Ok…I’m a NOOB…
Did full scan…the whole nine yards…
In the CHEST I have…if I can read my scribbles:
12…WIN 32:PUP-gen[PUP]
2…WIN 32:VB-QUG [Trj]
1…JS:111 redir DK[Trj]
Do I delete these with no issues or do I need to put up more info
Chest is safe to be keep these files. They won’t harm there.
Better is wait some days before rescaning them within Chest (right click) and then delete them 
I would also suggest running a “second opinion” scan with the free (or paid, if you prefer) version of MBAM. Have it remove anything found. (Removal places the infected files into MBAM’s quarantine.)
Quarantine, chest, etc, it is a protected vault. Malicious files are safe there. No rush to delete them at all.
Get MBAM here: http://www.malwarebytes.org/
Any reason why I would be getting pop ups.I didn’t get them before I loaded Avast…I have the PAID version
Popup blocker doesn’t stop em either
The text within the popups?
A screenshot would be good.
Here’s 2…so far these are the only sites where I get popups…every day…
http://img97.imageshack.us/img97/4699/ningk.png
http://img192.imageshack.us/img192/35/32923185.png
Before I installed AVAST…I never got any popups…all I ran was MSE
Yesterday I downloaded MAMB…ran full scan and had @ 30 issues…
So far I’ve scanned individual files…found nothing…even the hard drive and found nothing
I’ve had 1 issue with an aparrent virus but got it deleted before it could load
I’ve even talked to Tech Support on both those sites…sent screen shots…they’ve tried to replicate but can’ get anything to pop up
When you scan in the Virus Chest how will I know when to delete the files
Can you please post the log from MBAM here, as an attachment. (See Additional Options at the lower left of the reply pane.) The MBAM log/s can be located by opening MBAM and looking in the centre tab.
It looks like something that may have installed with a rogue toolbar, or similar. It could be the “PUP” (potentially unwanted program - adware) that Avast quarantined. I’ll have a better idea after seeing the log.
Sure…lemmee see
This it…?
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5602
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/25/2011 4:39:35 PM
mbam-log-2011-01-25 (16-39-35).txt
Scan type: Full scan (C:|D:|)
Objects scanned: 229807
Time elapsed: 55 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 25
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) → Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Don’t know if this relevent…but it’s in the VIRUS CHEST @ 9 times
174_137_146_170 [2] C:\Documents and Settings HP Administrator
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Nevermind just had a popup it’s a TROJAN…it’s now in the CHEST
Like I said…Imma NOOB…know some stuff but don’t know it all
Please update MBAM and run another scan. Close all browsers (Internet explorer) while doing so.
Have it remove anything found. If it prompts to reboot to complete removal, do so promptly.
If this doesn’t work, follow the directions in the first post by essexboy here and post the most recent MBAM log and the OTL logs to this topic. (Not the thread I linked to.)
OTL logs??
Read the post I linked to, and follow the directions.
3 scans done today…
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5602
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/26/2011 10:48:14 AM
mbam-log-2011-01-26 (10-48-14).txt
Scan type: Full scan (C:|D:|)
Objects scanned: 229734
Time elapsed: 41 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085534.DLL (PUP.FunWebProducts) → Quarantined and deleted successfully.
c:\system volume information_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085539.DLL (PUP.FunWebProducts) → Quarantined and deleted successfully.
c:\system volume information_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085526.scr (PUP.FunWebProducts) → Quarantined and deleted successfully.
c:\system volume information_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085528.DLL (PUP.FunWebProducts) → Quarantined and deleted successfully.
c:\system volume information_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085529.DLL (PUP.FunWebProducts) → Quarantined and deleted successfully.
c:\system volume information_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085530.DLL (PUP.FunWebProducts) → Quarantined and deleted successfully.
c:\system volume information_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085533.DLL (PUP.FunWebProducts) → Quarantined and deleted successfully.
c:\system volume information_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085536.SCR (PUP.FunWebProducts) → Quarantined and deleted successfully.
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5602
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/26/2011 5:24:55 PM
mbam-log-2011-01-26 (17-24-55).txt
Scan type: Quick scan
Objects scanned: 1
Time elapsed: 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5611
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/26/2011 6:09:12 PM
mbam-log-2011-01-26 (18-09-12).txt
Scan type: Full scan (C:|D:|)
Objects scanned: 231644
Time elapsed: 43 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
In QUARANTINE 8 from today all the same…
PUP.Fun Web Products c:\system volume information\restore{106cf321-99a3-4c3
So far so good. Any more popups or malware detections?
If not, wait and see. No need to delete anything from quarantine, yet.
You will find that one or more of your system restore points are likely to be inoperative, which is no big deal.
(System restore has its uses, but can be unreliable, and doesn’t take the place of backing up your files/photos etc from time to time.) You might wish to delete your earlier system restore points.
Be a bit careful as to what toolbars you install. Mywebsearch has a iffy reputation, at best. I don’t use toolbars at all. Hate 'em. If I were you, and you really want a toolbar, I’d just have one installed, and uninstall all the others. There is a link here that contains another link to their uninstall utility. I recommend running it.(I’ve checked it; it’s ok.) There is info available all over the web regarding My Web Search etc. The info available at PCHell might be of interest to you.
It would be a good idea to run the disk cleanup utility if you haven’t run it for a while, or download and run Ccleaner, by piriform. I’d use the slim version (without a toolbar), available bottom of the page. Don’t select everything for cleaning. You can get rid of stuff you might want to keep. Anything titled “temp” or “temporary” is safe to go. There are very good help files online for this program.
Hope that helps, and you are free of problems now. Check back and let us know in a week or so, or straight away if there are any problems (or questions) at all.
If you still have popups and/or malware detections, scan with OTL as directed in essexboys’ post, and post the info and log below. I’ll then let him know they are here.
My Websearch was deleted about a month ago…evidently not completely…it just seemed to popup one day
I’ll deinately try the other procedures you mentioned…Really appreciate the info and the help…
Ran a DEEP SCAN last night…
Full MABM this morning
174_137_146_170 went from 9 to like 20?..make that 23 in quarintine
Also went to the PC HELL site…that addy is now in quarintine??