We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
scan log
flea72
Posts: 5,392 Forumite
in Techie Stuff
Malwarebytes' Anti-Malware 1.46
https://www.malwarebytes.org
Database version: 4180
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865
09/06/2010 06:19:47
mbam-log-2010-06-09 (06-19-47).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 308892
Time elapsed: 3 hour(s), 24 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 21
Files Infected: 103
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Windows\System32\nhqrbomurv.dll (Malware.Packer.Gen) -> Delete on reboot.
C:\Windows\System32\dhfqgqkpc.dll (Malware.Packer.Gen) -> Delete on reboot.
C:\Users\Flea\AppData\Roaming\Live Security Suite\db\pb.dll (Malware.Packer.Gen) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webserver (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Live Security Suite (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Suite_is1 (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\pb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar (Adware.Hotbar) -> Delete on reboot.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite (Rogue.LiveSecuritySuite) -> Delete on reboot.
C:\Users\Flea\AppData\Roaming\Live Security Suite\db (Rogue.LiveSecuritySuite) -> Delete on reboot.
C:\Users\Flea\AppData\Roaming\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\db (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\Languages (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live Security Suite (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
Files Infected:
C:\Windows\System32\nhqrbomurv.dll (Malware.Packer.Gen) -> Delete on reboot.
C:\Windows\System32\dhfqgqkpc.dll (Malware.Packer.Gen) -> Delete on reboot.
C:\Users\Flea\AppData\Roaming\Live Security Suite\db\pb.dll (Malware.Packer.Gen) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\bybyofor.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\services.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZSPA8WX\setup_build14501[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZSPA8WX\setup_build14501[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZSPA8WX\setup_build14501[4].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPGLX7G4\setup_build14501[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPGLX7G4\setup_build14501[4].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPGLX7G4\setup_build14501[5].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPGLX7G4\newg[1].exe (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4XJJUSH\setup_build14501[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4XJJUSH\setup_build14501[5].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4XJJUSH\hostsgb3[1].exe (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4MOFIHT\setup_build14501[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4MOFIHT\p[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4MOFIHT\setup_build14501[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4MOFIHT\setup_build14501[3].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PF59KRMG\setup_build14501[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PF59KRMG\setup_build14501[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PF59KRMG\setup_build14501[3].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLW7Y9EL\LSS_vista[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLW7Y9EL\setup_build14501[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLW7Y9EL\setup_build14501[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLW7Y9EL\setup_build14501[3].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLW7Y9EL\setup_build14501[4].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLW7Y9EL\setup_build14501[5].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLW7Y9EL\setup_build14501[6].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7AUMI0T\ws[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7AUMI0T\setup_build14501[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7AUMI0T\setup_build14501[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7AUMI0T\setup_build14501[3].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Temp\sai52C6.tmp (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Temp\1B71.tmp (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Temp\zpskon_1276024242.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite\HTUninstaller.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\pdrv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\history (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherDPA\Links (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherDPA\WeatherPreferences (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML\Display (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML\Loading (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML\screen2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\Weather_XML\Default (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\Weather_XML\Genera1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\Weather_XML\General (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite\settings.ini (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite\uill.ini (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite\Uninstall Live Security Suite.lnk (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite\db\config.cfg (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite\db\Timeout.inf (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite\db\Urls.inf (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\activate.ico (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\explorer.ico (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\reg.ico (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\uninstall.ico (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\working.log (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\~LiveSS.tmp (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\db\DBInfo.ver (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\db\ga090122.db (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\db\Infected.wav (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\db\lists.ini (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\Languages\LSSEs.lng (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\Languages\LSSFr.lng (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\Languages\LSSGer.lng (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\Languages\LSSIt.lng (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live Security Suite\Live Security Suite Home Page.lnk (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live Security Suite\Live Security Suite.lnk (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live Security Suite\Purchase License.lnk (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Chloe Mae\Desktop\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Christopher\Desktop\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Flea\Desktop\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Lucy\Desktop\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Chloe Mae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Lucy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Windows\System32\pb.sys (Malware.Trace) -> Delete on reboot.
C:\Users\Flea\AppData\Local\Temp\zpskon_1276042756.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\048102515610049.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\0505448994955.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\0535049569854.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\0569949489854.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\09857491009853.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntiVirus) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
c:\Windows\bill111.exe (Worm.KoobFace) -> Delete on reboot.
hijack log to follow
tia F
https://www.malwarebytes.org
Database version: 4180
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865
09/06/2010 06:19:47
mbam-log-2010-06-09 (06-19-47).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 308892
Time elapsed: 3 hour(s), 24 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 21
Files Infected: 103
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Windows\System32\nhqrbomurv.dll (Malware.Packer.Gen) -> Delete on reboot.
C:\Windows\System32\dhfqgqkpc.dll (Malware.Packer.Gen) -> Delete on reboot.
C:\Users\Flea\AppData\Roaming\Live Security Suite\db\pb.dll (Malware.Packer.Gen) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webserver (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Live Security Suite (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Suite_is1 (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\pb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar (Adware.Hotbar) -> Delete on reboot.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite (Rogue.LiveSecuritySuite) -> Delete on reboot.
C:\Users\Flea\AppData\Roaming\Live Security Suite\db (Rogue.LiveSecuritySuite) -> Delete on reboot.
C:\Users\Flea\AppData\Roaming\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\db (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\Languages (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live Security Suite (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
Files Infected:
C:\Windows\System32\nhqrbomurv.dll (Malware.Packer.Gen) -> Delete on reboot.
C:\Windows\System32\dhfqgqkpc.dll (Malware.Packer.Gen) -> Delete on reboot.
C:\Users\Flea\AppData\Roaming\Live Security Suite\db\pb.dll (Malware.Packer.Gen) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\bybyofor.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\services.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZSPA8WX\setup_build14501[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZSPA8WX\setup_build14501[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZSPA8WX\setup_build14501[4].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPGLX7G4\setup_build14501[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPGLX7G4\setup_build14501[4].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPGLX7G4\setup_build14501[5].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPGLX7G4\newg[1].exe (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4XJJUSH\setup_build14501[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4XJJUSH\setup_build14501[5].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4XJJUSH\hostsgb3[1].exe (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4MOFIHT\setup_build14501[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4MOFIHT\p[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4MOFIHT\setup_build14501[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4MOFIHT\setup_build14501[3].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PF59KRMG\setup_build14501[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PF59KRMG\setup_build14501[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PF59KRMG\setup_build14501[3].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLW7Y9EL\LSS_vista[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLW7Y9EL\setup_build14501[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLW7Y9EL\setup_build14501[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLW7Y9EL\setup_build14501[3].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLW7Y9EL\setup_build14501[4].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLW7Y9EL\setup_build14501[5].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLW7Y9EL\setup_build14501[6].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7AUMI0T\ws[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7AUMI0T\setup_build14501[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7AUMI0T\setup_build14501[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7AUMI0T\setup_build14501[3].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Temp\sai52C6.tmp (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Temp\1B71.tmp (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Local\Temp\zpskon_1276024242.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite\HTUninstaller.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\pdrv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\history (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherDPA\Links (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherDPA\WeatherPreferences (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML\Display (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML\Loading (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML\screen2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\Weather_XML\Default (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\Weather_XML\Genera1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Hotbar\Weather\Weather_XML\General (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite\settings.ini (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite\uill.ini (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite\Uninstall Live Security Suite.lnk (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite\db\config.cfg (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite\db\Timeout.inf (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Live Security Suite\db\Urls.inf (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\activate.ico (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\explorer.ico (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\reg.ico (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\uninstall.ico (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\working.log (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\~LiveSS.tmp (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\db\DBInfo.ver (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\db\ga090122.db (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\db\Infected.wav (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\db\lists.ini (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\Languages\LSSEs.lng (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\Languages\LSSFr.lng (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\Languages\LSSGer.lng (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\Live Security Suite\Languages\LSSIt.lng (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live Security Suite\Live Security Suite Home Page.lnk (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live Security Suite\Live Security Suite.lnk (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live Security Suite\Purchase License.lnk (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Chloe Mae\Desktop\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Christopher\Desktop\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Flea\Desktop\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Lucy\Desktop\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Chloe Mae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Flea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Lucy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Live Security Suite.LNK (Rogue.LiveSecuritySuite) -> Quarantined and deleted successfully.
C:\Windows\System32\pb.sys (Malware.Trace) -> Delete on reboot.
C:\Users\Flea\AppData\Local\Temp\zpskon_1276042756.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\048102515610049.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\0505448994955.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\0535049569854.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\0569949489854.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\09857491009853.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntiVirus) -> Quarantined and deleted successfully.
C:\Users\Flea\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
c:\Windows\bill111.exe (Worm.KoobFace) -> Delete on reboot.
hijack log to follow
tia F
0
Comments
-
Might help if you explained what the issue is (obviously other than that your machine is heavily infected).
PS: your Service Packs are way out of date (Still running SP1!) I assume your are using Vista? You need to check your Windows Updates settings and manually download all the updates, which will probably take several runs.No free lunch, and no free laptop
0 -
Might help if you explained what the issue is (obviously other than that your machine is heavily infected).
PS: your Service Packs are way out of date (Still running SP1!) I assume your are using Vista? You need to check your Windows Updates settings and manually download all the updates, which will probably take several runs.
using vista. i do windows updates when prompted, should i be doing something more?
machine not running slow or anything, just keep getting a screen popup, telling me that my computer is seriously at risk, then going into scan mode, and i cant click out of it. this popup also removed the bar at the bottom of the screen, which shows whats running, pages i have open, etc.
will post hijack log, and then run all updates
tia F0 -
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:23:17, on 09/06/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5080624
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Gacela2 - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\11.0.117.0\Weather.exe" -auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VTAgentReboot.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll
O9 - Extra 'Tools' menuitem: About WebView - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing)
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: WebView-Reporting-Service - Unknown owner - C:\Program Files\WebView\WebView-Reporting.exe
O23 - Service: WebView-Update-Service - Unknown owner - C:\Program Files\WebView\WebView-Updater.exe
--
End of file - 9735 bytes0 -
Vista SP2 was released April '09 so there is clearly something wrong. Once your system is clean run Windows Updates manually to update.
Yet another example of McAfee missing numerous infections. Uninstall it and use a decent AV such as Kaspersky, Avira, or Microscoft Essentials.No free lunch, and no free laptop0 -
TICK and FIX these ~
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\11.0.117.0\Weather.exe" -auto
O4 - Global Startup: VTAgentReboot.exe
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: WebView-Reporting-Service - Unknown owner - C:\Program Files\WebView\WebView-Reporting.exe
O23 - Service: WebView-Update-Service - Unknown owner - C:\Program Files\WebView\WebView-Updater.exe
As mcafee is broken your going to need to uninstall it anyways
WHEN you do ~
Use the MCAFEE REMOVAL TOOL
http://service.mcafee.com/FAQDocument.aspx?id=TS100507
However, id wait until the machines definitely clean before doing so
You have trojans
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive):idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.5K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.5K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards