Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91736 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Computer full of infections


  • This topic is locked This topic is locked
3 replies to this topic

#1 ausruss

ausruss

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 27 March 2008 - 09:29 PM

I have things like virus ranger and others to numerous to list that keep popping up. I have run malwarebytes and follows is the report,also a HJT log.
Could somebody PLEASE help out.....

Malwarebytes' Anti-Malware 1.09
Database version: 558

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 123624
Time elapsed: 31 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 73

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6860a44b-5d3e-433d-a7b5-d517f810d0e7} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e94eb13e-d78f-0857-7734-5e67a49ffff1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.sinstaller (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.sinstaller.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.installer (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.installer.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0fbc3efb-fc98-4b32-bf10-bde9aa4dea5a} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6a4b7d17-1de9-4c14-8adf-eb4c07060519} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{abf441b2-9b57-4838-96a0-34b1cecd4aa5} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{74278296-0ec7-4f7a-ad55-eb7a2f35f311} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\retro64_loader.r64loader (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\retro64_loader.r64loader.1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{028a2ab4-be01-456a-ba24-f0aa03105308} (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b3146183-b5fa-4cde-abc9-c2d97e410408} (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ecdd94ee-161e-4b57-9e27-63c60741030d} (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AntiSpywareShield (Rogue.AntiSpywareShield) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AntiSpywareShield (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\AppDB (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\img (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner Free (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AntiSpywareShield\AntiSpywareShield0.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareShield\AntiSpywareShield.lic (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareShield\AntiSpywareShield0.ad (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareShield\AntiSpywareShield1.ad (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareShield\AntiSpywareShield1.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareShield\AntiSpywareShield3.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareShield\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A99B8A1C-75D1-495B-BFA7-8600F5E21E7E}\RP1310\A0444859.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A99B8A1C-75D1-495B-BFA7-8600F5E21E7E}\RP1318\A0446229.dll (Rogue.VirusRanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A99B8A1C-75D1-495B-BFA7-8600F5E21E7E}\RP1318\A0446230.dll (Rogue.VirusRanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A99B8A1C-75D1-495B-BFA7-8600F5E21E7E}\RP1318\A0446231.dll (Rogue.VirusRanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A99B8A1C-75D1-495B-BFA7-8600F5E21E7E}\RP1318\A0446234.dll (Rogue.VirusRanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A99B8A1C-75D1-495B-BFA7-8600F5E21E7E}\RP1320\A0446721.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A99B8A1C-75D1-495B-BFA7-8600F5E21E7E}\RP1320\A0447234.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\result.lst (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\VirusRanger\updater.plb (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\acu.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\ADC.exe (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\ADC.url (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\ADC.xml (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\ADCShell.dll (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\ADCShell.xml (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\antiVlog.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\appAct.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\appv.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\atl71.dll (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\comp.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\diagnosis.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\funct.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\ian_monitor.exe (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\InstStat.exe (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\lapv.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\license.rtf (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\manual.url (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\mfc71.dll (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\msvcp71.dll (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\msvcr71.dll (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\naglinks.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\ps.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\readme.rtf (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\report.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\req.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\request.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\setup_p.exe (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\Support.exe (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\support.url (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\tasks.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\transformer.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\UADC.exe.manifest (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\UADC.url (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\uappv.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\unins000.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\unins000.exe (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\uninstall.ico (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\uninstaller.exe (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\uninstaller.xml (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\UninstallPage.html (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\upser.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\UserManual.pdf (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\AppDB\AppBase.xml (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\AppDB\profiles.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\AppDB\prowords.dat (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\img\button.gif (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\img\button2.gif (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\img\header.gif (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\img\logo.gif (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\img\spacer.gif (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\img\top1.jpg (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\img\top2.jpg (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner\img\top_line.gif (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedCleaner Free\setup_p.exe (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3\vpp.ini (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28, on 2008-03-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5670 bytes

    Advertisements

Register to Remove


#2 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 02 April 2008 - 01:04 AM

Hi ausruss,

It looks like MalwareBytes Antimalware took out the worst of the problem, how is your computer running now?

------------------------------------------------------------------------

You appear to have no antivirus software running. Without antivirus software your computer is very vulnerable and can easily be infected at any time so it it is essential you have one active at all times.

There are several free packages available, two of the most popular are here:
Antivir: http://www.free-av.com/
Avast!: http://www.avast.com...avast-home.html

If you have no antivirus program then download and install one immediately, update the definitions and set it to update automatically.
Please ensure you have one antivirus program installed before continuing

------------------------------------------------------------------------

Download SmitfraudFix (by S!Ri) to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save):
http://siri.urz.free...mitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.

IMPORTANT: Do NOT run any other options until you are asked to do so!

If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C: ), and launch from there.

Note: process.exe is detected by some antivirus programs as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Further info is available here.

------------------------------------------------------------------------

Then, please do an online scan with Kaspersky:
Open Kaspersky Online Scanner in Internet Explorer using this link:
http://www.kaspersky...kavwebscan.html
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Next and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save Report As... button, change Save as type: to Text file and save the file to your desktop as Kaspersky.txt
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

------------------------------------------------------------------------

Once complete, please post the SmitfraudFix report, the Kaspersky report and a new HijackThis log.
ASAP & UNITE Member

#3 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 04 April 2008 - 08:59 PM

Do you still need help with your machine? If the instructions are unclear or something isn't working, please let me know before proceeding.
ASAP & UNITE Member

#4 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 08 April 2008 - 12:17 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log
ASAP & UNITE Member

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users