adhareula Posted August 16, 2008 ID:24916 Share Posted August 16, 2008 hey. my computer desktop backround changed itself. it said "virus has been detected! please install a spyware." i downloaded the RougeRemover and scanned the computer but it said that "Rouge Remover didn't detect any items". then i downloaded the Malwarebytes' Anti-Malware and scanned the computer. but the internet is still really slow. the log file that was created was:Malwarebytes' Anti-Malware 1.24Database version: 1012Windows 5.1.2600 Service Pack 216:06:57 16/08/2008mbam-log-8-16-2008 (16-06-57).txtScan type: Quick ScanObjects scanned: 96667Time elapsed: 1 hour(s), 18 minute(s), 22 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 16Registry Values Infected: 6Registry Data Items Infected: 0Folders Infected: 5Files Infected: 11Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\interface.interfaceobj (Adware.WebDir) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{fac55b9f-8f6a-4a41-ae16-36845d4679b2} (Adware.WebDir) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{b1317c08-617a-435d-a24f-a930f4540696} (Adware.WebDir) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{58f07dd3-924d-4141-bc74-299f523a95f1} (Adware.WebDir) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\interface.interfaceobj.1 (Adware.WebDir) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\RX ToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\AppID\pxwma.DLL (Adware.WebDir) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcpj3j0e5a3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Documents and Settings\Adity\Application Data\Zango TvTimes (Adware.180Solutions) -> Quarantined and deleted successfully.C:\Documents and Settings\Adity\Application Data\Zango TvTimes\My Preference (Adware.180Solutions) -> Quarantined and deleted successfully.C:\Documents and Settings\Adity\Application Data\Zango TvTimes\Others (Adware.180Solutions) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.Files Infected:C:\WINDOWS\pxwma.dll (Adware.WebDir) -> Quarantined and deleted successfully.C:\WINDOWS\Downloaded Program Files\VideoEggPublisher.exe (Malware.Tool) -> Quarantined and deleted successfully.C:\Documents and Settings\Adity\Application Data\Zango TvTimes\My Preference\Startup.xml (Adware.180Solutions) -> Quarantined and deleted successfully.C:\Documents and Settings\Adity\Application Data\Zango TvTimes\Others\Display (Adware.180Solutions) -> Quarantined and deleted successfully.C:\Documents and Settings\Adity\Application Data\Zango TvTimes\Others\Loading (Adware.180Solutions) -> Quarantined and deleted successfully.C:\Documents and Settings\Adity\Application Data\Zango TvTimes\Others\Welcome (Adware.180Solutions) -> Quarantined and deleted successfully.C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\blphcpj3j0e5a3.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\system32\phcpj3j0e5a3.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.What should i do next? Please Help. thanks a lot.adhareula. Link to post Share on other sites More sharing options...
JeanInMontana Posted August 16, 2008 ID:24925 Share Posted August 16, 2008 http://www.malwarebytes.org/forums/index.php?showtopic=2936 Follow those instructions. Link to post Share on other sites More sharing options...
adhareula Posted August 18, 2008 Author ID:25124 Share Posted August 18, 2008 hey. i followed the Pre- HJT Post Instructions and my internet got a bit quicker after the scans but it is still quite slow. Here are the MBAM, Panda Active and HiJack This logs . MBAM:Malwarebytes' Anti-Malware 1.24Database version: 1060Windows 5.1.2600 Service Pack 215:29:25 17/08/2008mbam-log-8-17-2008 (15-29-25).txtScan type: Quick ScanObjects scanned: 84338Time elapsed: 50 minute(s), 35 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 5Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\rxresult.rxresultfilter (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\rxresult.rxresultfilter.1 (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Adware.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Adware.BHO) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Panda Active:;***********************************************************************************************************************************************************************************ANALYSIS: 2008-08-17 21:14:49PROTECTIONS: 1MALWARE: 33SUSPECTS: 3;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================AVG 7.5.526 7.5.526 Yes Yes;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00018331 adware/gator Adware No 0 Yes No c:\windows\gatorfddli.log00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\adm.exe00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\altnet signing module.exe00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\adm.exe00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64}00064489 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\classes\rxresult.rxresulttracker.100064489 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\classes\rxresult.rxresulttracker00064489 adware/rxtoolbar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.atdmt.com/]00141436 Application/P2PNetworking HackTools No 0 Yes No C:\WINDOWS\system32\P2P Networking v126.cpl00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@tribalfusion[1].txt00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.tribalfusion.com/]00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@anm.co[2].txt00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@ccbill[1].txt00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@com[1].txt00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@yadro[2].txt00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.yadro.ru/]00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.yadro.ru/]00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@webpower[2].txt00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@xiti[2].txt00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@azjmp[1].txt00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.azjmp.com/]00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.toplist.cz/]00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@toplist[1].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@ad.yieldmanager[1].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[ad.yieldmanager.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@serving-sys[1].txt00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.serving-sys.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.serving-sys.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.serving-sys.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.serving-sys.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.serving-sys.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.serving-sys.com/]00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.bs.serving-sys.com/]00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@bs.serving-sys[1].txt00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.888.com/]00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@888[1].txt00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.888.com/]00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@www.burstbeacon[2].txt00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.adtech.de/]00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@adtech[1].txt00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[server.iad.liveperson.net/]00168111 Cookie/Servlet TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@servlet[1].txt00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@fl01.ct2.comclick[1].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.advertising.com/]00169752 application/need2find HackTools No 0 Yes No hkey_current_user\software\need2find00169752 application/need2find HackTools No 0 Yes No c:\program files\need2find00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\need2find00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@questionmarket[1].txt00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@888[2].txt00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@cassava[1].txt00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@adultfriendfinder[1].txt00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@go[1].txt00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.go.com/]00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Cookies\akshay@searchportal.information[1].txt00211158 application/bestoffer HackTools No 0 Yes No c:\windows\smdat32m.sys01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Akshay\Application Data\Mozilla\Firefox\Profiles\jiy3n593.default\cookies.txt[.adserver.easyad.info/];===================================================================================================================================================================================SUSPECTSSent Location ;===================================================================================================================================================================================No C:\WINDOWS\system32\2.tmp No C:\WINDOWS\system32\3.tmp No C:\WINDOWS\system32\4.tmp ;===================================================================================================================================================================================VULNERABILITIESId Severity Description ;===================================================================================================================================================================================;===================================================================================================================================================================================HiJack This:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:15:04, on 17/08/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Teleca Shared\CapabilityManager.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\System32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by129w.bay129.mail.live.com/mail/In...amp;n=959851342R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.105.224.13:8080R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.localO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"O4 - HKLM\..\Run: [Wildcensored] C:\WINDOWS\Wildcensored.exe -nO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,SO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logonO4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonO4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO8 - Extra context menu item: &Search - ?p=ZJO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122639981270O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CABO16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cabO18 - Filter hijack: text/html - (no CLSID) - (no file)O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 9287 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted August 18, 2008 ID:25165 Share Posted August 18, 2008 Hi, please keep your responses in this same topic, do not start a new one. Be sure you have your system set to show all files and folders.Please set your system to show all files; Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View Tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Click OK.Find these files using Windows Explorer, C:\WINDOWS\system32\wdfmgr.exe and C:\WINDOWS\Wildcensored.exe -n , please and put it into a zip file, by right clicking on it and choosing send to zipped folder, name it adhareula and upload to here . Then delete the zipped file and the one you sent to the zipped folder.Do a scan only with HJT and put a check next to these lines below and click fix.O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [Wildcensored] C:\WINDOWS\Wildcensored.exe -nO8 - Extra context menu item: &Search - ?p=ZJO18 - Filter hijack: text/html - (no CLSID) - (no file)Reboot and update MBAM run a quick scan.Post that log and a new HJT log in this thread in your next response. Let me know how things are running. Link to post Share on other sites More sharing options...
JeanInMontana Posted August 24, 2008 ID:25792 Share Posted August 24, 2008 Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts