[Closed] Trying to stop ads from Intelligent Advisor

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

[Closed] Trying to stop ads from Intelligent Advisor

Options

murphyslaw View Member Profile	Jul 27 2008, 01:57 PM Post #1
New Member Group: New Member Posts: 1 Joined: 27-July 08 Member No.: 80,574 Operating System: Windows Vista	Hey there, I've starting getting pop-ups from intelligent advisor/zedo which i think are the result of a free mp3 program. I downloaded and ran the anti-malware program and below are the results... Malwarebytes' Anti-Malware 1.23 Database version: 999 Windows 6.0.6001 Service Pack 1 8:26:49 PM 27/7/2008 mbam-log-7-27-2008 (20-26-49).txt Scan type: Quick Scan Objects scanned: 36156 Time elapsed: 4 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 13 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 9 Files Infected: 16 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully. C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Users\Melinda\AppData\Local\Temp\tem4B4.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Users\Melinda\AppData\Local\Temp\temC794.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Users\Melinda\AppData\Local\Temp\temC831.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\main.db-journal (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully. C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully. C:\Windows\System32\ias.dll (Trojan.Agent) -> Quarantined and deleted successfully. The pop-ups are still here so i must of done something wrong along the way! Any chance you could help me out on this one?? Thanks heaps!!

ken545 View Member Profile	Jul 29 2008, 11:08 AM Post #2
SuperHelper Group: Malware Expert Posts: 7,772 Joined: 3-December 04 From: Darien, Connecticut Member No.: 19,436 Operating System: Win Xp Home SP2/ Vista Home Premium	Hello murphyslaw Welcome to the Whatthetech Malware Removal Forum Download Trendmicros Hijackthis to your desktop. Double click it to install Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe Open HJT Scan and Save a Log File, it will open in Notepad Go to Format and make sure Wordwrap is Unchecked Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread. DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

ken545 View Member Profile	Aug 7 2008, 05:43 AM Post #3
SuperHelper Group: Malware Expert Posts: 7,772 Joined: 3-December 04 From: Darien, Connecticut Member No.: 19,436 Operating System: Win Xp Home SP2/ Vista Home Premium	Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
[Closed] Need Help Removing Junk!	7	Pomegranate	73	21 minutes ago Last post by: jpshortstuff
[Closed] Baseline	2	leeleecm	57	21 minutes ago Last post by: jpshortstuff
[Closed] Can't Stop IE Window Pop Ups	4	utvol085	67	22 minutes ago Last post by: jpshortstuff
[Resolved] UiPopHidden, Can't seem to get it out! Please 12	26	Cutichyk	121	Today, 06:15 AM Last post by: LDTate
[Resolved] Antivirus 2009 infection	5	medicman151	56	Today, 01:33 AM Last post by: mschroe919