Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected, AntiVirus Plus and more; locks Mbam and Avast.exe

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected, AntiVirus Plus and more; locks Mbam and Avast.exe

Unread postby Kyman73 » January 23rd, 2010, 4:58 pm

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Hijack This Log
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$


Code: Select all
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:14 PM, on 1/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\Mom\Application Data\SystemProc\lsass.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.adbsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: C:\WINDOWS\system32\hg2jl.dll - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\system32\hg2jl.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Mirar - {74648C98-B6B2-443C-883C-50139F4622E4} - C:\WINDOWS\system32\9c78.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Owner\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [WhereSphere] C:\Documents and Settings\Owner\Application Data\WhereSphere\wheresphere.exe
O4 - HKCU\..\Run: [SfKg6wIPuS] C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\oulwsv.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Owner\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
O4 - HKCU\..\Run: [sefjhf98jfoidsfoishgoiusgdgfgd] C:\DOCUME~1\Owner\LOCALS~1\Temp\bmttl9mxn.exe
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe
O4 - HKCU\..\Run: [extrac64_cab.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\extrac64_cab.exe
O4 - HKCU\..\Run: [BMIMZMHMFM] C:\DOCUME~1\Owner\LOCALS~1\Temp\Wk0.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Mom\Application Data\SystemProc\lsass.exe
O4 - Startup: AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Global Startup: AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251833108406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251837210578
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC7EB7FB-EA6D-4578-A0DF-AB68140E1F37}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll,rulisofo.dll
O21 - SSODL: pumazurun - {3bcf88b0-b4d0-421a-ab7b-0d850c350a4d} - c:\windows\system32\wakosoli.dll (file missing)
O22 - SharedTaskScheduler: lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\system32\hg2jl.dll
O22 - SharedTaskScheduler: kupuhivus - {3bcf88b0-b4d0-421a-ab7b-0d850c350a4d} - c:\windows\system32\wakosoli.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7000 bytes


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
UNINSTALL MANAGER
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$


Code: Select all
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
AIM 7
Any Video Converter 3.0.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom Gigabit Integrated Controller
cdrtfe 1.3.6
Command & Conquer Generals
Counter-Strike
Dell Resource CD
Empire: Total War Demo
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HxD Hex Editor version 1.7.7.0
iTunes
Java(TM) 6 Update 16
Kwanzy 1.0 build 139
LiveUpdate 2.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
Medieval II Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft WinUsb 1.0
Mirar
Mozilla Firefox (3.5.7)
MSXML 4.0
MSXML 4.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Web Search (Cursor Mania)
NVIDIA Drivers
OGA Notifier 2.0.0048.0
QuickTime
Rome: Total War Gold
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skycar Yummy Desktop Toy
Skype web features
Skype™ 4.1
Sonic DLA
SoundMAX
Steam
The Battle for Middle-earth (tm)
The Lord of the Rings Online™ - Mines of Moria™ - Live
Turbine Download Manager - Live
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 CRT (x86) WinSXS MSM
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Zune
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
A quick synopsis of the issues on the computer:
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

    Fake Anti-virus scans / popups from rundll.exe and iexplore.exe
    Took administrative rights away from all users
    Blocks install and locks executables of Malewarebytes, Avast, and Hijack This unless I rename them before running.
    Doesn't allow virus scans to complete
Kyman73
Active Member
 
Posts: 1
Joined: January 23rd, 2010, 4:16 pm
Advertisement
Register to Remove

Re: Infected, AntiVirus Plus and more; locks Mbam and Avast.exe

Unread postby jmw3 » January 25th, 2010, 10:51 pm

http://www.geekstogo.com/forum/Infected ... 66402.html

While we appreciate that you very likely posted at multiple forums in order to ensure a response, that only serves to tie up the time of multiple helpers who could be using that time to help someone else who also has problems. Although there are many forums that handle HijackThis logs, there are not so many helpers; most of us help out at several forums. In addition, the results may not work out so well when you're following different instructions from different helpers. They may suggest different approaches for the same problem, all of which may be good; however, system conflicts may arise if different fixes for the same problem are applied simultaneously.

In the future, for your sake as well as ours, please refrain from requesting help from multiple forums. Choose one, and stick with that one until they've resolved your problem.

This topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware