F9F84] Program directory (Directory, fixed)
C:\Documents and Settings\lord of the ring\Application Data\ShoppingReport\cs\

Zango.ShoppingReport: [SBI $448F9F84] Program directory (Directory, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\ShoppingReport\cs\

Zango.ShoppingReport: [SBI $13C644D0] Data (File, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\ShoppingReport\cs\db\Sites.dbs
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Zango.ShoppingReport: [SBI $FB8966F1] Data (File, fixed)
C:\Documents and Settings\harmon\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Zango.ShoppingReport: [SBI $FB8966F1] Data (File, fixed)
C:\Documents and Settings\lord of the ring\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Zango.ShoppingReport: [SBI $FB8966F1] Data (File, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Zango.ShoppingReport: [SBI $0BD115A3] Data (File, fixed)
C:\Documents and Settings\harmon\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Zango.ShoppingReport: [SBI $0BD115A3] Data (File, fixed)
C:\Documents and Settings\lord of the ring\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Zango.ShoppingReport: [SBI $0BD115A3] Data (File, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Zango.ShoppingReport: [SBI $799BCEB1] Executable (File, fixed)
C:\Documents and Settings\PIYARA SINGH help\Local Settings\Temp\ShprInstaller.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Zango.ShoppingReport: [SBI $D4369EFC] Program directory (Directory, fixed)
C:\Documents and Settings\harmon\Application Data\ShoppingReport\cs\db\

Zango.ShoppingReport: [SBI $D4369EFC] Program directory (Directory, fixed)
C:\Documents and Settings\lord of the ring\Application Data\ShoppingReport\cs\db\

Zango.ShoppingReport: [SBI $D4369EFC] Program directory (Directory, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\ShoppingReport\cs\db\

Zango.ShoppingReport: [SBI $E300C7DB] Program directory (Directory, fixed)
C:\Documents and Settings\harmon\Application Data\ShoppingReport\cs\report\

Zango.ShoppingReport: [SBI $E300C7DB] Program directory (Directory, fixed)
C:\Documents and Settings\lord of the ring\Application Data\ShoppingReport\cs\report\

Zango.ShoppingReport: [SBI $E300C7DB] Program directory (Directory, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\ShoppingReport\cs\report\

Zango.ShoppingReport: [SBI $E2538E71] Program directory (Directory, fixed)
C:\Documents and Settings\harmon\Application Data\ShoppingReport\cs\res1\

Zango.ShoppingReport: [SBI $E2538E71] Program directory (Directory, fixed)
C:\Documents and Settings\lord of the ring\Application Data\ShoppingReport\cs\res1\

Zango.ShoppingReport: [SBI $E2538E71] Program directory (Directory, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\ShoppingReport\cs\res1\

Zango.ShoppingReport: [SBI $12D394ED] Program directory (Directory, fixed)
C:\Documents and Settings\harmon\Application Data\ShoppingReport\

Zango.ShoppingReport: [SBI $12D394ED] Program directory (Directory, fixed)
C:\Documents and Settings\lord of the ring\Application Data\ShoppingReport\

Zango.ShoppingReport: [SBI $12D394ED] Program directory (Directory, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\ShoppingReport\

Zango.WeatherDPA: [SBI $DD20C42B] Program directory (Directory, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\

Zango.WeatherDPA: [SBI $185CB0DF] Program directory (Directory, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\WeatherDPA\Weather\WeatherDPA\

Zango.WeatherDPA: [SBI $DBDCB735] Program directory (Directory, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\WeatherDPA\Weather\

Zango.WeatherDPA: [SBI $8F8B4330] Program directory (Directory, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\WeatherDPA\

Zango.WeatherDPA: [SBI $9D9D70E6] Data (File, fixed)
C:\Documents and Settings\PIYARA SINGH help\Application Data\WeatherDPA\Weather\WeatherStartup.xml
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

SearchPixieBar: [SBI $910F79C4] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Softomate.IEToolbar.1

SearchPixieBar: [SBI $910F79C4] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}

FunWebProducts: [SBI $561F0D2E] User settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-123929619-940735811-849573532-1006\Software\Microsoft\Internet Explorer\MenuExt\&Search\=...http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml...

FunWebProducts: [SBI $685582A8] Configuration file (File, fixed)
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.1.1.inf
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

FunWebProducts: [SBI $7AEE25A5] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

FunWebProducts: [SBI $B71E4FFD] Program directory (Directory, fixed)
C:\Program Files\FunWebProducts\

MyWay.MyWebSearch: [SBI $6404C538] Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: [SBI $6404C538] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-123929619-940735811-849573532-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: [SBI $6404C538] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: [SBI $39E631BB] Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

MyWay.MyWebSearch: [SBI $39E631BB] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

MyWay.MyWebSearch: [SBI $1D729FD1] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

MyWay.MyWebSearch: [SBI $71059DE8] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

FunWebProducts: [SBI $89774EC7] Program directory (Directory, fixed)
C:\Program Files\FunWebProducts\Shared\

FunWebProducts: [SBI $87976B73] Program directory (Directory, fixed)
C:\Program Files\funwebproducts\Shared

MyWay.MyWebSearch: [SBI $9185AE0B] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}

MyWay.MyWebSearch: [SBI $798DEFC6] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7}

MyWay.MyWebSearch: [SBI $17EB816E] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}

MyWay.MyWebSearch: [SBI $E6CF97BD] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}

MyWay.MyWebSearch: [SBI $84A88F8E] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}

MyWay.MyWebSearch: [SBI $2E0CB34B] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

MyWay.MyWebSearch: [SBI $B836F058] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

MyWay.MyWebSearch: [SBI $4A8ED495] Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

Microsoft.Windows.AppFirewallBypass: [SBI $9FD0556E] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe

Microsoft.Windows.AppFirewallBypass: [SBI $2AF14C29] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe

MyWebSearch: [SBI $0778094F] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

MyWebSearch: [SBI $EB0F98F9] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Win32.Agent.fbx: [SBI $86BD92BA] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jnzozf

MediaPlex: Tracking cookie (Internet Explorer: Diyal) (Cookie, fixed)

DoubleClick: Tracking cookie (Internet Explorer: Diyal) (Cookie, fixed)

Tradedoubler: Tracking cookie (Internet Explorer: Diyal) (Cookie, fixed)

Clickbank: Tracking cookie (Internet Explorer: Diyal) (Cookie, fixed)

Right Media: Tracking cookie (Internet Explorer: Diyal) (Cookie, fixed)

Adviva: Tracking cookie (Internet Explorer: Diyal) (Cookie, fixed)

BlueStreak: Tracking cookie (Internet Explorer: Diyal) (Cookie, fixed)

MediaPlex: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

HitsLink: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

HitBox: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

HitBox: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

Statcounter: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

Statcounter: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

Statcounter: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

Statcounter: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

Statcounter: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

Statcounter: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

Statcounter: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

Statcounter: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

Statcounter: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

Statcounter: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

Statcounter: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

Statcounter: Tracking cookie (Firefox: harmon (default)) (Cookie, fixed)

MediaPlex: Tracking cookie (Firefox: piyara (default)) (Cookie, fixed)

Statcounter: Tracking cookie (Firefox: piyara (default)) (Cookie, fixed)

DoubleClick: Tracking cookie (Firefox: piyara (default)) (Cookie, fixed)


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2010-04-25 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware.sbi (*)
2010-04-20 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-04-13 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-04-13 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-04-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-03-02 Includes\Malware.sbi (*)
2010-04-20 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-04-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-04-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-03-02 Includes\Spyware.sbi (*)
2010-04-20 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-03-03 Includes\Trojans.sbi (*)
2010-04-13 Includes\TrojansC-02.sbi (*)
2010-04-20 Includes\TrojansC-03.sbi (*)
2010-04-20 Includes\TrojansC-04.sbi (*)
2010-04-20 Includes\TrojansC-05.sbi (*)
2010-04-20 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


Few months ago, i've bought window 7 home premium so i can format my pc and install new OS, but the disc wont run. i've tried to fix it by using the advices given from various sites but the problem still continue.

I am really scared, because i do not want to lose my account, data thief and other possible threats.

I've been scanning them over 2 times a day, each from avg, spybot and malwarebyte.
i've received no result so far, but i am experiencing slow computer, i am trying to find out whether i am infected or not, so please help me out. :(

Sorry if my english is bad, i really needed the help, this is bit is scary


See More: Computer is very badly infected, help please

Report •


✔ Best Answer
June 22, 2011 at 14:24:16
Is AVG totally uninstalled?
The instructions were to turn OFF your AV BEFORE running combofix.

Some HELP in posting on Computing.net plus free progs and instructions Cheers



#1
June 22, 2011 at 07:00:28
I forgot to mention that , i;ve had scanned each programme, avg, spybot and malwarebyte in safe mode. from the avg, i've recieved load of locked files, which i don't understand why.

I found no threat result from malwarebyte and spybot.
However i still do not trust this pc, it is the only computer i got left ( my parents sold samsung laptop window 7 to refund, so the only pc i can use is this)

This pc is probably from 2005-ish but i still want to surf the internet safely and to clean this parasite thats been sitting there for year =[


Report •

#2
June 22, 2011 at 07:28:28
Try combofix, follow the guide carefully and you should be fine:
http://www.bleepingcomputer.com/com...

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#3
June 22, 2011 at 07:32:23
Thank you VERY much for quick reply!

Report •

Related Solutions

#4
June 22, 2011 at 07:33:59
After following, i post the logs here?

Report •

#5
June 22, 2011 at 08:47:34
i am trying to open Combofix, but it wont let me because avg blocked it. even tho i made it allow to run. Now internet temporary not working, im restarting pc over 5 times, i am trying to sort this out..
Combofix's warning message said to un-install avg, even though i disabled avg.

Report •

#6
June 22, 2011 at 09:38:40
Warning

"ComboFix cannot run when AVG is installed. This due to AVG's targetting ComboFix's files/processes. It would be dangerous to continue

Please uninstall AVG or use another tool"

I un-installed as was told to then restarted pc but this warning message still appear and ComboFix wont run.

Am i doing something wrong? Please Help!


Report •

#7
June 22, 2011 at 14:24:16
✔ Best Answer
Is AVG totally uninstalled?
The instructions were to turn OFF your AV BEFORE running combofix.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#8
June 23, 2011 at 02:57:37
Hello, i've checked Add and Remove to see whether avg is totally un installed, it seem that avg is not longer on the list anymore.
So i tried to run ComboFix but the warning message still appearing.
So i decide to check with CCleaner, but unfortunately it seem that avg is not listed, so this tell me that avg is totally uninstalled, and the rest antivirus disabled (window defender disabled for nearly 5 months) i does the same with the malwarebyte and spybot...

I really needed the help, what can i do?


Report •

#9
June 23, 2011 at 07:42:14
Is your windows 64bit? If so, combofix will not run then.

try these 2 cleaners and fix all they find
1- Trojan Remover
http://www.simplysup.com/tremover/d...
2- Hitman Pro
http://www.surfright.nl/en

Un-Install them from ALL Programs with their own uninstallers after they run clean...DO NOT uninstall them in add/remove

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#10
June 23, 2011 at 09:07:18
Hi Xpuser4real, I've scanned trojan remover, i've recieved no result so far, all ticked and does same to fastscan

After that, i downloaded hitman pro as instructed, i scanned and here is the result:

- <Log computer="DELL" scan="Normal" version="3.5.9.125" date="2011-06-23T16:41:56" timeSpentInSecs="1060" filesProcessed="57966">
- <Item type="Malware" malwareName="Malware" score="106.0" status="Deleted">
- <Scanners>
<Scanner id="Prevx" name="High Risk Worm" />
<Scanner id="Ikarus" name="Virus.Win32.Trojan!IK" />
</Scanners>
<File path="C:\Documents and Settings\Diyal\My Documents\Downloads\Reverse-Records-Toolkit.exe" hash="D1C94EAAAF6C9D9465FECF0E8799B9F537FF2AA37F8A6DB067A70662E99D0AD6" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:ad.uk.tangozebra.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:ads.ad4game.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:ads.aol.co.uk" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:ads.cartoonnetwork.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:ads.gamesbannernet.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:ads.ozonemedia.co.in" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:avgtechnologies.112.2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:cdn5.specificclick.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:chitika.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:chumtv.122.2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:collective-media.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:dmtracker.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:eaeacom.112.2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:hulu.112.2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:interclick.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:microsoftwindows.112.2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:msnaccountservices.112.2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:paypal.112.2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:revsci.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:rotator.adjuggler.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:rts.doublepimp.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:server.cpmstar.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:specificclick.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:stats.channel4.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:track.monitis.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\harmon\Application Data\Mozilla\Firefox\Profiles\wdoju1uc.default\cookies.sqlite:xiti.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\lord of the ring\Application Data\Mozilla\Firefox\Profiles\v64t88eb.default\cookies.sqlite:adbrite.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\lord of the ring\Application Data\Mozilla\Firefox\Profiles\v64t88eb.default\cookies.sqlite:ads.bleepingcomputer.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\lord of the ring\Application Data\Mozilla\Firefox\Profiles\v64t88eb.default\cookies.sqlite:ar.atwola.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\lord of the ring\Application Data\Mozilla\Firefox\Profiles\v64t88eb.default\cookies.sqlite:at.atwola.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\lord of the ring\Application Data\Mozilla\Firefox\Profiles\v64t88eb.default\cookies.sqlite:collective-media.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\lord of the ring\Application Data\Mozilla\Firefox\Profiles\v64t88eb.default\cookies.sqlite:interclick.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\lord of the ring\Application Data\Mozilla\Firefox\Profiles\v64t88eb.default\cookies.sqlite:invitemedia.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\lord of the ring\Application Data\Mozilla\Firefox\Profiles\v64t88eb.default\cookies.sqlite:kontera.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\lord of the ring\Application Data\Mozilla\Firefox\Profiles\v64t88eb.default\cookies.sqlite:revsci.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\lord of the ring\Application Data\Mozilla\Firefox\Profiles\v64t88eb.default\cookies.sqlite:serving-sys.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\lord of the ring\Application Data\Mozilla\Firefox\Profiles\v64t88eb.default\cookies.sqlite:tacoda.at.atwola.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\lord of the ring\Application Data\Mozilla\Firefox\Profiles\v64t88eb.default\cookies.sqlite:tacoda.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\lord of the ring\Application Data\Mozilla\Firefox\Profiles\v64t88eb.default\cookies.sqlite:tribalfusion.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\lord of the ring\Application Data\Mozilla\Firefox\Profiles\v64t88eb.default\cookies.sqlite:xiti.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\PIYARA SINGH help\Application Data\Mozilla\Firefox\Profiles\cadqtm1k.default\cookies.sqlite:cdn5.specificclick.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\PIYARA SINGH help\Application Data\Mozilla\Firefox\Profiles\cadqtm1k.default\cookies.sqlite:content.yieldmanager.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\PIYARA SINGH help\Application Data\Mozilla\Firefox\Profiles\cadqtm1k.default\cookies.sqlite:specificclick.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:ad.360yield.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:ad.yieldmanager.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:adbrite.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:ads.bleepingcomputer.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:ads.pointroll.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:adtech.de" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:advertising.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:adviva.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:apmebf.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:ar.atwola.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:at.atwola.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:atdmt.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:avgtechnologies.112.2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:collective-media.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:content.yieldmanager.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:doubleclick.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:interclick.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:invitemedia.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:kaspersky.122.2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:kontera.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:media6degrees.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:mediaplex.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:mm.chitika.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:pointroll.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:questionmarket.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:revsci.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:ru4.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:serving-sys.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:specificclick.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:statcounter.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:tacoda.at.atwola.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:tacoda.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:tribalfusion.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:www.googleadservices.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:xiti.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\piyara\Application Data\Mozilla\Firefox\Profiles\e4bk5x99.default\cookies.sqlite:yieldmanager.net" />
</Item>
</Log>


What do you mean by Un-installing all programmes using their un-installer, i did not see one?


Report •

#11
June 23, 2011 at 12:24:03
go into start/ all programs and find them in the list, that is where the uninstaller is.

Is your PC running better?
If not, tap f8 and go into safe mode, then run Malwarebytes in a full scan again.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#12
June 23, 2011 at 12:55:54
Im bit confused, do you actually mean two tools i recently downloaded (hitman and trojan removal) to uninstall them or uninstall all Programs found on my computer?

I could only find a file called 'uninstall trojan remover' or 'remove hitman pro' in Programme


Report •

#13
June 23, 2011 at 14:39:15
www.majorgeeks.com has a removal tool for AVG, you should run it to removal stuck AVG files
http://majorgeeks.com/downloadget.p...

Report •

#14
June 23, 2011 at 18:52:29
yes arthur, uninstall them there.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#15
June 24, 2011 at 02:21:32
All thanks to you xp, my computer is loading quicker than i expected, and it seem to running very smoothly.
I've downloaded avast and scanned it in boot time scan, i got 5 infected files, and nothing else.

Do i still need to run combofix just incase to keep my computer fully clean from parasites?

ps: thank you paul, i will remove them to run combofix but i need permission to run before i do that from xpuser4real

Thanks :)


Report •

#16
June 24, 2011 at 08:59:12
Hi Arthur, You can download and run Ccleaner Slim:
http://www.piriform.com/ccleaner/do...
remove all it finds. Next click on the registry icon and fix all that finds. That will clean out extra junk in your PC.

If your PC is running fine, then there will be no need to run combofix.

I would also consider using Avast Free than AVG, much better all around protection:
http://www.filehippo.com/download_a...

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#17
June 24, 2011 at 09:26:06
Thanks xpuser4real, i've had ccleaner and avast already, thank you for the help, i appreciate all the your work and timing you sacrificed and the helps you gave to me.

It seem working well, i just hope i dont get infected again.

Thank you so MUCH! :)


Report •

#18
June 24, 2011 at 09:35:16
You are very welcome and thanks for posting back, it may help people with similar problems!

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •


Ask Question