problem with accessing www.mcafee.com

May 19, 2009 at 19:07:50
Specs: Windows XP
I'm having a problem with accessing the www.mcafee.com website. Also, I have a problem with updating mcafee. But I have decided to uninstall it and now I cannot install it since I can't access the website. Please help!

See More: problem with accessing www.mcafee.com

Report •


#1
May 19, 2009 at 19:14:42
Follow these steps first:

Try this:
1) Change your DNS server to http://www.opendns.com/start/.
2) Scan your PC with Kaspersky
3) Scan with superantispyware

Steps 3 and 4 Make sure you post screenshots/log of detected/fixed/unfixed files. Still can't access write back.

--------------------------------------------
To Private Message me Click Here


Report •

#2
May 19, 2009 at 19:18:05
Neoark,

Thanks, you also have to know I am not so familiar dealing with computer problems.

I will try it now.


Report •

#3
May 19, 2009 at 19:55:58
I'm currently running the scan using superantispyware. However I cannot open the link to Kaspersky.

Report •

Related Solutions

#4
May 19, 2009 at 19:59:01
Ok post the scan log once it finished scanning.

--------------------------------------------
To Private Message me Click Here


Report •

#5
May 19, 2009 at 20:05:40
Here is the log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/19/2009 at 11:00 PM

Application Version : 4.26.1002

Core Rules Database Version : 3902
Trace Rules Database Version: 1848

Scan type : Quick Scan
Total Scan Time : 00:13:36

Memory items scanned : 781
Memory threats detected : 5
Registry items scanned : 657
Registry threats detected : 50
File items scanned : 9864
File threats detected : 71

Adware.CouponBar
C:\WINDOWS\COUPONBARIE.DLL
C:\WINDOWS\COUPONBARIE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32#ThreadingModel
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ProgID
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\Programmable
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\TypeLib
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\VersionIndependentProgID
HKCR\ToolBand.TTB000000.1
HKCR\ToolBand.TTB000000.1\CLSID
HKCR\ToolBand.TTB000000
HKCR\ToolBand.TTB000000\CLSID
HKCR\ToolBand.TTB000000\CurVer
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0\win32
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\FLAGS
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\HELPDIR
C:\WINDOWS\COUPON~1.DLL
HKU\S-1-5-21-632438095-305388623-695178728-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32#ThreadingModel
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ProgID
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Programmable
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\TypeLib
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\VersionIndependentProgID
HKCR\TTB000001.TTB000001.1
HKCR\TTB000001.TTB000001.1\CLSID
HKCR\TTB000001.TTB000001
HKCR\TTB000001.TTB000001\CLSID
HKCR\TTB000001.TTB000001\CurVer
HKU\S-1-5-21-632438095-305388623-695178728-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\ProxyStubClsid
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\ProxyStubClsid32
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\TypeLib
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\TypeLib#Version
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\ProxyStubClsid
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\ProxyStubClsid32
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\TypeLib
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\TypeLib#Version

Trojan.Unknown Origin
C:\DOCUME~1\MIMI\LOCALS~1\TEMP\WINNVBVS.EXE
C:\DOCUME~1\MIMI\LOCALS~1\TEMP\WINNVBVS.EXE
C:\DOCUME~1\MIMI\LOCALS~1\TEMP\WINAHSDDG.EXE
C:\DOCUME~1\MIMI\LOCALS~1\TEMP\WINAHSDDG.EXE
C:\DOCUME~1\MIMI\LOCALS~1\TEMP\MOOUWA.EXE
C:\DOCUME~1\MIMI\LOCALS~1\TEMP\MOOUWA.EXE
C:\DOCUME~1\MIMI\LOCALS~1\TEMP\IIPXXV.EXE
C:\DOCUME~1\MIMI\LOCALS~1\TEMP\IIPXXV.EXE
C:\DOCUMENTS AND SETTINGS\MIMI\LOCAL SETTINGS\TEMP\WINNVBVS.EXE
C:\DOCUMENTS AND SETTINGS\MIMI\LOCAL SETTINGS\TEMP\IIPXXV.EXE
C:\DOCUMENTS AND SETTINGS\MIMI\LOCAL SETTINGS\TEMP\MOOUWA.EXE
C:\DOCUMENTS AND SETTINGS\MIMI\LOCAL SETTINGS\TEMP\WINMJVRP.EXE
C:\DOCUMENTS AND SETTINGS\MIMI\LOCAL SETTINGS\TEMP\WINAHSDDG.EXE
C:\WINDOWS\Prefetch\WINNVBVS.EXE-2D52CCC1.pf
C:\WINDOWS\Prefetch\WINAHSDDG.EXE-3536FABD.pf
C:\WINDOWS\Prefetch\MOOUWA.EXE-088BBD34.pf
C:\WINDOWS\Prefetch\IIPXXV.EXE-02774F0D.pf
C:\WINDOWS\Prefetch\WINMJVRP.EXE-0810F2DA.pf

Unclassified.Unknown Origin
HKU\S-1-5-21-632438095-305388623-695178728-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9C42510-9B21-41C1-9DCD-8382A2D07C61}

Adware.Tracking Cookie
C:\Documents and Settings\mimi\Cookies\mimi@ads.cnn[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@atdmt[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@statse.webtrendslive[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@xiti[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@edge.ru4[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@insightexpressai[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@media6degrees[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@imrworldwide[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@data.coremetrics[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@at.atwola[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@specificmedia[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@specificclick[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@serving-sys[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@clickbank[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@advertising[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@media.adrevolver[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@bs.serving-sys[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@statcounter[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@ads.bridgetrack[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@doubleclick[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@c7.zedo[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@zedo[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@trafficmp[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@keygenguru[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@tacoda[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@www.googleadservices[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@revsci[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@interclick[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@questionmarket[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@richmedia.yahoo[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@msnportal.112.2o7[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@videodownloadx[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@borders.112.2o7[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@realmedia[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@tribalfusion[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@www.crackserialcodes[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@ad.yieldmanager[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@adcentriconline[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@247realmedia[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@dmtracker[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@www.googleadservices[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@apmebf[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@fastclick[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@adrevolver[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@ads.pointroll[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@smartadserver[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@mediaplex[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@msnbc.112.2o7[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@a1.interclick[2].txt

Trojan.Downloader-Gen/Multi
C:\WINDOWS\SYSTEM32\~.EXE
C:\WINDOWS\Prefetch\~.EXE-10AA984B.pf

Trojan.Agent/Gen-SDRA
C:\WINDOWS\SYSTEM32\SDRA64.EXE

Trojan.Unclassified
C:\WINDOWS\SYSTEM32\MPFSERVICEFAILURECOUNT.TXT

Trojan.MailDrop/Gen
C:\DOCUMENTS AND SETTINGS\MIMI\LOCAL SETTINGS\TEMP\WINETDXB.EXE
C:\WINDOWS\Prefetch\WINETDXB.EXE-1A722270.pf


Report •

#6
May 19, 2009 at 20:09:11
Ok fix what it detected and Reboot.

Next follow these steps next after reboot:

Can you please post your AVZ log:

1) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

3) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.

Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

--------------------------------------------
To Private Message me Click Here


Report •

#7
May 19, 2009 at 20:45:29
I can't open the link.

Report •

#8
May 19, 2009 at 20:49:39
What kind of error? Download it on another computer and copy it over make sure you rename avz.exe file.

--------------------------------------------
To Private Message me Click Here


Report •

#9
May 19, 2009 at 20:50:13
I cannot open the link at all.

Report •

#10
May 19, 2009 at 20:56:01
I may have to do that tomorrow. I don't have another computer with me right now.

Report •

#11
May 19, 2009 at 21:16:41
Ok wait i will upload it to rapidshare for you.

--------------------------------------------
To Private Message me Click Here


Report •

#12
May 19, 2009 at 21:18:53
Try: http://rapidshare.com/files/2350393...

--------------------------------------------
To Private Message me Click Here


Report •

#13
May 19, 2009 at 21:36:06
I downloaded it. Somehow, I had trouble with opening the .exe file. I opened it, the window closed after 5 seconds.

Report •

#14
May 19, 2009 at 21:37:51
Try to rename .exe and start again. If you still can't open it in safe mode and do the steps in safe mode.

--------------------------------------------
To Private Message me Click Here


Report •

#15
May 19, 2009 at 21:56:05
I cant start my computer in safe mode. I tried renaming it, it can't open either.

Report •

#16
May 19, 2009 at 22:04:39
http://rapidshare.com/files/2350474...

I got it now. What next?


Report •

#17
May 20, 2009 at 05:06:33
Run this script in AVZ and you PC will reboot:


begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\system32\~.exe','');
DelBHO('{5BED3930-2E9E-76D8-BACC-80DF2188D455}');
 DelBHO('{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}');
 QuarantineFile('C:\WINDOWS\COUPON~1.DLL','');
 DeleteService('abp470n5');
 StopService('abp470n5');
 QuarantineFile('C:\WINDOWS\system32\drivers\knksks.sys','');
 QuarantineFile('c:\docume~1\mimi\locals~1\temp\winqphugp.exe','');
 TerminateProcessByName('c:\docume~1\mimi\locals~1\temp\winqphugp.exe');
 QuarantineFile('c:\docume~1\mimi\locals~1\temp\tpim.exe','');
 TerminateProcessByName('c:\docume~1\mimi\locals~1\temp\tpim.exe');
 QuarantineFile('C:\WINDOWS\CouponBarIE.dll','');
 TerminateProcessByName('C:\WINDOWS\CouponBarIE.dll');
 DeleteFile('C:\WINDOWS\CouponBarIE.dll');
 DeleteFile('c:\docume~1\mimi\locals~1\temp\tpim.exe');
 DeleteFile('c:\docume~1\mimi\locals~1\temp\winqphugp.exe');
 DeleteFile('C:\WINDOWS\system32\drivers\knksks.sys');
 DeleteFile('C:\WINDOWS\COUPON~1.DLL');
 DeleteFile('C:\WINDOWS\system32\~.exe');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(13);
BC_Activate;
RebootWindows(true);
end.

After your PC reboots follow these steps:

Attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.co...

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post.

--------------------------------------------
To Private Message me Click Here


Report •

#18
May 20, 2009 at 06:47:42
How do I know that Combofix is running? Should I see an indicator? I have closed all windows and still having problems with combofix running. I also changed the name.

Report •

#19
May 20, 2009 at 07:00:54
What kind of problems? Please post a screen shot.

--------------------------------------------
To Private Message me Click Here


Report •

#20
May 20, 2009 at 07:05:16
There's nothing running in the background. I couldnt start the combofix.

Report •

#21
May 20, 2009 at 07:20:32
should there be anything indicating combofix is running at all?

I had to restart the computer in order to see whether combofix is running at all, since there is no indicator.


Report •

#22
May 20, 2009 at 07:27:45
Yes refer to: http://www.bleepingcomputer.com/com... <-- has picture guide. If you can't run combofix in normal mode run it in safe mode.

--------------------------------------------
To Private Message me Click Here


Report •

#23
May 20, 2009 at 08:47:41
I cant even run in safe mode. Help!

Report •

#24
May 20, 2009 at 08:48:30
LiveUpdate Engine COM Module has encountered a problem and needs to close. We are sorry for the inconvenience.

That window keeps popping on my screen!


Report •

#25
May 20, 2009 at 10:17:56
Its symantec antivirus try to uninstall and reinstall it. Rerun Step 3 of Response Number 1 and post a log.

--------------------------------------------
To Private Message me Click Here


Report •

#26
May 20, 2009 at 11:41:59
Now, everytime i try to uninstall through add remove programs, this window keeps popping up, non stop:

LiveUpdate Engine COM Module has encountered a problem and needs to close. We are sorry for the inconvenience.


Report •

#27
May 20, 2009 at 11:45:05
Use this tool from norton to uninstall: http://service1.symantec.com/SUPPOR...

--------------------------------------------
To Private Message me Click Here


Report •

#28
May 20, 2009 at 12:10:07
The pop up comes up when i try to access that website as well. Am i in big trouble?

Report •

#29
May 20, 2009 at 12:38:38
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/20/2009 at 03:37 PM

Application Version : 4.26.1002

Core Rules Database Version : 3902
Trace Rules Database Version: 1848

Scan type : Quick Scan
Total Scan Time : 00:14:10

Memory items scanned : 760
Memory threats detected : 1
Registry items scanned : 648
Registry threats detected : 47
File items scanned : 10377
File threats detected : 22

Trojan.Unknown Origin
C:\DOCUME~1\MIMI\LOCALS~1\TEMP\WINCRFG.EXE
C:\DOCUME~1\MIMI\LOCALS~1\TEMP\WINCRFG.EXE
C:\DOCUMENTS AND SETTINGS\MIMI\LOCAL SETTINGS\TEMP\WINCRFG.EXE
C:\WINDOWS\Prefetch\WINCRFG.EXE-21C93C4C.pf

Adware.CouponBar
HKU\S-1-5-21-632438095-305388623-695178728-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32#ThreadingModel
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ProgID
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Programmable
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\TypeLib
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\VersionIndependentProgID
HKCR\TTB000001.TTB000001.1
HKCR\TTB000001.TTB000001.1\CLSID
HKCR\TTB000001.TTB000001
HKCR\TTB000001.TTB000001\CLSID
HKCR\TTB000001.TTB000001\CurVer
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0\win32
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\FLAGS
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\HELPDIR
C:\WINDOWS\COUPONBARIE.DLL
HKU\S-1-5-21-632438095-305388623-695178728-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32#ThreadingModel
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ProgID
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\Programmable
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\TypeLib
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\VersionIndependentProgID
HKCR\ToolBand.TTB000000.1
HKCR\ToolBand.TTB000000.1\CLSID
HKCR\ToolBand.TTB000000
HKCR\ToolBand.TTB000000\CLSID
HKCR\ToolBand.TTB000000\CurVer
C:\WINDOWS\COUPON~1.DLL
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\ProxyStubClsid
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\ProxyStubClsid32
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\TypeLib
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\TypeLib#Version
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\ProxyStubClsid
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\ProxyStubClsid32
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\TypeLib
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\TypeLib#Version

Adware.Tracking Cookie
C:\Documents and Settings\mimi\Cookies\mimi@atdmt[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@xiti[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@media6degrees[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@at.atwola[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@advertising[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@doubleclick[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@trafficmp[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@tacoda[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@interclick[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@tribalfusion[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@ad.yieldmanager[2].txt
C:\Documents and Settings\mimi\Cookies\mimi@apmebf[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@smartadserver[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@mediaplex[1].txt
C:\Documents and Settings\mimi\Cookies\mimi@a1.interclick[1].txt

Trojan.MailDrop/Gen
C:\DOCUMENTS AND SETTINGS\MIMI\LOCAL SETTINGS\TEMP\OFPR.EXE
C:\WINDOWS\Prefetch\OFPR.EXE-000644D5.pf


Report •

#30
May 20, 2009 at 13:04:26
Fix what it found. Then follow:

Download and run Kaspersky AVP tool:

http://devbuilds.kaspersky-labs.com...

Once you download and start the tool select all the objects/places to be scanned and hit Scan. Fix what it detects and at the end of the scan post screen shot/log of detected items that is fixed and which it could not fix.

--------------------------------------------
To Private Message me Click Here


Report •

#31
May 20, 2009 at 13:11:55
I have a problem accessing that website.

Report •

#32
May 20, 2009 at 13:28:55
I have a problem accessing that website.

Report •

#33
May 20, 2009 at 14:08:26
Options are limited if you can't run that tool or combofix. Try to download it on other computer burn a cd and transfer it over. Also post new AVZ log follow these direction closely and run them in AVZ. Make sure you download AVZ again.

1)


begin
ExecuteRepair(13);
ExecuteRepair(14);
ExecuteRepair(15);
SetAVZPMStatus(True);
rebootwindows(true);
end.



Your computer will reboot. After it reboots follow:

2) Response Number 6

--------------------------------------------
To Private Message me Click Here


Report •


Ask Question