Thanks. So I rebooted the pc in Safe mode and ran MBAM. After running, MBAM, I rebooted the pc in Normal mode and tried running MBAM again, but it started throwing up the error " Application cannot be executed. The file *exe is infected ". I tried running all version of Rkill too but they failed again.
I want to make sure that while rebooting the pc on safe mode, we just have to run MBAM, because I did the same. I didn't run Rkill or any SuperAntiSpyware before it in safe mode. Please advise as to what should I do in this case.
Below is the log that is generated after running MBAM in safe mode
MBAM Log ( Safe Mode) -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.orgDatabase version: 5363
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.19019
2/12/2011 4:51:44 PM
mbam-log-2011-02-12 (16-51-44).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 498250
Time elapsed: 1 hour(s), 29 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 29
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 54
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Value: *.securewebinfo.com -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Value: *.safetyincludes.com -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Value: *.securemanaging.com -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhoxbnn (Rogue.AntivirusSuite.Gen) -> Value: whhoxbnn -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\playalldvd (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Roaming\microsoft\Windows\start menu\Programs\playalldvd (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
c:\$Recycle.Bin\s-1-5-21-194466675-3726487838-1396600599-1000\$RN7SX62.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\playalldvd\uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\102D.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\1230.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\1C45.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\1s9e17.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\23BB.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\2F1A.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\31D9.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\3266.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\3E8B.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\485C.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\49BD.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\5446.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\56AB.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\587B.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\5910.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\6240.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\646.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\6A3D.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\6AEA.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\8802.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\94D2.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\98B9.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\A480.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\A62D.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\AB70.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\B9F6.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\BA0A.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\BAD0.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\C656.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\CF5F.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\D45E.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\D8C3.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\DFA6.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\E375.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\err.log41823868 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\err.log41823899 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\F0D9.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\FCBD.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\ms0cfg32.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\spfymx.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Roaming\adgs.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\lovish\downloads\favorites\antivirus scan.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\Users\lovish\documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\Users\lovish\documents\my videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\0.40328263999429814.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\0.528198453305841.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Local\Temp\windows_security_center.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\lovish\documents\Desktop\thinkpoint.lnk (Rogue.ThinkPoint) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Roaming\microsoft\Windows\start menu\Programs\thinkpoint.lnk (Rogue.ThinkPoint) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\lovish\AppData\Roaming\microsoft\Windows\start menu\Programs\playalldvd\uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.