Jump to content

I think I'm infected can you help me.


Recommended Posts

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:35:46 PM, on 8/4/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=18826

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

O1 - Hosts: 62.212.84.38 tracker.empornium.us

O1 - Hosts: 62.212.84.38 download.empornium.us

O1 - Hosts: 62.212.84.235 www.empornium.usforums.empornium.usempornium.us

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (file missing)

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O15 - Trusted Zone: http://*.pps.tv

O15 - Trusted Zone: http://*.ppstream.com

O15 - Trusted Zone: http://*.webscache.com

O15 - ESC Trusted Zone: http://*.pps.tv

O15 - ESC Trusted Zone: http://*.ppstream.com

O15 - ESC Trusted Zone: http://*.webscache.com

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local

O17 - HKLM\Software\..\Telephony: DomainName = local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = local

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: OpenVPNTech Instantiator Service AS (OpenVPNTechOVPN_Instantiator) - Unknown owner - C:\Program Files\OpenVPNTech\bin\instant-xmlserv.exe

O23 - Service: Sybase BCKServer _ BABYPC_BS (SYBBCK_BABYPC_BS) - Unknown owner - C:\sybase\ASE-15_0\bin\bcksrvr.exe (file missing)

O23 - Service: Sybase BCKServer _ SYBASE_BS (SYBBCK_SYBASE_BS) - Unknown owner - C:\sybase\ASE-15_0\bin\bcksrvr.exe (file missing)

O23 - Service: Sybase MONServer _ BABYPC_MS (SYBMON_BABYPC_MS) - Unknown owner - C:\sybase\ASE-15_0\bin\monsrvr.exe (file missing)

O23 - Service: Sybase MONServer _ SYBASE_MS (SYBMON_SYBASE_MS) - Unknown owner - C:\sybase\ASE-15_0\bin\monsrvr.exe (file missing)

--

End of file - 4488 bytes

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:35:46 PM, on 8/4/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=18826

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

O1 - Hosts: 62.212.84.38 tracker.empornium.us

O1 - Hosts: 62.212.84.38 download.empornium.us

O1 - Hosts: 62.212.84.235 www.empornium.usforums.empornium.usempornium.us

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (file missing)

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O15 - Trusted Zone: http://*.pps.tv

O15 - Trusted Zone: http://*.ppstream.com

O15 - Trusted Zone: http://*.webscache.com

O15 - ESC Trusted Zone: http://*.pps.tv

O15 - ESC Trusted Zone: http://*.ppstream.com

O15 - ESC Trusted Zone: http://*.webscache.com

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local

O17 - HKLM\Software\..\Telephony: DomainName = local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = local

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: OpenVPNTech Instantiator Service AS (OpenVPNTechOVPN_Instantiator) - Unknown owner - C:\Program Files\OpenVPNTech\bin\instant-xmlserv.exe

O23 - Service: Sybase BCKServer _ BABYPC_BS (SYBBCK_BABYPC_BS) - Unknown owner - C:\sybase\ASE-15_0\bin\bcksrvr.exe (file missing)

O23 - Service: Sybase BCKServer _ SYBASE_BS (SYBBCK_SYBASE_BS) - Unknown owner - C:\sybase\ASE-15_0\bin\bcksrvr.exe (file missing)

O23 - Service: Sybase MONServer _ BABYPC_MS (SYBMON_BABYPC_MS) - Unknown owner - C:\sybase\ASE-15_0\bin\monsrvr.exe (file missing)

O23 - Service: Sybase MONServer _ SYBASE_MS (SYBMON_SYBASE_MS) - Unknown owner - C:\sybase\ASE-15_0\bin\monsrvr.exe (file missing)

--

End of file - 4488 bytes

hijackthis.log

Link to post
Share on other sites

  • Root Admin

Hello and Welcome to Malwarebytes

If you think you are infected, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start a topic in the
Malware Removal forum
so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the
    directions here
    , skipping any steps you are unable to complete. Then post a
    NEW topic here
    .

  • After posting your new post, make sure under
    options
    , you select
    Track this topic
    and choose
    Immediate Email Notification
    , so that you're alerted when someone has replied to your post.

  • One of the
    expert helpers
    there will give you one-on-one assistance when one becomes available.

  • Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE:

Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.
    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.

      Or

    • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk at
support@malwarebytes.org
or
here
.

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
Malwarebytes Premium Services
support site.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the "ADDREPLY" Add-Reply.png button instead of other ones when you start replying. :)

Link to post
Share on other sites

Hello and Welcome to Malwarebytes

If you think you are infected, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start a topic in the
Malware Removal forum
so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the
    , skipping any steps you are unable to complete. Then post a
    .

  • After posting your new post, make sure under
    options
    , you select
    Track this topic
    and choose
    Immediate Email Notification
    , so that you're alerted when someone has replied to your post.

  • One of the
    there will give you one-on-one assistance when one becomes available.

  • Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE:
Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.
    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.

      Or

    • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk at
or
.

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
support site.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the "ADDREPLY" Add-Reply.png button instead of other ones when you start replying. :)

attach.zip

Link to post
Share on other sites

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by baby at 22:47:15 on 2011-08-06

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1197 [GMT -7:00]

.

AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\inetsrv\inetinfo.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Windows\System32\msdtc.exe

c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe

C:\Program Files\OpenVPNTech\bin\instant-xmlserv.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/home?AF=18826

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

uURLSearchHooks: H - No File

BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - &Yahoo! Toolbar Helper

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll

uRun: [AdobeBridge]

uRun: [Google Update] "c:\users\baby\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

Trusted Zone: pps.tv

Trusted Zone: ppstream.com

Trusted Zone: webscache.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254 199.185.220.254

TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE} : DhcpNameServer = 192.168.1.254 199.185.220.254

TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE}\2456C6B696E6F5E4B2F5632353337303 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE}\24F6F6B6D41627B6F575962756C6563737 : DhcpNameServer = 192.168.2.1 10.1.10.1

TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 64.59.144.92 64.59.144.93 64.59.150.135

TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE}\84F6573756F4666416964786 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE}\B41647869656D286F6573756 : DhcpNameServer = 64.59.144.92 64.59.144.93 64.59.150.135

TCP: Interfaces\{B5FCDE45-2DAA-446F-B51D-A84E2C3B244A} : DhcpNameServer = 68.87.69.150 68.87.85.102

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Hosts: 62.212.84.38 tracker.empornium.us

Hosts: 62.212.84.38 download.empornium.us

Hosts: 62.212.84.235 www.empornium.usforums.empornium.usempornium.us

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\baby\appdata\roaming\mozilla\firefox\profiles\ok4we97h.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=18826

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - component: c:\users\baby\appdata\roaming\mozilla\firefox\profiles\ok4we97h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

FF - component: c:\users\baby\appdata\roaming\mozilla\firefox\profiles\ok4we97h.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - component: c:\users\baby\appdata\roaming\mozilla\firefox\profiles\ok4we97h.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\users\baby\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

.

============= SERVICES / DRIVERS ===============

.

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-8-6 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-8-6 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-6 66616]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-6 366640]

R2 OpenVPNTechOVPN_Instantiator;OpenVPNTech Instantiator Service AS;c:\program files\openvpntech\bin\instant-xmlserv.exe [2009-12-3 1012386]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-6 22712]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-8-28 3664384]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-11-4 27632]

R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2009-11-19 25984]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SQLAgent$DEV2008;SQL Server Agent (DEV2008);c:\dev2008\mssql10.dev2008\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-5-2 14216]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-5-2 8456]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-11-4 13224]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-6 41272]

S3 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2009-5-27 202584]

S3 MSSQL$DEV2005;SQL Server (DEV2005);c:\dev2008\mssql.1\mssql\binn\sqlservr.exe -sdev2005 --> c:\dev2008\mssql.1\mssql\binn\sqlservr.exe -sDEV2005 [?]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]

S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-10-23 38976]

S3 ReportServer$SSRS2005;SQL Server Reporting Services (SSRS2005);c:\dev2005\mssql.8\reporting services\reportserver\bin\ReportingServicesService.exe [2009-5-27 13672]

S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]

S3 SYBBCK_BABYPC_BS;Sybase BCKServer _ BABYPC_BS;c:\sybase\ase-15_0\bin\bcksrvr.exe -sbabypc_bs -r --> c:\sybase\ase-15_0\bin\bcksrvr.exe -SBABYPC_BS -R [?]

S3 SYBBCK_SYBASE_BS;Sybase BCKServer _ SYBASE_BS;c:\sybase\ase-15_0\bin\bcksrvr.exe -ssybase_bs -r --> c:\sybase\ase-15_0\bin\bcksrvr.exe -SSYBASE_BS -R [?]

S3 SYBMON_BABYPC_MS;Sybase MONServer _ BABYPC_MS;c:\sybase\ase-15_0\bin\monsrvr.exe -mbabypc_ms -c --> c:\sybase\ase-15_0\bin\monsrvr.exe -MBABYPC_MS -C [?]

S3 SYBMON_SYBASE_MS;Sybase MONServer _ SYBASE_MS;c:\sybase\ase-15_0\bin\monsrvr.exe -msybase_ms -c --> c:\sybase\ase-15_0\bin\monsrvr.exe -MSYBASE_MS -C [?]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400]

S4 KMService;KMService;c:\windows\system32\srvany.exe [2010-5-28 8192]

S4 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2008-5-20 75016]

S4 msftesql$DEV2005;SQL Server FullText Search (DEV2005);c:\dev2008\mssql.1\mssql\binn\msftesql.exe -s:mssql.1 -f:dev2005 --> c:\dev2008\mssql.1\mssql\binn\msftesql.exe -s:MSSQL.1 -f:DEV2005 [?]

S4 MSOLAP$DEV2008;SQL Server Analysis Services (DEV2008);c:\dev2008\msas10.dev2008\olap\bin\msmdsrv.exe [2009-3-30 21953896]

S4 MSSQL$DEV2008;SQL Server (DEV2008);c:\dev2008\mssql10.dev2008\mssql\binn\sqlservr.exe [2009-3-30 43010392]

S4 MSSQLFDLauncher$DEV2008;SQL Full-text Filter Daemon Launcher (DEV2008);c:\dev2008\mssql10.dev2008\mssql\binn\fdlauncher.exe [2008-7-10 31256]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2007-2-22 2808664]

S4 ReportServer$DEV2008;SQL Server Reporting Services (DEV2008);c:\dev2008\msrs10.dev2008\reporting services\reportserver\bin\ReportingServicesService.exe [2009-3-30 1113448]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$DEV2005;SQL Server Agent (DEV2005);c:\dev2008\mssql.1\mssql\binn\sqlagent90.exe -i dev2005 --> c:\dev2008\mssql.1\mssql\binn\SQLAGENT90.EXE -i DEV2005 [?]

.

=============== Created Last 30 ================

.

2011-08-07 05:35:10 -------- d-----w- c:\users\baby\appdata\roaming\Avira

2011-08-07 05:32:26 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-08-07 05:32:24 -------- d-----w- c:\programdata\Avira

2011-08-07 05:32:24 -------- d-----w- c:\program files\Avira

2011-08-07 05:03:46 -------- d-----w- c:\users\baby\appdata\roaming\Malwarebytes

2011-08-07 05:02:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-07 05:02:45 -------- d-----w- c:\programdata\Malwarebytes

2011-08-07 05:02:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-07 05:02:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-05 05:34:51 388096 ----a-r- c:\users\baby\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-07-27 05:29:43 -------- d-----r- c:\program files\Skype

2011-07-25 03:48:04 -------- d-----w- C:\ppsvodcache

.

==================== Find3M ====================

.

2011-07-07 06:33:36 48 ----a-w- c:\windows\system32\msawt.dll

2011-05-10 15:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-10 15:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

.

============= FINISH: 22:50:16.04 ===============

Link to post
Share on other sites

Before you do anything else, restart your computer in Safe Mode - keep pressing F8 until it starts in safe mode. Then run Malwarebytes and see if you are infected. Then restart in Safe Mode with Network and update Malwarebytes. then run another scan. It worked for me.

Link to post
Share on other sites

Hi mustfirst,

As AdvancedSetup pointed out in his reply to your post:

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

Therefore, instead of trying any steps that any regular members might suggest to you, please create a new topic with your logs here, and wait for a qualified helper:

http://forums.malwarebytes.org/index.php?showforum=7

Thank you :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.