FYI, those lines are not dangerous. They essentially block anything that tries to connect to the sites listed.
Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.
Memory Processes Infected: (No malicious items detected)
Memory Modules Infected: (No malicious items detected)
Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f10587e9-0e47-4cbe-abcd-7dd20b862223} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f10587e9-0e47-4cbe-abcd-7dd20b862223} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3935b537-3e6d-04ed-abb3-acb16a699e3b} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{747e1fbe-b70f-441d-bbca-6e536c04924a} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e94eb13e-d78f-0857-7734-5e67a49ffff1} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\WebBuying (Adware.WebBuying) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{747e1fbe-b70f-441d-bbca-6e536c04924a} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Data Items Infected: (No malicious items detected)
Folders Infected: C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. C:\Program Files\Common Files\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. C:\Program Files\WinSpyKiller (Rogue.WinSpyKiller) -> Quarantined and deleted successfully. C:\WINDOWS\system32\T8 (Trojan.Downloader) -> Quarantined and deleted successfully.
Files Infected: C:\WINDOWS\system32\drivers\FOPN.sys (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. C:\Program Files\Common Files\WinAntiSpyware 2007\err.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. C:\Program Files\WinSpyKiller\Uninstall.exe (Rogue.WinSpyKiller) -> Quarantined and deleted successfully. C:\Program Files\WinSpyKiller\WinSpyKiller.lic (Rogue.WinSpyKiller) -> Quarantined and deleted successfully. C:\WINDOWS\system32\T8\nic32.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully. C:\WINDOWS\Explorer.EXE.Z-missing.txt (Heuristic.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
And the Highjack This log:
Logfile of HijackThis v1.99.1 Scan saved at 10:30:25 PM, on 3/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608)
When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
Click on Start Scan.
after the scan completes i twill produce a log for you, copy and paste the results of that scan as a reply to this thread
If any infections are found, (After you save the logfile), Click on Remove Infections.
karate0kat
52 Posts
0
March 9th, 2008 01:00
127.0.0.1 www.kintunhdefunhganmdesun.com
127.0.0.1 kintunhdefunhganmdesun.com
127.0.0.1 www.kitehosting.com
127.0.0.1 kitehosting.com
127.0.0.1 www.kjataweb.it
127.0.0.1 kjataweb.it
127.0.0.1 www.kkataweb.it
127.0.0.1 kkataweb.it
127.0.0.1 www.klataweb.it
127.0.0.1 klataweb.it
127.0.0.1 www.klibero.it
127.0.0.1 klibero.it
127.0.0.1 klik.klikadvertising.com
127.0.0.1 www.klikadvertising.com
127.0.0.1 klikadvertising.com
127.0.0.1 kliksearch.com
127.0.0.1 www.kliksoftware.com
127.0.0.1 kliksoftware.com
127.0.0.1 k-lined.com
127.0.0.1 www.klitegeneration.com
127.0.0.1 klitegeneration.com
127.0.0.1 k-litegold.com
127.0.0.1 www.k-litegold.com
127.0.0.1 k-litegold.com
127.0.0.1 klitepro.com
127.0.0.1 www.klitepro.com
127.0.0.1 klitepro.com
127.0.0.1 www.k-litepro.com
127.0.0.1 k-litepro.com
127.0.0.1 k-litetk.com
127.0.0.1 www.k-litetk.com
127.0.0.1 k-litetk.com
127.0.0.1 www.kmataweb.it
127.0.0.1 kmataweb.it
127.0.0.1 www.kmpads.com
127.0.0.1 kmpads.com
127.0.0.1 www.kmsn.it
127.0.0.1 kmsn.it
127.0.0.1 www.koataweb.it
127.0.0.1 koataweb.it
127.0.0.1 www.komforochka.info
127.0.0.1 komforochka.info
127.0.0.1 www.kqataweb.it
127.0.0.1 kqataweb.it
127.0.0.1 www.kr62.com
127.0.0.1 kr62.com
127.0.0.1 www.krankin.com
127.0.0.1 krankin.com
127.0.0.1 www.ksataweb.it
127.0.0.1 ksataweb.it
127.0.0.1 ksdspups.org
127.0.0.1 www.kstaweb.it
127.0.0.1 kstaweb.it
127.0.0.1 www.ktaweb.it
127.0.0.1 ktaweb.it
127.0.0.1 www.kuturoisus.com
127.0.0.1 kuturoisus.com
127.0.0.1 www.kyoishusei.com
127.0.0.1 kyoishusei.com
127.0.0.1 www.kzataweb.it
127.0.0.1 kzataweb.it
127.0.0.1 www.kzdh.com
127.0.0.1 kzdh.com
127.0.0.1 www.l8bero.it
127.0.0.1 l8bero.it
127.0.0.1 www.l8ibero.it
127.0.0.1 l8ibero.it
127.0.0.1 www.l9bero.it
127.0.0.1 l9bero.it
127.0.0.1 www.l9ibero.it
127.0.0.1 l9ibero.it
127.0.0.1 landrape.com
127.0.0.1 www.Lastsoftwares.com
127.0.0.1 Lastsoftwares.com
127.0.0.1 www.laughnetwork.com
127.0.0.1 laughnetwork.com
127.0.0.1 lauraroebuck.com
127.0.0.1 www.lavasoftupdate.com
127.0.0.1 lavasoftupdate.com
127.0.0.1 www.lavl-vicky.com
127.0.0.1 lavl-vicky.com
127.0.0.1 www.lbero.it
127.0.0.1 lbero.it
127.0.0.1 www.lbiero.it
127.0.0.1 lbiero.it
127.0.0.1 leannalovelace.com
127.0.0.1 www.lebenstest.de
127.0.0.1 lebenstest.de
127.0.0.1 www.lerunjinkfeunhadesun.com
127.0.0.1 lerunjinkfeunhadesun.com
127.0.0.1 www.lesbianpornmag.com
127.0.0.1 lesbianpornmag.com
127.0.0.1 www.lesbianspornmag.com
127.0.0.1 lesbianspornmag.com
127.0.0.1 lesobank.ru
127.0.0.1 www.lets-get-it.info
127.0.0.1 lets-get-it.info
127.0.0.1 lets-get-it.net
127.0.0.1 www.lets-get-it.org
127.0.0.1 lets-get-it.org
127.0.0.1 www.lfxmsc.gov.cn
127.0.0.1 lfxmsc.gov.cn
127.0.0.1 www.li8bero.it
127.0.0.1 li8bero.it
127.0.0.1 www.li9bero.it
127.0.0.1 li9bero.it
127.0.0.1 www.lib3ero.it
127.0.0.1 lib3ero.it
127.0.0.1 www.lib3ro.it
127.0.0.1 lib3ro.it
127.0.0.1 www.lib4ero.it
127.0.0.1 lib4ero.it
127.0.0.1 www.lib4ro.it
127.0.0.1 lib4ro.it
127.0.0.1 www.libdero.it
127.0.0.1 libdero.it
127.0.0.1 www.libdro.it
127.0.0.1 libdro.it
127.0.0.1 www.libe3ro.it
127.0.0.1 libe3ro.it
127.0.0.1 www.libe4o.it
127.0.0.1 libe4o.it
127.0.0.1 www.libe4ro.it
127.0.0.1 libe4ro.it
127.0.0.1 www.libe5o.it
127.0.0.1 libe5o.it
127.0.0.1 www.libe5ro.it
127.0.0.1 libe5ro.it
127.0.0.1 www.libedro.it
127.0.0.1 libedro.it
127.0.0.1 www.libeeo.it
127.0.0.1 libeeo.it
127.0.0.1 www.libeero.it
127.0.0.1 libeero.it
127.0.0.1 www.libefro.it
127.0.0.1 libefro.it
127.0.0.1 www.libegro.it
127.0.0.1 libegro.it
127.0.0.1 www.liber0.it
127.0.0.1 liber0.it
127.0.0.1 www.liber0o.it
127.0.0.1 liber0o.it
127.0.0.1 www.liber4o.it
127.0.0.1 liber4o.it
127.0.0.1 www.liber5o.it
127.0.0.1 liber5o.it
127.0.0.1 www.liber9.it
127.0.0.1 liber9.it
127.0.0.1 www.liberdo.it
127.0.0.1 liberdo.it
127.0.0.1 www.libereo.it
127.0.0.1 libereo.it
127.0.0.1 www.liberfo.it
127.0.0.1 liberfo.it
127.0.0.1 www.libergo.it
127.0.0.1 libergo.it
127.0.0.1 www.liberko.it
127.0.0.1 liberko.it
127.0.0.1 www.liberl.it
127.0.0.1 liberl.it
127.0.0.1 www.liberlo.it
127.0.0.1 liberlo.it
127.0.0.1 www.libero0.it
127.0.0.1 libero0.it
127.0.0.1 www.libero9.it
127.0.0.1 libero9.it
127.0.0.1 www.liberoi.it
127.0.0.1 liberoi.it
127.0.0.1 www.liberok.it
127.0.0.1 liberok.it
127.0.0.1 www.liberol.it
127.0.0.1 liberol.it
127.0.0.1 www.liberop.it
127.0.0.1 liberop.it
127.0.0.1 www.liberpo.it
127.0.0.1 liberpo.it
127.0.0.1 www.liberro.it
127.0.0.1 liberro.it
127.0.0.1 libertyonlinehosting.com
127.0.0.1 www.libesro.it
127.0.0.1 libesro.it
127.0.0.1 www.libetro.it
127.0.0.1 libetro.it
127.0.0.1 www.libewro.it
127.0.0.1 libewro.it
127.0.0.1 www.libfero.it
127.0.0.1 libfero.it
127.0.0.1 www.libfro.it
127.0.0.1 libfro.it
127.0.0.1 www.libgero.it
127.0.0.1 libgero.it
127.0.0.1 www.libhero.it
127.0.0.1 libhero.it
127.0.0.1 www.libnero.it
127.0.0.1 libnero.it
127.0.0.1 www.libreo.it
127.0.0.1 libreo.it
127.0.0.1 www.librero.it
127.0.0.1 librero.it
127.0.0.1 www.libsero.it
127.0.0.1 libsero.it
127.0.0.1 www.libsro.it
127.0.0.1 libsro.it
127.0.0.1 www.libvero.it
127.0.0.1 libvero.it
127.0.0.1 www.libwero.it
127.0.0.1 libwero.it
127.0.0.1 www.libwro.it
127.0.0.1 libwro.it
127.0.0.1 www.ligbero.it
127.0.0.1 ligbero.it
127.0.0.1 www.ligero.it
127.0.0.1 ligero.it
127.0.0.1 www.lightcodec.com
127.0.0.1 lightcodec.com
127.0.0.1 www.lightcodec.net
127.0.0.1 lightcodec.net
127.0.0.1 www.lightspeedsearch.net
127.0.0.1 lightspeedsearch.net
127.0.0.1 www.lihbero.it
127.0.0.1 lihbero.it
127.0.0.1 www.lihero.it
127.0.0.1 lihero.it
127.0.0.1 www.liibero.it
127.0.0.1 liibero.it
127.0.0.1 www.lijbero.it
127.0.0.1 lijbero.it
127.0.0.1 www.likbero.it
127.0.0.1 likbero.it
127.0.0.1 www.lilbero.it
127.0.0.1 lilbero.it
127.0.0.1 www.limewire.click-new-download.com
127.0.0.1 limewire.click-new-download.com
127.0.0.1 www.limewire2007pro.info
127.0.0.1 limewire2007pro.info
127.0.0.1 www.limewire-download-pro.com
127.0.0.1 limewire-download-pro.com
127.0.0.1 www.limewire-mp3-share.com
127.0.0.1 limewire-mp3-share.com
127.0.0.1 www.limewirenetwork.com
127.0.0.1 limewirenetwork.com
127.0.0.1 www.limewire-pro-downloads.com
127.0.0.1 limewire-pro-downloads.com
127.0.0.1 www.limewirezone.com
127.0.0.1 limewirezone.com
127.0.0.1 www.linbero.it
127.0.0.1 linbero.it
127.0.0.1 www.linero.it
127.0.0.1 linero.it
127.0.0.1 lingerie-mania.com
127.0.0.1 www.linkautomatici.com
127.0.0.1 linkautomatici.com
127.0.0.1 links4all.biz
127.0.0.1 linksummary.com
127.0.0.1 www.liobero.it
127.0.0.1 liobero.it
127.0.0.1 lisamatthew.com
127.0.0.1 www.little-download.net
127.0.0.1 little-download.net
127.0.0.1 www.little-help.com
127.0.0.1 little-help.com
127.0.0.1 www.liubero.it
127.0.0.1 liubero.it
127.0.0.1 www.livbero.it
127.0.0.1 livbero.it
127.0.0.1 www.live.*-explorer.com
127.0.0.1 live.*-explorer.com
127.0.0.1 livegambling.com
markamus
435 Posts
0
March 9th, 2008 01:00
FYI, those lines are not dangerous. They essentially block anything that tries to connect to the sites listed.
Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.
In your next reply, please include the following:
karate0kat
52 Posts
0
March 9th, 2008 01:00
127.0.0.1 xupiter.com
127.0.0.1 xvgate.com
127.0.0.1 www.xvgate.com
127.0.0.1 www.xvidscollection.com
127.0.0.1 xvidscollection.com
127.0.0.1 www.xvsenterprise.com
127.0.0.1 xvsenterprise.com
127.0.0.1 x-webdesign.com
127.0.0.1 xwe*earch.biz
127.0.0.1 www.xwe*earch.biz
127.0.0.1 www.xxlblog.info
127.0.0.1 xxlblog.info
127.0.0.1 www.xxx.com
127.0.0.1 xxx.com
127.0.0.1 xxxallvideo.com
127.0.0.1 www.xxxallvideo.com
127.0.0.1 xxxcategories.com
127.0.0.1 xxxemailxxx.com
127.0.0.1 xxxmovietour.com
127.0.0.1 www.xxxmovietour.com
127.0.0.1 www.xxxpornmovs.com
127.0.0.1 xxxpornmovs.com
127.0.0.1 xxxteenfilm.com
127.0.0.1 www.xxxteenfilm.com
127.0.0.1 xxxtoolbar.com
127.0.0.1 xxxzonevideo.com
127.0.0.1 www.xxxzonevideo.com
127.0.0.1 www.xyzlimited.com
127.0.0.1 xyzlimited.com
127.0.0.1 www.xyzsolution.com
127.0.0.1 xyzsolution.com
127.0.0.1 xzoomy.com
127.0.0.1 yahabags.com
127.0.0.1 www.yahabags.com
127.0.0.1 yahoo.downloadznow.net
127.0.0.1 yahoo.panet.org
127.0.0.1 www.yboeragu.com
127.0.0.1 yboeragu.com
127.0.0.1 www.ydaproject.com
127.0.0.1 ydaproject.com
127.0.0.1 yeak.net
127.0.0.1 y-e-l-l-o-w.com
127.0.0.1 yellow500.com
127.0.0.1 yezol.com
127.0.0.1 www.ygcoueorn.com
127.0.0.1 ygcoueorn.com
127.0.0.1 www.ygcovtvcp.com
127.0.0.1 ygcovtvcp.com
127.0.0.1 www.ygoogle.it
127.0.0.1 ygoogle.it
127.0.0.1 ygsondheks.info
127.0.0.1 www.ygsondheks.info
127.0.0.1 yim-stop.com
127.0.0.1 www.yim-stop.com
127.0.0.1 www.yiscali.it
127.0.0.1 yiscali.it
127.0.0.1 www.ymctaaqada.com
127.0.0.1 ymctaaqada.com
127.0.0.1 www.ymct-aaqada.com
127.0.0.1 ymct-aaqada.com
127.0.0.1 www.ymctavxiz.biz
127.0.0.1 ymctavxiz.biz
127.0.0.1 yoogee.com
127.0.0.1 www.yoogee.com
127.0.0.1 www.yoogle.it
127.0.0.1 yoogle.it
127.0.0.1 yootube.info
127.0.0.1 yops.biz
127.0.0.1 www.yops.biz
127.0.0.1 youfindall.com
127.0.0.1 youfindall.net
127.0.0.1 www.youlikehere.com
127.0.0.1 youlikehere.com
127.0.0.1 www.youniyouwo.com
127.0.0.1 youniyouwo.com
127.0.0.1 yourbookmarks.info
127.0.0.1 yourbookmarks.ws
127.0.0.1 www.yourchillyvids.com
127.0.0.1 yourchillyvids.com
127.0.0.1 yourcodec.com
127.0.0.1 www.yourcodec.com
127.0.0.1 yourieprotect.com
127.0.0.1 www.yourieprotect.com
127.0.0.1 youriesafety.com
127.0.0.1 www.youriesafety.com
127.0.0.1 youriesecure.com
127.0.0.1 www.youriesecure.com
127.0.0.1 www.yourphotozone.com
127.0.0.1 yourphotozone.com
127.0.0.1 your-prescriptions.net
127.0.0.1 yoursearchspace.com
127.0.0.1 www.yoursearchspace.com
127.0.0.1 yoursitebar.com
127.0.0.1 you-search.com
127.0.0.1 you-search.com.ru
127.0.0.1 ypir.com
127.0.0.1 ysa-info.net
127.0.0.1 www.ytiscali.it
127.0.0.1 ytiscali.it
127.0.0.1 www.ytrenitalia.it
127.0.0.1 ytrenitalia.it
127.0.0.1 yukohamano.com
127.0.0.1 www.yunibo.it
127.0.0.1 yunibo.it
127.0.0.1 ywe*earch.info
127.0.0.1 zabywjwzlr.biz.biz
127.0.0.1 www.zabywjwzlr.biz.biz
127.0.0.1 www.zalitalia.it
127.0.0.1 zalitalia.it
127.0.0.1 www.zangcodec.net
127.0.0.1 zangcodec.net
127.0.0.1 zangocash.com
127.0.0.1 www.zangocash.com
127.0.0.1 zapros.com
127.0.0.1 zcodec.com
127.0.0.1 www.zcodec.com
127.0.0.1 zdrqmpad.com
127.0.0.1 www.zdrqmpad.com
127.0.0.1 zelaznyworld.com
127.0.0.1 www.zelaznyworld.com
127.0.0.1 zenotecnico.com
127.0.0.1 www.zenotecnico.com
127.0.0.1 zenotecnico2.com
127.0.0.1 www.zenotecnico2.com
127.0.0.1 zero.bestmanage.org
127.0.0.1 zero.bestmanage0.org
127.0.0.1 zero.bestmanage1.org
127.0.0.1 zero.bestmanage2.org
127.0.0.1 zero.bestmanage3.org
127.0.0.1 zero.bestmanage4.org
127.0.0.1 zero.bestmanage5.org
127.0.0.1 zero.bestmanage6.org
127.0.0.1 zero.bestmanage7.org
127.0.0.1 zero.bestmanage8.org
127.0.0.1 zero.bestmanage9.org
127.0.0.1 zero.serverc.org
karate0kat
52 Posts
0
March 9th, 2008 03:00
The computer seems to be running fine.
Here's the Anti-Malwarebytes log:
Malwarebytes' Anti-Malware 1.07
Database version: 470
Scan type: Quick Scan
Objects scanned: 37097
Time elapsed: 13 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f10587e9-0e47-4cbe-abcd-7dd20b862223} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f10587e9-0e47-4cbe-abcd-7dd20b862223} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3935b537-3e6d-04ed-abb3-acb16a699e3b} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{747e1fbe-b70f-441d-bbca-6e536c04924a} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e94eb13e-d78f-0857-7734-5e67a49ffff1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WebBuying (Adware.WebBuying) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{747e1fbe-b70f-441d-bbca-6e536c04924a} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinSpyKiller (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\T8 (Trojan.Downloader) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\drivers\FOPN.sys (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinSpyKiller\Uninstall.exe (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
C:\Program Files\WinSpyKiller\WinSpyKiller.lic (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\T8\nic32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer.EXE.Z-missing.txt (Heuristic.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
And the Highjack This log:
Logfile of HijackThis v1.99.1
Scan saved at 10:30:25 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD8677] cmd /c del "C:\Documents and Settings\s-cmackie2\Local Settings\Temp\i1FB.tmp_old"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188925426859
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
markamus
435 Posts
0
March 9th, 2008 06:00
Good work.
Let's run a followup scan. Please perform an Ewido Online Malware Scan
In your next reply, please include the following: