Support Forums

Full Version: Infected!! Help please
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
1.
Logfile of Trend Micro HijackThis v2.0.4
2.
Scan saved at 11:45:59 PM, on 7/24/2010
3.
Platform: Windows 7 (WinNT 6.00.3504)
4.
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
5.
Boot mode: Normal
6.

7.
Running processes:
8.
C:\Windows\system32\Dwm.exe
9.
C:\Windows\system32\taskhost.exe
10.
C:\Windows\Explorer.EXE
11.
C:\Program Files\Apoint2K\Apoint.exe
12.
C:\Windows\PLFSetI.exe
13.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
14.
C:\Users\Hitendra\AppData\Roaming\Google\Google Talk\googletalk.exe
15.
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
16.
C:\Program Files\Digsby\lib\digsby-app.exe
17.
C:\Program Files\Apoint2K\ApMsgFwd.exe
18.
C:\Program Files\Apoint2K\Apntex.exe
19.
C:\Windows\system32\conhost.exe
20.
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
21.
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
22.
C:\Windows\system32\conhost.exe
23.
C:\Program Files\CometBird\CometBird.exe
24.
C:\Program Files\Notepad++\notepad++.exe
25.
C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\cuteftppro.exe
26.
C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe
27.
C:\Program Files\CometBird\plugin-container.exe
28.
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
29.

30.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
31.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?...goG2Rfs2YQ
32.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
33.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
34.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
35.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
36.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
37.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
38.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=93.174.81.194:3128;ftp=93.174.81.194:3128;https=93.174.81.194:3128;
39.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
40.
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
41.
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
42.
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
43.
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
44.
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
45.
O2 - BHO: Freecause Shopping BHO - {998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D} - C:\Program Files\Digsby Donates\ShoppingBHO.dll
46.
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
47.
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
48.
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
49.
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
50.
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
51.
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
52.
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
53.
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
54.
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
55.
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
56.
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
57.
O4 - HKCU\..\Run: [googletalk] C:\Users\Hitendra\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
58.
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
59.
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
60.
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
61.
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
62.
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
63.
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
64.
O4 - Global Startup: Bluetooth.lnk = ?
65.
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
66.
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
67.
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
68.
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
69.
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
70.
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
71.
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
72.
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
73.

74.
--
75.
End of file - 5975 bytes
Uhh, are you sure these are infected files bro? I mean... they sound pretty much like spyware tools from major websites...
(07-24-2010, 11:48 AM)Xenon Diosmitide Wrote: [ -> ]Uhh, are you sure these are infected files bro? I mean... they sound pretty much like spyware tools from major websites...

Sorry but i don't know the meaning of Adwares.
Go download spybot.
Its free and will deal with your problems.
Make sure to update and immunize.
Its a small tool but works well.
http://www.safer-networking.org/en/download/index.html

Then you should go to start/run/msconfig and choose selective startup.
Now go to start up tab and see what wants to start.
Disable all but the most important. Firewall and AV etc. No other crap.
Reboot and then do a good scan and hopefully your fine.
Why do you think you are infected... lol..
oh..

nevermind but OP is gone here's the virus anyway

O4 - HKCU\..\Run: [googletalk] C:\Users\Hitendra\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
(07-27-2010, 04:50 PM)Bronze Wrote: [ -> ]Why do you think you are infected... lol..
oh..

nevermind but OP is gone here's the virus anyway

O4 - HKCU\..\Run: [googletalk] C:\Users\Hitendra\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

Oh Lawds...
http://www.google.com/talk/
OP, post this in the HJT section at HF. It shall receive proper attention there.