kill spam Posted September 17, 2008 ID:28112 Share Posted September 17, 2008 im not sure of what im doing. here are my scan logs. can someone tell me what to do from here?mbam scan:Malwarebytes' Anti-Malware 1.28Database version: 1163Windows 5.1.2600 Service Pack 39/16/2008 7:03:52 PMmbam-log-2008-09-16 (19-03-52).txtScan type: Quick ScanObjects scanned: 45379Time elapsed: 6 minute(s), 24 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 9Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\Interface\{4b784b5c-cf8d-4bce-8e0c-25e3a50265bc} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)panda active scan:i was instructed to buy this before it would clean.;***********************************************************************************************************************************************************************************ANALYSIS: 2008-09-16 21:42:41PROTECTIONS: 1MALWARE: 8SUSPECTS: 0;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================HAURI AntiVirus ViRobot Version 5 Yes Yes;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\chris\Cookies\chris@atdmt[1].txt00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\chris\Cookies\chris@com[1].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\chris\Cookies\chris@ad.yieldmanager[1].txt00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\chris\Cookies\chris@apmebf[2].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\chris\Cookies\chris@advertising[1].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\chris\Cookies\chris@advertising[3].txt00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\chris\Cookies\chris@questionmarket[2].txt00213030 application/regclean32 HackTools No 0 Yes No c:\program files\registry cleaner trial00213030 application/regclean32 HackTools No 0 Yes No c:\documents and settings\chris\application data\registry cleaner00213030 application/regclean32 HackTools No 0 Yes No hkey_current_user\software\registry cleaner00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\dinerdash2Setup-dm[1].exe00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\DinerDashSetup-dm[1].exe00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\EggVsChickenSetup-dm[1].exe00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\granny_paradiseSetup-dm[1].exe00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\TropixSetup-dm[1].exe00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\CakeManiaSetup-dm[1].exe;===================================================================================================================================================================================SUSPECTSSent Location I;===================================================================================================================================================================================;===================================================================================================================================================================================VULNERABILITIESId Severity Description I;===================================================================================================================================================================================;===================================================================================================================================================================================hjt scan: i had already removed the malware " program file\antivirus\scan.exe" and 2 remaining mcafee things after uninstall.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:11:40 PM, on 9/16/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: IEHelpObj Class - {EC45E3FE-C16D-4F24-9238-D1B49AD74815} - C:\Program Files\Hauri\ViRobot Desktop 5.5\Service\hWebMan.dllO3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O4 - HKLM\..\Run: [HEProtect] C:\Program Files\Hauri\ViRobot Desktop 5.5\AntiSpam\HSockPE.exeO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://www.myspace.comO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1219899739924O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO16 - DPF: {A16C2BF4-501E-45FA-8A14-F26E022D5E16} (MidRadioCtrl Class) - http://adweb.music-eclub.com/php/adweb.php...&ptx=mratdlO16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} - http://www.platoweb.com/pathways/pway_iis....ab/pwlninst.cabO24 - Desktop Component 0: (no name) - http://us.i1.yimg.com/us.yimg.com/i/ww/thm/1/grd-1px_1.4.gif--End of file - 4350 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted September 17, 2008 ID:28151 Share Posted September 17, 2008 Hi and welcome to Malwarebytes. Run HJT again and put a check next to these lines below and then click fix.O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)The stuff Panda found is not malware. Not sure what you mean by removed things and uninstall? i had already removed the malware " program file\antivirus\scan.exe" and 2 remaining mcafee things after uninstall. Reboot, update MBAM, run a quick scan, post that log and a new HJT log please. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 1, 2008 Root Admin ID:29384 Share Posted October 1, 2008 Due to no response I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post InstructionsAlso don't forget that we offer FREE assistance with General PC questions and repair here PC Help If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org. Link to post Share on other sites More sharing options...
Recommended Posts