Jump to content

Mbam and HJT logs


Recommended Posts

Hello,

Here is my problem:

During the MBAM quick scan, several windows pop-up with a message saying "Malwarebytes' Anti-Malware has detected a malicious process attempting to start and has blocked all execution attempts from this process. Select an option below." Then it shows the file location, one of them, for example is "D:\WINDOWS\msmqinst.log (Trojan Agent)" Then the 3 choices are "Disable Protection," "Ignore," and "Terminate." So I terminate each one of about 50, one after the other. Then the log reports that No malicious items were detected. Below are the recent MBAM log and HJT log files, I don't know what to "Fix" if anything, I don't know how to detect a false positive and I have no idea how to tell if a file is bad or good.... I need help from someone who understands this. Thank you, in advance, and please let me know if I could have done this in a better way. -kimian

Malwarebytes' Anti-Malware 1.39

Database version: 2525

Windows 5.1.2600 Service Pack 3

7/28/2009 10:30:22 PM

mbam-log-2009-07-28 (22-30-22).txt

Scan type: Quick Scan

Objects scanned: 95556

Time elapsed: 2 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:00:21 PM, on 7/28/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Windows Defender\MsMpEng.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Bonjour\mDNSResponder.exe

D:\WINDOWS\system32\CTsvcCDA.exe

D:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

D:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Sandboxie\SbieSvc.exe

d:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\TUProgSt.exe

D:\WINDOWS\system32\MsPMSPSv.exe

D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

D:\Program Files\Canon\CAL\CALMAIN.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\PixArt\PAC7302\Monitor.exe

D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

D:\Program Files\Sandboxie\SbieCtrl.exe

D:\WINDOWS\system32\ctfmon.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Malwarebytes' Anti-Malware\mbam.exe

D:\WINDOWS\hh.exe

D:\Documents and Settings\Kim Watkins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

D:\Documents and Settings\Kim Watkins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

D:\Documents and Settings\Kim Watkins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

D:\Documents and Settings\Kim Watkins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

D:\Documents and Settings\Kim Watkins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [sandboxieControl] "D:\Program Files\Sandboxie\SbieCtrl.exe"

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Links to this page - D:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm

O8 - Extra context menu item: &Similar pages - D:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Open in &new window - D:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm

O8 - Extra context menu item: Search with &Google - D:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm

O8 - Extra context menu item: Translate this page with Google - D:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm

O8 - Extra context menu item: Zoom &in

Link to post
Share on other sites

Hi kimian111 and Welcome to Malwarebytes!

I see your using Sandbox., but I want to look at a uninstall list please.

I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.
Link to post
Share on other sites

32 Bit HP CIO Components Installer

Acer eDisplay Management

Acrobat.com

Adobe Acrobat 5.0

Adobe AIR

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Flash Player 9 ActiveX

Adobe Media Player

Adobe Reader 9.1.2

Adobe Shockwave Player 11.5

Adventure Chronicles The Search for Lost Treasure

Advertising Center

ANIO Service

ANIWZCS2 Service

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoImpression 5

ArcSoft VideoImpression 2

ATI - Software Uninstall Utility

Audacity 1.2.6

AVS Update Manager 1.0

AVS Video Converter 6

AVS4YOU Software Navigator 1.3

Belarc Advisor 7.2

Bonjour

Canon Camera Access Library

Canon Camera Support Core Library

Canon G.726 WMP-Decoder

Canon MovieEdit Task for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC

Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities EOS Utility

Canon Utilities MyCamera

Canon Utilities MyCamera DC

Canon Utilities PhotoStitch

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Cantabile Solo 2.0 Demo

Compatibility Pack for the 2007 Office system

Creative System Information

DolbyFiles

Dream Chronicles (remove only)

Dream Chronicles 2

Dream Chronicles 2 (remove only)

Dream Chronicles 3

Five By Five

Google Gears

Google Update Helper

Handy Image Mapper 1.5

Hell's Kitchen 1.0.7

HijackThis 2.0.2

Homer Pro version 1.4

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)

Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)

Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)

Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)

Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)

Hotfix for Office (KB950278)

Hotfix for Windows XP (KB942288-v3)

HP Deskjet All-In-One Software 8.0

HP Imaging Device Functions 8.0

HP Photosmart Essential

HP Product Assistant

HP Solution Center 8.0

HP Update

IIS 6.0 Resource Kit Tools

IIS Diagnostics Toolkit January 2006 (x86)

Inkscape 0.46

Internet Information Services (IIS) 7.0 Manager

Java 6 Update 12

king.com (remove only)

MagnaCam 10x25B

Malwarebytes' Anti-Malware

Media Library Management Wizard

Menu Templates - Starter Kit

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1

Microsoft ASP.NET MVC 1.0

Microsoft Expression Media 2 SP2

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Converter Pack

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Visual Web Developer 2007

Microsoft Office Visual Web Developer MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office Word Viewer 2003

Microsoft Picture It! Express 7.0

Microsoft Picture It! Publishing 2001

Microsoft Silverlight

Microsoft SQL Server 2008

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Management Objects

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files (English)

Microsoft SQL Server Compact 3.5 SP1 Design Tools English

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft SQL Server Database Publishing Wizard 1.3

Microsoft SQL Server VSS Writer

Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

Microsoft Visual C# 2008 Express Edition with SP1 - ENU

Microsoft Visual C# 2008 Express Edition with SP1 - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual Studio Web Authoring Component

Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU

Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU

Microsoft Web Platform Installer

Microsoft Windows Media Video 9 VCM

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

Morse Pilot 1.0

Motorola SM56 Speakerphone Modem

Movie Maker Background Music Files

Movie Maker Sound Effects

Movie Maker Title Images

Movie Templates - Starter Kit

MSDN Library for Visual Studio 2008 Express Editions SP1

MSXML 4.0 SP2 (KB954430)

MSXML 6.0 Parser (KB933579)

Name That Plane

Nero 8

Nero 9

Nero 9 Trial

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero DiscSpeed

Nero DriveSpeed

Nero InfoTool

Nero Installer

Nero Live

Nero PhotoSnap

Nero Recode

Nero Rescue Agent

Nero ShowTime

Nero StartSmart

Nero Vision

Nero WaveEditor

NeroBurningROM

NeroExpress

NeroLiveGadget

neroxml

NVIDIA Drivers

Packet Tracer 5.1

PC VGA Camer@ Plus

Personal License Update Wizard for Windows Media Player

PilotMorse

Pivot Software

Plants vs. Zombies (remove only)

Plus! MP3 Audio Converter LE

QuickTime

RangeBooster G WUA-2340

Realtek High Definition Audio Driver

Rhapsody

Sandboxie 3.38

SDK

SecondLife (remove only)

Security Update for 2007 Microsoft Office System (KB951550)

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB969679)

Security Update for Microsoft Office Excel 2007 (KB969682)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB969693)

Security Update for Microsoft Office system 2007 (KB954326)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office Word 2007 (KB969604)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB973346)

Shockwave

Sound Blaster Live!

SoundTrax

Spelling Dictionaries Support For Adobe Reader 9

Sql Server Customer Experience Improvement Program

SQL Server System CLR Types

TuneUp Utilities 2009

Update for 2007 Microsoft Office System (KB967642)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Visual Studio Web Authoring Component (KB945140)

Update for Outlook 2007 Junk Email Filter (kb962871)

Update for Windows Internet Explorer 8 (KB968220)

Verizon Yahoo! Applications

VLC media player 0.9.8a

Web Deployment Tool Release Candidate 1

WildTangent Games

Windows Defender

Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Bonus Pack for Windows XP

Windows Media Encoder 9 Series

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows Media Player 9 Series Power Toy - Ratings Migration

Windows Media Player 9 Series TweakMP PowerToy

Windows Media Player Playlist Import to Excel Wizard

Windows Media Player Skin Importer

Windows Media Player Tray Control

Windows Vista Upgrade Advisor

WinRAR archiver

Yahoo! Mail Advisor

Yahoo! Software Update

Yahoo! Toolbar

Link to post
Share on other sites

I know you have Sandboxie, but I do not see an anti-virus program installed on your computer. It is extremely important that you have an antivirus program installed and running on your computer to prevent possible infections. I would like you to download and install a free antivirus program..

Be sure to update Avira and to a full scan... Please post a fresh HijackThis log.

If you have any questions kimian111 let me know.

Link to post
Share on other sites

Hi Kenny94,

Thank you for your help, btw. I did as you suggested. Here is the Hijack This log report for the scan I initiated directly after running the Avira full scan.

There were 12 warnings and 2 detections. I clicked on the button to repair everything. Then ran the HJ scan. Thank you again.

Kimian111

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:44:46 PM, on 7/30/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

D:\WINDOWS\PixArt\PAC7302\Monitor.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Sandboxie\SbieCtrl.exe

D:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\Sandbox\Kim_Watkins\DefaultBox\drive\D\Program Files\Sandboxie\SandboxieRpcSs.exe

D:\Program Files\Sandboxie\SandboxieDcomLaunch.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Avira\AntiVir Desktop\avgnt.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Sandbox\Kim_Watkins\DefaultBox\drive\D\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

F2 - REG:system.ini: Shell=x

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [PAC7302_Monitor] D:\WINDOWS\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')

O4 - HKUS\S-1-5-21-1482476501-1659004503-839522115-1003\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Links to this page - D:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm

O8 - Extra context menu item: &Similar pages - D:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Open in &new window - D:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm

O8 - Extra context menu item: Search with &Google - D:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm

O8 - Extra context menu item: Translate this page with Google - D:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm

O8 - Extra context menu item: Zoom &in

Link to post
Share on other sites

We'll play it safe and run Kaspersky WebScanner. Besides Java needs to be updated anyways.... <_<

We'll use CCleaner to help Kaspersky online scanner run smoother as well.

  • Download and install CCleaner
  • CCleaner
  • Double-click on the downloaded file ccsetup220_slim.exe and install the application.
  • Keep the default installation folder C:\Program Files\CCleaner
  • Click finish when done and close ALL PROGRAMS
  • Start the CCleaner program.
  • Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
  • Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  • Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  • Click on Run Cleaner button on the bottom right side of the program.
  • Click OK to any prompts

Disable your current Anti-Virus and run this Online AV scanner.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases

    [*]Click on My Computer under Scan.

    [*]Once the scan is complete, it will display the results. Click on View Scan Report.

    [*]You will see a list of infected items there. Click on Save Report As....

    [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

    [*]Please post this log in your next reply.

Upgrading Java:

  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 14.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

Note: Kaspersky does not remove anything but will provide a log of anything it finds. Kaspersky is very thorough of finding infections. Also, it takes a while to run. You might want to grab your favor beverage after the scanning process begins...:-)

Link to post
Share on other sites

Disable your current Anti-Virus and run this Online AV scanner.

Please do an online scan with Kaspersky WebScanner

OK, I ran the ccleaner and cleaned everything it found. Then I went to the Kaspersky Webscanner, went to disable my avira antivirus, as instructed, but I could not find a way to disable it . So, I am currently stuck at this stage. How do I disable it?

Thank you! Kimian111

Link to post
Share on other sites

Hi kimian111

Click on the (Avira Antivir Icon) in the system tray. Uncheck the AntiVir Guard enable by clicking on it one time. After you are done. Be sure to uncheck Guard enable.

Okay, I uncheck guard enable, then uncheck it again after I'm done? Wouldn't it already be unchecked? or did you mean to check it again after i'm done? <_< I'm guessing you meant to uncheck/check... so, I uncheckec guard enable. Then installed Java SE Runtime Environment (JRE) JRE 6 Update 14 successfully.

Next, I followed all directions with the Kaspersky Online Webscanner and it ran for about 45 min or so, then returned an error. It said that the scan failed and to restart it, so I did and it happened again.

I tried to update malwarebytes and I got this error to report to someone at Malwarebytes: error: 732 (0, 0).

What next??? If you aren't tired of me yet.

The truth is, I am very serious about security, and I try to keep lots of my elders safe (which isn't easy). I am at the technician level with Cisco networking, and I still can't make sense of the security battle, however, I have not yet taken their security courses, but plan to. I'm just talking about general lay persons' being able to ward off the hyienas out there. It's is too common and too easy. I am desparately trying not to lose all of my documents again, and here I am, still getting taken over no matter how cautious I try to be. So, thank you very much for working with me. Your efforts will not be in vain. :unsure:

Kimian111

Link to post
Share on other sites

have not yet taken their security courses, but plan to. I'm just talking about general lay persons' being able to ward off the hyienas out there.

When we are done, I have a free security class you can attend. And learn how to remove malware as well... I'll sent you a PM on the details. Lets deal with this.

Follow these instructions please:

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.

2. Restart your computer (very important).

3. Download and run this utility. http://www.malwarebytes.org/mbam-clean.exe

4. It will ask to restart your computer (please allow it to).

5. After the computer restarts, install the latest version 1.39 from here. http://www.malwarebytes.org/mbam-download.php

Note: You will need to reactivate the program using the license you were sent

Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan.

Copy&Paste the entire report in your next reply

Link to post
Share on other sites

Okay, I uncheck guard enable, then uncheck it again after I'm done? Wouldn't it already be unchecked? or did you mean to check it again after i'm done? <_< I'm guessing you meant to uncheck/check... so, I uncheckec guard enable. Then installed Java SE Runtime Environment (JRE) JRE 6 Update 14 successfully.

Next, I followed all directions with the Kaspersky Online Webscanner and it ran for about 45 min or so, then returned an error. It said that the scan failed and to restart it, so I did and it happened again.

I tried to update malwarebytes and I got this error to report to someone at Malwarebytes: error: 732 (0, 0).

What next??? If you aren't tired of me yet.

The truth is, I am very serious about security, and I try to keep lots of my elders safe (which isn't easy). I am at the technician level with Cisco networking, and I still can't make sense of the security battle, however, I have not yet taken their security courses, but plan to. I'm just talking about general lay persons' being able to ward off the hyienas out there. It's is too common and too easy. I am desparately trying not to lose all of my documents again, and here I am, still getting taken over no matter how cautious I try to be. So, thank you very much for working with me. Your efforts will not be in vain. :unsure:

Kimian111

I just tried running Kaspersky again and got another error. I'm sending a jpg of the screen shot

post-16632-1249078821_thumb.jpg

post-16632-1249078821_thumb.jpg

Link to post
Share on other sites

I have verizon FIOS and I am wirelessly connected using a giant outdoor omni directional antennae and a D-Link Rangebooster G WUA-2340 which has a direct line of sight to the antennae, about 200 ft. with no obstruction. The connection is always on and always strong. Why does it keep telling me to connect to the internet?

Link to post
Share on other sites

The error from Kaspersky and malwarebytes is a networking problem. Have you contacted verizon or D-Link?

No, will do so... or at least check my router settings. Thanks.

Link to post
Share on other sites

<_<

Followed all direction for uninstalling and installing latest version of Malwarebytes, ran quick scan, copied entire log file, pasted it below:

Malwarebytes' Anti-Malware 1.39

Database version: 2539

Windows 5.1.2600 Service Pack 3

8/1/2009 12:08:44 AM

mbam-log-2009-08-01 (00-08-44).txt

Scan type: Quick Scan

Objects scanned: 102373

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi kimian111

Please run the F-Secure Online Scanner

Note: You must use Internet Explorer for this scan!

  • Accept the License Agreement.
  • Once the ActiveX installs click Full System Scan
  • Once the download completes, the scan will begin automatically.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy and paste the entire report in your next reply.

Next

Download RootRepeal:

http://rootrepeal.googlepages.com/RootRepeal.zip

  • Extract the archive to a folder you create such as C:\RootRepeal
  • Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
  • Click the "File" tab (located at the bottom of the RootRepeal screen)
  • Click the "Scan" button
  • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
  • Click OK and the file scan will begin
  • When the scan is done, there will be files listed, but most if not all of them will be legitimate
  • Click the "Save Report" Button
  • Save the log file to your Documents folder
  • Post the content of the RootRepeal file scan log in your next reply.

In your next reply, please include these log(s):

F-Secure Online Scanner Report

RootRepeal file scan log

Link to post
Share on other sites

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Saturday, August 1, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Saturday, August 01, 2009 09:19:33

Records in database: 2569492

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

G:\

H:\

I:\

J:\

K:\

Scan statistics:

Files scanned: 131963

Threat name: 0

Infected objects: 0

Suspicious objects: 0

Duration of the scan: 03:10:10

No malware has been detected. The scan area is clean.

The selected area was scanned.

Link to post
Share on other sites

Now that you posted Kaspersky Online Scanner, there is no need to post F-Secure Online Scanner or RootRepeal. I feel your computer is clean. Now that you have a anti-virus program installed your good to go. Any questions?

Thank you very much. Did I actully have a virus? Also, my other computer may be infected too. It's running Windows Vista Home Premium 64-bit and it's behaving strangely. Should I do the same sequence of steps? or start a new topic?

I will check the message about the security class. Thank you for that too.

Kimian111

Link to post
Share on other sites

Your clean and Avira-AntiVir took care of it. The main thing is you have a antivirus program now. And I'll give you some more computer security links.

I will check the message about the security class. Thank you for that too.

Please do. I'm sure you will enjoy it, if you dediced to join. And you'll learn what we are talking about here at Malwarebytes Forum.

Here is some useful information on keeping your computer clean:

  1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
  2. Here are two great Preventive programs

:

  1. SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
  2. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
  1. Red for Warning
  2. Yellow for Use Caution
  3. Green for Safe
  4. Grey for Unknown

Here are the link to install SiteAdisor in Internet Explorer and Firefox

Now you should Clean up your PC

Here are some additional links for you to check out to help you with your computer security.

How did I get infected in the first place.

Secunia software inspector & update checker

Kenny

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.