Avast not catching some virus in my computer...and decompression bomb probs

[helpme22]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/19/2009 at 01:18 AM

Application Version : 4.25.1014

Core Rules Database Version : 3804
Trace Rules Database Version: 1759

Scan type       : Complete Scan
Total Scan Time : 01:52:45

Memory items scanned      : 604
Memory threats detected   : 0
Registry items scanned    : 6452
Registry threats detected : 51
File items scanned        : 28552
File threats detected     : 215

Trojan.FakeAlert-IEBT
   HKLM\Software\Classes\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}
   HKCR\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}
   HKCR\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}
   HKCR\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}\Implemented Categories
   HKCR\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
   HKCR\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}\InprocServer32
   HKCR\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}\InprocServer32#ThreadingModel
   C:\PROGRAM FILES\APPLICATIONS\IEBR.DLL
   HKU\S-1-5-21-861706201-3366741721-2364323922-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}
   HKU\S-1-5-21-861706201-3366741721-2364323922-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}

Adware.E404 Helper/Variant-V
   HKLM\Software\Classes\CLSID\{616F9AB4-A605-48B5-B7AE-B6B68E6C3CAB}
   HKCR\CLSID\{616F9AB4-A605-48B5-B7AE-B6B68E6C3CAB}
   HKCR\CLSID\{616F9AB4-A605-48B5-B7AE-B6B68E6C3CAB}
   HKCR\CLSID\{616F9AB4-A605-48B5-B7AE-B6B68E6C3CAB}\InprocServer32
   HKCR\CLSID\{616F9AB4-A605-48B5-B7AE-B6B68E6C3CAB}\InprocServer32#ThreadingModel
   HKCR\CLSID\{616F9AB4-A605-48B5-B7AE-B6B68E6C3CAB}\ProgID
   HKCR\CLSID\{616F9AB4-A605-48B5-B7AE-B6B68E6C3CAB}\Programmable
   HKCR\CLSID\{616F9AB4-A605-48B5-B7AE-B6B68E6C3CAB}\TypeLib
   HKCR\CLSID\{616F9AB4-A605-48B5-B7AE-B6B68E6C3CAB}\VersionIndependentProgID
   HKCR\y456.y456mgr.1
   HKCR\y456.y456mgr.1\CLSID
   HKCR\y456.y456mgr
   HKCR\y456.y456mgr\CLSID
   HKCR\y456.y456mgr\CurVer
   HKCR\TypeLib\{E63648F7-3933-440E-AAAA-A8584DD7B7EB}
   C:\WINDOWS\SYSTEM32\829275\829275.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{616F9AB4-A605-48B5-B7AE-B6B68E6C3CAB}
   HKU\S-1-5-21-861706201-3366741721-2364323922-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{616F9AB4-A605-48B5-B7AE-B6B68E6C3CAB}

Adware.SearchTool
   HKU\S-1-5-21-861706201-3366741721-2364323922-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057}

Trojan.Smitfraud Variant/IE Anti-Spyware
   HKU\S-1-5-21-861706201-3366741721-2364323922-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E}

Adware.Tracking Cookie
(I am leaving out the details of tracking cookie results as they were 212 in number.  If you guys really want me to post them I will)

[helpme22]

Adware.MyWebSearch/FunWebProducts
   HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}

Trojan.Media-Codec
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool#DisplayName
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool#UninstallString
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar#DisplayName
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar#UninstallString
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center#DisplayName
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center#UninstallString

Adware.E404 Helper/Hij
   HKCR\CLSID\e405.e405mgr
   HKCR\CLSID\e405.e405mgr#UserId
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
   HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
   HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
   HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
   HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
   HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

Browser Hijacker.Favorites
   C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\FAVORITES\ANTIVIRUS SCAN.URL

[DavidR]

OK, since your MBAM log shows no action taken, run MBAM again and the detected items should all selected/ticked (if they aren't selected, select them as all appear good detections), and click the remove selected button, see image.

[helpme22]

Malwarebytes' Anti-Malware 1.34
Database version: 1868
Windows 5.1.2600 Service Pack 3

3/19/2009 12:23:11 PM
mbam-log-2009-03-19 (12-23-11).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 183078
Time elapsed: 1 hour(s), 29 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\y456.y456mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y456.y456mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{616f9ab4-a605-48b5-b7ae-b6b68e6c3cab} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{616f9ab4-a605-48b5-b7ae-b6b68e6c3cab} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5ed7d3de-6dbe-4516-8712-01b1b64b7057} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cfee97a3-4911-444d-8be8-e243a23d3de2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53e0b6e8-a51d-448b-b692-40b67b285543} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{616f9ab4-a605-48b5-b7ae-b6b68e6c3cab} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MSx (Rogue.MSAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windowsisearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windowsisearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windowsisearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\829275 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\bszip.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

[DavidR]

OK, that looks much better as far as the MBAM scan goes.

I presume that you also let SAS take care of what it detected ?

If so that's fine, no need to post the info on tracking cookies, they are a minor niggle and one of privacy rather than security. However you should let SAS remove them, in your browser you should not allow third party cookies (those not from the site you are visiting) and periodically clear your cookies from your browser settings.

[helpme22]

I hate to sound so uneducated on the subject but how do I not allow third party cookies and how do I clear them out of the browser?

[helpme22]

I used SAS and MBAM I fixed everything that came up and I still have an msn messenger icon in my tool bar that I did not download.  My processor speed is much better though 

[Mr.Agent]

My processor speed is much better though 

Good to hear

[DavidR]

I hate to sound so uneducated on the subject but how do I not allow third party cookies and how do I clear them out of the browser?

That depends on what browser you use.

Firefox which is my default browser is in Tools, Options, Privacy, and uncheck Accept third-party cookies, see image.

It is similar in IE under Tools, Internet Options, Privacy, set to Medium should block third party cookies.

[helpme22]

I use internet explorer but was looking into the pros and cons of sweitching to firefox...what do you think?

[DavidR]

I'm biased

I have been using firefox for what seems years now and it is I feel more secure than IE as a) it doesn't have activeX, b) it doesn't have BHOs both of which are vectors for attack and c) it isn't an integral part of the OS, so if your browser happens to be exploited then technically your OS has been also.

It has a massive array of add-ons, many of them security based NoScript I wouldn't be without and there is no IE equivalent. I also think that it is more configurable and flexible.

[Lisandro]

I use internet explorer but was looking into the pros and cons of sweitching to firefox...what do you think?

Firefox, no doubt for me.
More secure (if you use NoScript), much more flexible with the extensions that improve your browsing experience.

[CharleyO]

***

I am biased also ... go with Opera 9 !   


***

[helpme22]

Tech, I was going to follow your first advice on my problem but I don't know how to disable system restore.  I still have an msn messenger icon and I don't have the program.  I have tried to go to add/remove programs to remove it and it is not there.  So my assumtion is that it is some type of virus. 

Thank you all for the great feedback on all of my questions and issues.

[Lisandro]

Tech, I was going to follow your first advice on my problem but I don't know how to disable system restore.

Disable System Restore on Windows ME, XP or Vista. System Restore is not available in Windows 9x and 2k. After disabling you can enable it again.