Jump to content

Posting logs - can't get this off my computer

Melb

By Melb
in Resolved Malware Removal Logs

 Share

Recommended Posts

Melb

Melb

Posted
Posted

I've spent 3 days running scans and downloading various adware removers and it's still on here. I will be checking in after work. Any help would be greatly appreciated.

This is the log from malwarebytes

Malwarebytes' Anti-Malware 1.30

Database version: 1412

Windows 5.1.2600 Service Pack 2

11/19/2008 11:15:47 PM

mbam-log-2008-11-19 (23-15-43).txt

Scan type: Quick Scan

Objects scanned: 65989

Time elapsed: 9 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.195 85.255.112.231 1.2.3.4 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cf53bb1b-3166-4592-8381-696b6d2f9593}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.195 85.255.112.231 1.2.3.4 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.195 85.255.112.231 1.2.3.4 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cf53bb1b-3166-4592-8381-696b6d2f9593}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.195 85.255.112.231 1.2.3.4 -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*************************

This is the log from the panda scan

;*******************************************************************************

********************************************************************************

********************

ANALYSIS: 2008-11-19 22:54:28

PROTECTIONS: 1

MALWARE: 30

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

********************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

====================

AVG 7.5.549 7.5.549 Yes Yes

;===============================================================================

================================================================================

====================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

====================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@trafficmp[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Gary\Cookies\gary@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Gary\Cookies\gary@atdmt[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@247realmedia[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@tribalfusion[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Gary\Cookies\gary@mediaplex[2].txt

00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@maxserving[2].txt

00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@belnk[1].txt

00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@revenue[1].txt

00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@dist.belnk[2].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@com[1].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@perf.overture[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@ad.yieldmanager[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@bs.serving-sys[1].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@www.burstbeacon[2].txt

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@stat.onestat[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Gary\Cookies\gary@advertising[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@advertising[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Gary\Cookies\gary@ads.pointroll[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@ads.pointroll[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@overture[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@realmedia[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\fm7mjwur.default\cookies.txt[.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\fm7mjwur.default\cookies.txt[.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@questionmarket[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Gary\Cookies\gary@questionmarket[2].txt

00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@bravenet[2].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\fm7mjwur.default\cookies.txt[.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\fm7mjwur.default\cookies.txt[.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\fm7mjwur.default\cookies.txt[.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\fm7mjwur.default\cookies.txt[.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Gary\Cookies\gary@go[2].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@go[2].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\fm7mjwur.default\cookies.txt[.go.com/]

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@searchportal.information[1].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@target[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@atwola[2].txt

00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Gary\Cookies\gary@ehg-dig.hitbox[2].txt

00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Melissa\Cookies\melissa@citi.bridgetrack[1].txt

02164907 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\DIGStream\digstream.exe

;===============================================================================

================================================================================

====================

SUSPECTS

Sent Location $

;===============================================================================

================================================================================

====================

;===============================================================================

================================================================================

====================

VULNERABILITIES

Id Severity Description $

;===============================================================================

================================================================================

====================

108742 MEDIUM MS06-006 $

;===============================================================================

================================================================================

====================

and this is the log from Hijack this

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:17:55 PM, on 11/19/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AIM\aim.exe

C:\Documents and Settings\Melissa\Desktop\training\HiJackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Melissa\LOCALS~1\Temp\20081015205313_mcappins.exe /v=3 /cleanup

O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Melissa\LOCALS~1\Temp\20081015205310_mcinfo.exe /insfin

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel

Link to post
Share on other sites
1972vet

1972vet

Posted
Posted

You have a wareout infection which mbam should be able to remove...but your log shows that you took no action. Have you instructed mbam to remove what it finds? You do that when the scan has finished...:

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.

Post back your results. Thanks!

Link to post
Share on other sites
Melb

Melb

Posted
  • Author
Posted
You have a wareout infection which mbam should be able to remove...but your log shows that you took no action. Have you instructed mbam to remove what it finds? You do that when the scan has finished...:

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

  • Click OK to close the message box and continue with the removal process.

  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

  • Make sure that everything is checked, and click Remove Selected.

Post back your results. Thanks!

Hi there - I am at work and the laptop is at home. I've run mbam several times and instructed it to remove the item - and it does - but the stinker reappears when I restart.

I will run it again when I get home and repost the log.

Link to post
Share on other sites
1972vet

1972vet

Posted
Posted

Edit added:

Before we continue, let's do this:

1. Unplug or turn off your DSL/cable modem.

2. Locate the Reset button on your router.

3. Press, and hold, the Reset button down for 30 seconds.

4. Wait for your Power, WLAN and Internet light to turn on. (On the router)

5. Plug in or turn on your modem.(if it is separate from the router)

6. Open your web browser to see if you have an internet connection. If you still don't have an internet connection you may need to restart your computer.

When you've finished with that, make sure you create a strong password for your router...don't use the factory default.

Next, please continue with the instructions below:

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***

Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please post back the following on your next reply:

C:\ComboFix.txt

New HijackThis log.

Link to post
Share on other sites
Melb

Melb

Posted
  • Author
Posted
Edit added:

Before we continue, let's do this:

1. Unplug or turn off your DSL/cable modem.

2. Locate the Reset button on your router.

3. Press, and hold, the Reset button down for 30 seconds.

4. Wait for your Power, WLAN and Internet light to turn on. (On the router)

5. Plug in or turn on your modem.(if it is separate from the router)

6. Open your web browser to see if you have an internet connection. If you still don't have an internet connection you may need to restart your computer.

When you've finished with that, make sure you create a strong password for your router...don't use the factory default.

Next, please continue with the instructions below:

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***

Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please post back the following on your next reply:

C:\ComboFix.txt

New HijackThis log.

ummmmmmmmmmmmmm

I reset the router - and reran mbam. It came back clean. I restarted the computer and ran it twice - it came back clean both times...

Do I still need to do the other steps or was the b@stard on my router????

Link to post
Share on other sites
1972vet

1972vet

Posted
Posted

Due to the lack of feedback this Topic is closed to prevent others

from posting here. If you need this topic reopened, please send a

Private Message to any one of the moderating team members. Please

include a link to this thread with your request. This applies only

to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for

this machine only. Do not apply the instructions from this thread to

your own machine. Please start a new thread describing your issue

and someone will be along to assist you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.