Member Avatar for BOOU7898

Hello there folks, hope you will be fine and in the best of your health. First of all I am using Windows Vista, Lately I have been having a problem with my internet explorer, it started out popping random ads and it was getting quite annoying, my anti-virus always detected it and deleted it, but somehow it automically regenerates itself, I tried to uninstall the Internet Explorer but somehow an error occurs and say's I can't uninstall it, neither can I open the Internet Explorer. I have also tried to install or download new programs but it doesn't run any .exe files, which means I can't install anything at all.

Moreover the websites Google.com and Yahoo.com act strange as well, whenever I search something it directs me to a unknown website, in short I can't google anything. I performed a hijackthis scan on this, here are the results

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:52 PM, on 6/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Adriana\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysldtray] c:\windows\ld09.exe
O4 - HKLM\..\Run: [sysfbtray] c:\windows\freddy46.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Cognac] C:\Users\Adriana\AppData\Local\Temp\5F6B.tmp.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E94BEC9-5EA1-4E42-B3DC-421F6B807D2E}: NameServer = 85.255.112.127,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8FFA1BA-626D-42D7-9C1E-7ECB9E51E5BA}: NameServer = 85.255.112.127,85.255.112.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.127,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.127,85.255.112.196
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c96ae91aa1def0) (gupdate1c96ae91aa1def0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12483 bytes

* I can't open the internet explorer at all now, I am using Firefox
but only site I have problems with are google & yahoo, whenever I search it takes me to a unkown site, I would be glad if anyone tells me what's wrong with it, I am very stressed, I need to perform some tasks but can't due to this problem. :(

  • 3 Contributors
  • 9 Replies
  • 208 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by Rik_

Recommended Answers

All 9 Replies

Member Avatar for Rik_

You have a quite badly infected pc there.

You need to make sure that "Show hidden and system files" is turned on. There are instructions on how to do it here - http://www.bleepingcomputer.com/tutorials/tutorial62.html

Once you have done that you need to locate and delete the following files that are in Bold.

C:\Windows\system32\msxml71.dll
c:\windows\ld09.exe
c:\windows\freddy46.exe
C:\Windows\system32\setup2.exe
C:\Users\Adriana\AppData\Local\Temp\5F6B.tmp.exe


Once done, see if you can download and run Mbam from here - http://www.malwarebytes.org/mbam.php

If it will now install and run, please post a fresh HJT log and an Mbam log.

Member Avatar for BOOU7898

I deleted all these files you have asked me to

C:\Windows\system32\msxml71.dll
c:\windows\ld09.exe
c:\windows\freddy46.exe
C:\Windows\system32\setup2.exe
C:\Users\Adriana\AppData\Local\Temp\5F6B.tmp.exe

& now the laptop is working fine, thankyou every much for your help Rik from RCE, if something pops up again, I will use the same thread if it's about the same thing, once again thank you verymuch :)

Member Avatar for jholland1964

You are NOT Finished. You did not do all the steps requested by RIK. The running of Mbam is ESPECIALLY important to clean the computer. Just deleting those few files is NOT ENOUGH. You have a hijacked computer which shows clearly in your HJT log. Just removing those files will not stop that. Your computer and personal files can be very much at risk.
Please take note of exactly what RIK told you:

You have a quite badly infected pc there.

He had you remove those few files in order for you to be able to complete the rest of the steps he gave you.
You should follow the rest of his steps if you want your computer clean, because as of yet, it is not.

Member Avatar for Rik_

Exactly, well said jholland1964. At no point did I say that that was all that was needed in order to fully fix the problem.

We strive to remove ALL traces of malware as reinfection is a serious possibility. It often takes several stages and many sets of instructions in order to complete the cleanup.

Member Avatar for BOOU7898

My apologies for not realizing that it was far from done, here are fresh logs from HijackThis & Malware


------------
Hijackthis
-------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:36 AM, on 7/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iTunes\iTunes.exe
C:\Users\Adriana\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysldtray] c:\windows\ld09.exe
O4 - HKLM\..\Run: [sysfbtray] c:\windows\freddy46.exe
O4 - HKLM\..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Cognac] C:\Users\Adriana\AppData\Local\Temp\CE2B.tmp.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E94BEC9-5EA1-4E42-B3DC-421F6B807D2E}: NameServer = 85.255.112.127,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8FFA1BA-626D-42D7-9C1E-7ECB9E51E5BA}: NameServer = 85.255.112.127,85.255.112.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.127,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.127,85.255.112.196
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c96ae91aa1def0) (gupdate1c96ae91aa1def0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12663 bytes


--------------------------------------
Malwarebytes
--------------------------------------

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 6.0.6001 Service Pack 1

7/6/2009 11:19:29 AM
Malw

Scan type: Quick Scan
Objects scanned: 82438
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 46
Registry Values Infected: 6
Registry Data Items Infected: 9
Folders Infected: 9
Files Infected: 106

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\podmena\podmena.dll (Trojan.Agent) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\podmena (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\podmena (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\podmena (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\podmenadrv (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\podmenadrv (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WiniBlueSoft (Rogue.WiniBlue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WiniBlueSoft (Rogue.WiniBlue) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5e94bec9-5ea1-4e42-b3dc-421f6b807d2e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e8ffa1ba-626d-42d7-9c1e-7ecb9e51e5ba}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5e94bec9-5ea1-4e42-b3dc-421f6b807d2e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e8ffa1ba-626d-42d7-9c1e-7ecb9e51e5ba}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5e94bec9-5ea1-4e42-b3dc-421f6b807d2e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e8ffa1ba-626d-42d7-9c1e-7ecb9e51e5ba}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> No action taken.

Folders Infected:
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken.
c:\program files\shoppingreport\Bin (Adware.Shopping.Report) -> No action taken.
c:\program files\shoppingreport\Bin\2.5.0 (Adware.Shopping.Report) -> No action taken.
C:\ProgramData\ZangoSA (Adware.Zango) -> No action taken.
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.
c:\Users\Adriana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMe (Trojan.DNSChanger) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMe (Trojan.DNSChanger) -> No action taken.
c:\Users\Adriana\AppData\Roaming\Zango (Adware.Zango) -> No action taken.
C:\Program Files\podmena (Trojan.Downloader) -> No action taken.

Files Infected:
c:\program files\podmena\podmena.dll (Trojan.Agent) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\14ED.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\14ED.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\1CAA.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\1CAA.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\2004.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\2004.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\2846.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\2846.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\475E.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\5B0D.tmp (Trojan.Downloader) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\AB3E.tmp.exe (Trojan.Downloader) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\D524.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\9E2B.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\9E2B.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\9F54.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\9F54.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\A9C8.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\A9C8.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\AA4D.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\AA4D.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\AB3E.tmp (Trojan.Downloader) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\B06D.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\B06D.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\B72A.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\B72A.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\BB62.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\BB62.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\5B0D.tmp.exe (Trojan.Downloader) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\5CB0.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\5CB0.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\5E18.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\5E18.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\6145.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\6145.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\6810.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\6810.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\68F5.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\68F5.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\D953.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\D953.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\DD87.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\DD87.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\AED9.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\AED9.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\733E.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\733E.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\747E.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\747E.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\7487.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\7487.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\7532.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\7532.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\7670.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\7670.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\779E.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\779E.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\7EBC.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\7EBC.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\82CB.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\82CB.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\C331.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\C331.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\D502.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\D502.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\D524.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\3FE1.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\3FE1.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\45CC.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\45CC.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\475E.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\85A6.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\85A6.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\87DE.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\87DE.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\88D7.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\88D7.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\8ABC.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\8ABC.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\8DC8.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\8DC8.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\920A.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\920A.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\F6ED.tmp (Trojan.Downloader) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\F6ED.tmp.exe (Trojan.Downloader) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\4B8F.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\4B8F.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\4D29.tmp (Trojan.Renos) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\4D29.tmp.exe (Trojan.Renos) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\532A.tmp (Trojan.Renos) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\532A.tmp.exe (Trojan.Renos) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\5540.tmp (Trojan.FakeAlert) -> No action taken.
c:\Users\Adriana\AppData\Local\Temp\Low\5540.tmp.exe (Trojan.FakeAlert) -> No action taken.
c:\programdata\ZangoSA\ZangoSA.dat (Adware.Zango) -> No action taken.
c:\programdata\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> No action taken.
c:\programdata\ZangoSA\ZangoSAau.dat (Adware.Zango) -> No action taken.
c:\programdata\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> No action taken.
c:\programdata\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\PlayMe\Uninstall.lnk (Trojan.DNSChanger) -> No action taken.
c:\program files\podmena\podmena.sys (Trojan.Downloader) -> No action taken.
C:\Windows\System32\gaopdxcounter (Trojan.Agent) -> No action taken.
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
C:\Users\Adriana\AppData\Local\Temp\CE2B.tmp.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> No action taken.
C:\Windows\dk39fi4fe.dat (Worm.KoobFace) -> No action taken.
C:\Windows\bf23567.dat (Worm.KoobFace) -> No action taken.
-------------------------------------------------------------------------------
I asked the Malware to delete all the Trojans & then I did a re-scan and it didnt find anything, I went to quarantie and asked for all the viruses to be removed there as well, sofar it seems to be clean?

Member Avatar for Rik_

The timestamp from your HJT log shows it was done before the Mbam scan. You need to post a fresh HJT log from after the Mbam scan.

Member Avatar for jholland1964

The timestamp from your HJT log shows it was done before the Mbam scan. You need to post a fresh HJT log from after the Mbam scan.

Also MBA-M scan shows No action taken.
 for all 177 infected items found and also this was only a Quick Scan. Since the full scan will scan ALL files and the quick scan does not, the standard instructions for using MBA-M when working on an infected computer are the following:

Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
I realize full instructions were not posted but this is for general info so I would advise that you Update MBA-M again, follow the above instructions. Then REBOOT the computer.
Then run a new HJT scan. Save the log and then come back here with both new logs.

Member Avatar for BOOU7898

I have done both the scans, Malware & Hijack this & doubled checked both, both came out clean. (I am not putting it because I have confirmed it with my other mates & the results came out fine) all the viruses in Quarantine were deleted as well, didn't get any viruses on the full scan either.

Thanks for your support guys, consider this one solved, thankyou again for your help :)

Member Avatar for Rik_

With a large number of infections like that, I very much doubt your pc is anywhere near clean yet.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.