how-to block ads
|
Attitudeda
Cool Cruiser
Premium,MVM
join:2001-11-26
USA
clubs:
 ·Optimum Online
| reply to Attitudeda
Re: [Trojan] HJT Log No IE7 unable to connect
As requested mbam Log.
Malwarebytes' Anti-Malware 1.33
Database version: 1742
Windows 5.1.2600 Service Pack 3
2/10/2009 5:36:40 AM
mbam-log-2009-02-10 (05-36-36).txt
Scan type: Quick Scan
Objects scanned: 53704
Time elapsed: 3 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 35
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 9
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7a7f202e-af91-4889-9dd5-2fe241085cc1} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{faad2038-c371-473d-86f1-5b11d39c3775} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{03b121e9-6152-48b5-bb38-b642b21c62bd} (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\.exe\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> No action taken.
HKEY_CLASSES_ROOT\.lnk\ShellEx\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Secure Delete (Rogue.SecurePCCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> No action taken.
HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> No action taken.
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> No action taken.
HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> No action taken.
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> No action taken.
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> No action taken.
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{b33de756-deee-4d7a-87db-1d905ba2aa21} (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
C:\Program Files\Common Files\PCSecureSystem (Rogue.PCSecureSystem) -> No action taken.
C:\GA6P1 (Rogue.Multiple) -> No action taken.
C:\GA6P1\Quar (Rogue.Multiple) -> No action taken.
C:\Program Files\Registry Defender Platinum (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\backup (Rogue.RegistryDefender) -> No action taken.
C:\Documents and Settings\Eliciel Medina\Application Data\PCSecureSystem (Rogue.PCSecureSystem) -> No action taken.
C:\Documents and Settings\Eliciel Medina\Application Data\PCSecureSystem\Logs (Rogue.PCSecureSystem) -> No action taken.
C:\Documents and Settings\Eliciel Medina\Application Data\Yourprivacyguard (Rogue.Yourprivacyguard) -> No action taken.
C:\Documents and Settings\Eliciel Medina\Application Data\Yourprivacyguard\Logs (Rogue.Yourprivacyguard) -> No action taken.
Files Infected:
C:\Program Files\Registry Defender Platinum\report.csv (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\backup\9_9_2008.reg (Rogue.RegistryDefender) -> No action taken.
C:\Documents and Settings\Eliciel Medina\Application Data\PCSecureSystem\avtasks.dat (Rogue.PCSecureSystem) -> No action taken.
C:\Documents and Settings\Eliciel Medina\Application Data\PCSecureSystem\Logs\av.log (Rogue.PCSecureSystem) -> No action taken.
C:\Documents and Settings\Eliciel Medina\Application Data\PCSecureSystem\Logs\ga6Support.log (Rogue.PCSecureSystem) -> No action taken.
C:\Documents and Settings\Eliciel Medina\Application Data\PCSecureSystem\Logs\update.log (Rogue.PCSecureSystem) -> No action taken.
C:\Documents and Settings\Eliciel Medina\Application Data\Yourprivacyguard\Logs\update.log (Rogue.Yourprivacyguard) -> No action taken.
C:\Documents and Settings\Eliciel Medina\Application Data\config.cfg (Malware.Trace) -> No action taken.
C:\Documents and Settings\Eliciel Medina\Application Data\~tmp.html (Malware.Trace) -> No action taken.
--
You can out run a patrol car, but you can't beat the Motorola.
Team Discovery | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Hi Attitudeda
I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.
Please disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.
Clean your Cache and Cookies in IE:
-Close all instances of Outlook Express and Internet Explorer
-Go to Control Panel > Internet Options > General tab
-Click the "Delete Cookies" button
-Next to it, Click the "Delete Files" button
-When prompted, place a check in: "Delete all offline content", click OK
Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Private Data).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
Clean other Temporary files + Recycle bin
-Go to start > run and type: cleanmgr and click ok.
-Let it scan your system for files to remove.
-Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
-Press OK to remove them.
Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
You can optionally check the following entry. This entry is used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out:
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.
Please run Notepad and copy the following text into a new file:
quote:
sc config winmgmtstisvc start= disabled
sc stop winmgmtstisvc
sc delete winmgmtstisvc
Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. A window will open and close quickley. Please note any errors encountered.
Using Windows Explorer, delete the following files/folders if still there:
C:\WINDOWS\system32\acluiv.exe
C:\Windows\fmark2.dat
C:\Program Files\TinyProxy (folder)
C:\Program Files\ProtectService (folder)
Also delete
C:\Windows\kenny**.exe
(any .exe files in the Windows folder whose file name starts with kenny followed by some additional characters)
Go to Control Panel -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again if you had set it previously.
In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection, and do the same thing - either click "No proxy", or reconfigure the proxy under "Manual proxy configuration" if one had been previously configured.
Restart your system
Your Malwarebytes' Anti-Malware program itself is quite outdated, along with the signatures.
Please Run Malwarebytes' Anti-Malware.
- Click the Update tab.
- Click Check for Updates.
- When an update is found, it will download and install.
- This will take longer than normal as it needs to update the program along with the signatures.
- Click the Scanner tab.
- Select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy & Paste the entire report in your next reply along with a fresh HijackThis log.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Please post a new HijackThis log, the log from MBAM, and note any errors encountered.
--
Proud ASAP member since 2005 | |
-
|
