wbarnesnc

Members
 View Profile  See their activity

  • Content Count

    1

  • Joined

  • Last visited

 Content Type 

Posts posted by wbarnesnc

  1. Here Is My Hijack This Log.. Plz Help

    in Malware Removal

    Posted

    i downloaded magix music creator and fl studio on utorrent off thepiratebay.org and got a bunch of alerts with avast!

    Here is the malwarebytes log:

    Malwarebytes' Anti-Malware 1.29

    Database version: 1295

    Windows 5.1.2600 Service Pack 2

    10/20/2008 1:55:28 AM

    mbam-log-2008-10-20 (01-55-28).txt

    Scan type: Full Scan (C:\|)

    Objects scanned: 61072

    Time elapsed: 13 minute(s), 2 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 2

    Registry Data Items Infected: 1

    Folders Infected: 0

    Files Infected: 21

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system32 (Trojan.FakeAlert.H) -> Quarantined and deleted

    successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1)

    Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    C:\WINDOWS\system32\update32.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

    C:\Documents and Settings\WILL BARNES\Local Settings\Temp\GLK59.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted

    successfully.

    C:\WINDOWS\system32\dlds1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\dlds2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\dlds5.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\dlds6.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\dlds7.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\dlds8.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\vedxg3am1et3.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\vedxg6ame4.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\vedxga1me4t1.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\vedxga3me2.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\vedxga4me1.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\vx.tll (Malware.Trace) -> Quarantined and deleted successfully.

    C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v3xd1.g22me (Heuristics.Malware) -> Quarantined and deleted

    successfully.

    C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v5xd2.g3ame (Heuristics.Malware) -> Quarantined and deleted

    successfully.

    C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v5xd4.ga2me (Heuristics.Malware) -> Quarantined and deleted

    successfully.

    C:\Documents and Settings\WILL BARNES\Local Settings\Temp\vx1dt1.game (Heuristics.Malware) -> Quarantined and deleted

    successfully.

    C:\Documents and Settings\WILL BARNES\Local Settings\Temp\vx1dt3.game (Heuristics.Malware) -> Quarantined and deleted

    successfully.

    C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v4xd6.gam5e (Heuristics.Malware) -> Quarantined and deleted

    successfully.

    ------------------------------------------------------------------------------------------------------------

    and here is the hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 2:00:42 AM, on 10/20/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    C:\Program Files\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\DOCUME~1\WILLBA~1\LOCALS~1\Temp\RtkBtMnt.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\uTorrent\uTorrent.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

    C:\F1xF.exe

    C:\Program Files\Alwil Software\Avast4\ashChest.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o

    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

    O4 - Startup: Y'z Toolbar.lnk = ?

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

    --

    End of file - 3301 bytes

    plz help me, i try so hard to keep my computer clean :mellow: