my mothers computer was infected with the malware protection virus. I removed it using mbam without any issue. but in my browser i was still getting redirected so i installed S.A.S and then booted into safe mode with networking. then xp internet security 2012 popped up during safe mode. I knew it was a rogue so i ignored it until super anti spyware was finished scanning. it removed the rogue. then when i booted the machine and tried to launch any program (including cmd) it would come up with the error " open with". please help! ( in the S.A.S log i did delete the tracking cookie info)
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7277
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/26/2011 9:47:13 AM
mbam-log-2011-07-26 (09-47-08).txt
Scan type: Full scan (C:\|)
Objects scanned: 234449
Time elapsed: 3 hour(s), 36 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\all users\application data\defender.exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\bill \local settings\Temp\0.4096347664751798.exe (Exploit.Drop.2) -> No action taken.
c:\documents and settings\bill \local settings\Temp\0.5610624693250243.exe (Exploit.Drop.2) -> No action taken.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/26/2011 at 12:40 PM
Application Version : 4.50.1002
Core Rules Database Version : 7460
Trace Rules Database Version: 5272
Scan type : Complete Scan
Total Scan Time : 01:44:26
Memory items scanned : 279
Memory threats detected : 0
Registry items scanned : 10417
Registry threats detected : 5
File items scanned : 38492
File threats detected : 168
Trojan.Agent/Gen
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#483227614
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#483227614
Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY
Trojan.Agent/Gen-Frauder
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\QXC.EXE
Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1018\A0144218.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1019\A0144232.EXE
Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\WINDSET.DLL
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7277
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/26/2011 9:47:13 AM
mbam-log-2011-07-26 (09-47-08).txt
Scan type: Full scan (C:\|)
Objects scanned: 234449
Time elapsed: 3 hour(s), 36 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\all users\application data\defender.exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\bill \local settings\Temp\0.4096347664751798.exe (Exploit.Drop.2) -> No action taken.
c:\documents and settings\bill \local settings\Temp\0.5610624693250243.exe (Exploit.Drop.2) -> No action taken.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/26/2011 at 12:40 PM
Application Version : 4.50.1002
Core Rules Database Version : 7460
Trace Rules Database Version: 5272
Scan type : Complete Scan
Total Scan Time : 01:44:26
Memory items scanned : 279
Memory threats detected : 0
Registry items scanned : 10417
Registry threats detected : 5
File items scanned : 38492
File threats detected : 168
Trojan.Agent/Gen
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#483227614
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#483227614
Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY
Trojan.Agent/Gen-Frauder
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\QXC.EXE
Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1018\A0144218.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1019\A0144232.EXE
Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\WINDSET.DLL