Jump to content

Recommended Posts

Hi, hope someone can help - i am just about to re install windows as I cannot seem to fix this.

A while back I had a Antivrus 2011 infection. I seemed to remove it all fine but I noticed I could not run the Malwarebytes program anymore. Last night I left my machine on and this morning discovered it has been emailing everyone in my hotmail address book a link. I don't know if it is related or not - i have changed my hotmail password.

I have removed Malwarebytes and re installed it several times along with every other piece of advice I have found in forums, (renaming it, running RKill, lookking for TDSxxx in registry, FixingMalwareProblem.reg)

Antivirus comes up clean, Spybot comes up clean.

Here is my HT log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:10:01, on 22/07/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

H:\WINDOWS\System32\smss.exe

H:\PROGRA~1\AVG\AVG10\avgchsvx.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\brsvc01a.exe

H:\WINDOWS\system32\brss01a.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\ehome\ehtray.exe

H:\WINDOWS\stsystra.exe

H:\Program Files\ATI Technologies\ATI.ACE\cli.exe

H:\Program Files\LogMeIn\x86\LogMeInSystray.exe

H:\WINDOWS\vVX1000.exe

H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE

H:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

H:\Program Files\iTunes\iTunesHelper.exe

H:\Program Files\AVG\AVG10\avgtray.exe

H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

H:\Program Files\Windows Live\Messenger\msnmsgr.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Documents and Settings\Stu\Application Data\Dropbox\bin\Dropbox.exe

H:\Program Files\MagicDisc\MagicDisc.exe

H:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

H:\Program Files\AVG\AVG10\avgwdsvc.exe

H:\Program Files\Bonjour\mDNSResponder.exe

H:\WINDOWS\eHome\ehRecvr.exe

H:\WINDOWS\eHome\ehSched.exe

H:\Program Files\Java\jre6\bin\jqs.exe

H:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

H:\Program Files\LogMeIn\x86\LogMeIn.exe

H:\Program Files\AVG\AVG10\avgnsx.exe

H:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe

H:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

H:\Program Files\Internet Explorer\IEXPLORE.EXE

H:\Program Files\ATI Technologies\ATI.ACE\cli.exe

H:\Program Files\iPod\bin\iPodService.exe

H:\WINDOWS\system32\dllhost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\eHome\ehmsas.exe

H:\Program Files\Internet Explorer\IEXPLORE.EXE

H:\PROGRA~1\AVG\AVG10\avgrsx.exe

H:\Program Files\AVG\AVG10\avgcsrvx.exe

H:\Program Files\Internet Explorer\IEXPLORE.EXE

H:\Program Files\Internet Explorer\IEXPLORE.EXE

H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ehTray] H:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [LogMeIn GUI] "H:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [VX1000] H:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] H:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AVG_TRAY] H:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNjc2MDUxODU5LUZQOTIrNi1UQjkrMi1GTCs5LVhPMzYrMS1RSVgxKzQtWDIwMTArMi1GMTBNKzUtRjEwTTEwQysxLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzA"&"prod=55"&"ver=10.0.1390

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Dropbox.lnk = H:\Documents and Settings\Stu\Application Data\Dropbox\bin\Dropbox.exe

O4 - Startup: MagicDisc.lnk = H:\Program Files\MagicDisc\MagicDisc.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270119421800

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://softbrands.webex.com/client/T27LB/support/ieatgpc.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5960/mcfscan.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - H:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - H:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - H:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - H:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Sage SData Service - Sage (UK) Limited - H:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe

--

End of file - 12803 bytes

Link to post
Share on other sites

Hello, and Welcome to Malwarebytes

Sorry to hear your infected.... you can try and follow the steps located in THIS FAQ to see if you can remove the infection yourself, or if you prefer to have an expert help you one on one, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start a topic in the
Malware Removal forum
so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the
    , skipping any steps you are unable to complete. Then post a
    .

  • After posting your new post, make sure under
    options
    , you select
    Track this topic
    and choose
    Immediate Email Notification
    , so that you're alerted when someone has replied to your post.

  • One of the
    there will give you one-on-one assistance when one becomes available.

  • Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE:
Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.
    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.

      Or

    • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk at
or
.

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
support site.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the "ADDREPLY" Add-Reply.png button instead of other ones when you start replying. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.