0

Yesterday mom mom got a nasty that is not allowing her to access anti-virus sites for updates or downloads. I found some mirror sites and stuff, and ended up getting Malwarebytes, Spybot, the Stubware and HJT. I will post the HJT log here in a second, IVe tried all kinds of stuff, It wont even let it accespt downloads from my flash drive from a clean computer. I am thinking of re-formatting, but I dont really want to. I would much rather find a way to get rid of this so that I have it for future knowledge. Any help would be great!


Here is the Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:49 PM, on 3/15/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\TheStubware\TheStubware.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dawn
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [TheStubware] C:\Program Files\TheStubware\TheStubware.exe -Startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1198295860-2268891652-1491637286-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Ryan and Brit')
O4 - Startup: Fanbase.lnk = C:\Program Files\Fanbase\Fanbase.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DGSD - Sysinternals - www.sysinternals.com - C:\Users\gateway\AppData\Local\Temp\DGSD.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MOGD - Sysinternals - www.sysinternals.com - C:\Users\gateway\AppData\Local\Temp\MOGD.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TY - Sysinternals - www.sysinternals.com - C:\Users\gateway\AppData\Local\Temp\TY.exe

--
End of file - 5040 bytes


Any advice would be greatly appreciated.

4
Contributors
4
Replies
6
Views
7 Years
Discussion Span
Last Post by jholland1964
0

Hello,

I would try booting from another disk and attempting to clean out the VIRUS. Something like Ultimate Boot CD for windows will let you create a boot disk with anti-virus and/or anti-spyware on it. If you just need an ISO that will work email me and I will tell you where to download one of my server.

<snip>

Edited by crunchie: Snipped email address. Keep it on the site.

0

You show Malwarebytes' Anti-malware all ready ON the computer. Did you run any scans with it? HJT isn't a cleaner program, it essentially gives a picture of what is running on the computer and basically what programs are set to run at start up.

Turn off the following programs and leave them turned off.
Spybot - Search & Destroy TeaTimer
Registry Mechanic
TheStubware
Then update Malwarebytes' Anti-Malware and do a full system scan with it. Have it remove all it finds, reboot and post back here with the log.

Edited by jholland1964: n/a

0

my Mcafee real-time scanner dont work, it dont turn on. pls help.

This thread is nine months old and was begun by another poster. You need to create your own thread and no post your problems within another person's thread.
Follow the steps given here http://www.daniweb.com/forums/thread134865.html and then create your OWN thread with clear and precise information on exactly what is happening and also with a clear title to explain the problems,

Edited by jholland1964: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.