# Post virus trauma!!!@#$%!



## AP8309 (Jul 20, 2010)

SO i managed to get rid of an/several annoying viruses with spyware doctor only to find that now my internet browser doesnt work DESPITE being fully connected to the internet! it says that it "cannot display browser" and im afraid that somehow the virus may have affected the software? can anyone gimme any good tipps/PLACES TO START!? ITS SO FRRRUUSTRATINGGGGGGGG MANY THANKSSSSS!!!


----------



## bkribbs (Jul 20, 2010)

AP8309 said:


> SO i managed to get rid of an/several annoying viruses with spyware doctor only to find that now my internet browser doesnt work DESPITE being fully connected to the internet! it says that it "cannot display browser" and im afraid that somehow the virus may have affected the software? can anyone gimme any good tipps/PLACES TO START!? ITS SO FRRRUUSTRATINGGGGGGGG MANY THANKSSSSS!!!



You could be infected still. Try this please and if you come up clean we will see what else we can find.



johnb35 said:


> Please download Malwarebytes' Anti-Malware from *here* or *here* and save it to your desktop.
> 
> Double-click *mbam-setup.exe* and follow the prompts to install the program.
> At the end, be sure a checkmark is placed next to
> ...


----------



## johnb35 (Jul 20, 2010)

Yes, you still may be infected.  However, try this little trick to see if the malware has changed your proxy settings.

Open internet options under the tools menu, click on the connections tab, clilck on the Lan settings button, look under the proxy server settings and uncheck those boxes if they are checked.

I highly recommend running malwarebytes and hijackthis and post both logs back here for me to go through and let you know if you are clean or not.


----------



## AP8309 (Jul 21, 2010)

5 trojans were found!!  so i deleted them.....opened ie8......still a blank page .

this was after i restarted it. :/


----------



## AP8309 (Jul 21, 2010)

johnb35 said:


> Yes, you still may be infected.  However, try this little trick to see if the malware has changed your proxy settings.
> 
> Open internet options under the tools menu, click on the connections tab, clilck on the Lan settings button, look under the proxy server settings and uncheck those boxes if they are checked.
> 
> I highly recommend running malwarebytes and hijackthis and post both logs back here for me to go through and let you know if you are clean or not.



thanks alot. checked the proxy settings theyre all fine. ill see if i can transfer the malwarebytes logs onto this comp


----------



## AP8309 (Jul 21, 2010)

hey so here's the logfile. id appreciate any help-its all greek to me. thanks alot 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:35, on 21/07/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27361209d225l0394z1m5t48l2x228
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27361209d225l0394z1m5t48l2x228
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files (x86)\Softonic_English\tbSoft.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files (x86)\Softonic_English\tbSoft.dll (file missing)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\RunServices: [BASSAPEecekezezoc] c:\users\anna\appdata\local\bassapebassape.exe
O4 - HKCU\..\RunServices: [StudioVisual] c:\users\anna\appdata\locallow\sun\java\deployment\cache\6.0\54\1a209876-38217c94-n\msvcr71visual.exe
O4 - HKCU\..\RunServices: [StudioStudio] c:\users\anna\appdata\locallow\sun\java\deployment\cache\6.0\54\1a209876-2d9d1833-n\visualstudio7.10.6030.0.exe
O4 - HKCU\..\RunServices: [foche9ClassicFTP] c:\users\anna\appdata\local\temp\998897.exe
O4 - HKCU\..\RunServices: [MicrosoftStudio7.10.6030.0] c:\users\anna\appdata\locallow\sun\java\deployment\cache\6.0\46\f84c6ae-6229376c-n\studiomsvcr71.exe
O4 - HKCU\..\RunServices: [ChoicesHeadlinesfeed] c:\users\anna\appdata\local\microsoft\feeds\feeds for united kingdom~\choicesbehind.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{BED7BA7E-F3D6-4EA9-8EEE-F23B2B52778F}: NameServer = 212.74.112.66,212.74.112.67
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14317 bytes


----------



## johnb35 (Jul 21, 2010)

Can you post the malwarebytes log too please.  Open malwarebytes, click on the logs tab and open the log, copy and paste it back here.


----------



## AP8309 (Jul 21, 2010)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21/07/2010 14:21:47
mbam-log-2010-07-21 (14-21-47).txt

Scan type: Quick scan
Objects scanned: 121285
Time elapsed: 21 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Anna\AppData\Local\Temp\8a5.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Anna\AppData\Local\Temp\m.2D337.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Anna\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Anna\AppData\Local\Temp\0.9407430310608064.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Anna\Local Settings\Application Data\Windows Server\oulymk.dll (Trojan.Agent) -> Quarantined and deleted successfully.



cheers


----------



## johnb35 (Jul 21, 2010)

Your malwarebytes version is outdated and needs to be updated.  Open malwarebytes, click on the update tab, click on check for updates.  Keep doing this until it says you have the latest version.  Then rerun a quick scan on your system and post the log from it.


----------



## AP8309 (Jul 21, 2010)

it says an error has occurred---- MBAM_ERROR_UPDATING (0, 0, WinHttpSendRequest)


----------



## johnb35 (Jul 21, 2010)

Open internet explorer, click on tools, internet options, click on the connections tab, click on lan settings.  Make sure the boxes under proxy server are NOT checked. and try updating malwarebytes again.


----------



## AP8309 (Jul 23, 2010)

yep done it-still says the same thing :/


----------



## johnb35 (Jul 24, 2010)

Ok, download and run superantispyware, try updating it first before running it.

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

When its done, post the log from it.  To access the log click on preferences on the main page and then click on statistics/logs button and then open the log, copy and paste back here.

Also I need you to copy and paste whatever information is in your hosts file.  Navigate here.

C:\WINDOWS\system32\drivers\etc\hosts

Right click on the hosts file and click on open, you should see a list of programs to open it with, choose notepad.  Then copy everything in there and paste it back here.


----------



## AP8309 (Jul 24, 2010)

ok here's the log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/24/2010 at 02:26 PM

Application Version : 4.41.1000

Core Rules Database Version : 5242
Trace Rules Database Version: 3054

Scan type       : Quick Scan
Total Scan Time : 00:53:18

Memory items scanned      : 494
Memory threats detected   : 0
Registry items scanned    : 2798
Registry threats detected : 4
File items scanned        : 18129
File threats detected     : 44

Trojan.Agent/Gen
	(x86) [BASSAPEecekezezoc] C:\USERS\ANNA\APPDATA\LOCAL\BASSAPEBASSAPE.EXE
	C:\USERS\ANNA\APPDATA\LOCAL\BASSAPEBASSAPE.EXE
	(x86) [StudioVisual] C:\USERS\ANNA\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\54\1A209876-38217C94-N\MSVCR71VISUAL.EXE
	C:\USERS\ANNA\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\54\1A209876-38217C94-N\MSVCR71VISUAL.EXE
	(x86) [StudioStudio] C:\USERS\ANNA\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\54\1A209876-2D9D1833-N\VISUALSTUDIO7.10.6030.0.EXE
	C:\USERS\ANNA\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\54\1A209876-2D9D1833-N\VISUALSTUDIO7.10.6030.0.EXE
	(x86) [MicrosoftStudio7.10.6030.0] C:\USERS\ANNA\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\46\F84C6AE-6229376C-N\STUDIOMSVCR71.EXE
	C:\USERS\ANNA\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\46\F84C6AE-6229376C-N\STUDIOMSVCR71.EXE
	C:\USERS\ANNA\APPDATA\LOCAL\MICROSOFT\FEEDS\MICROSOFT FEEDS~\MICROSOFTHOMEFEED.EXE

Adware.Tracking Cookie
	C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\anna@atdmt[2].txt
	a.ads2.msads.net [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	acvs.mediaonenetwork.net [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	ads2.msads.net [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	b.ads2.msads.net [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	banners.securedataimages.com [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	broadcast.piximedia.fr [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	cdn4.specificclick.net [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	ia.media-imdb.com [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	m1.emea.2mdn.net [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	media.mtvnservices.com [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	media.scanscout.com [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	media1.break.com [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	msnbcmedia.msn.com [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	objects.tremormedia.com [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	s0.2mdn.net [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	secure-us.imrworldwide.com [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]
	spe.atdmt.com [ C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MFTDUKFB ]

Adware.Flash Tracking Cookie
	C:\Users\Anna\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MFTDUKFB\ACVS.MEDIAONENETWORK.NET
	C:\Users\Anna\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MFTDUKFB\BROADCAST.PIXIMEDIA.FR
	C:\Users\Anna\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MFTDUKFB\IA.MEDIA-IMDB.COM
	C:\Users\Anna\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MFTDUKFB\MEDIA.MTVNSERVICES.COM
	C:\Users\Anna\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MFTDUKFB\MEDIA1.BREAK.COM
	C:\Users\Anna\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MFTDUKFB\MSNBCMEDIA.MSN.COM
	C:\Users\Anna\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MFTDUKFB\OBJECTS.TREMORMEDIA.COM
	C:\Users\Anna\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MFTDUKFB\A.ADS2.MSADS.NET
	C:\Users\Anna\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MFTDUKFB\ADS2.MSADS.NET
	C:\Users\Anna\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MFTDUKFB\B.ADS2.MSADS.NET
	C:\Users\Anna\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MFTDUKFB\SPE.ATDMT.COM
	C:\Users\Anna\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MFTDUKFB\M1.EMEA.2MDN.NET
	C:\Users\Anna\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MFTDUKFB\S0.2MDN.NET
	C:\Users\Anna\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MFTDUKFB\SECURE-US.IMRWORLDWIDE.COM

Rogue.SecurityMasterAV
	C:\ProgramData\D3A39CB
	C:\ProgramData\SMRTNHUFMAV

Trojan.Agent/Gen-FakeAlert[Mares]
	C:\USERS\ANNA\APPDATA\LOCAL\WSPROG.DLL

Trojan.Agent/Gen-FraudPack
	C:\USERS\ANNA\APPDATA\ROAMING\MICROSOFT\WINDOWS\TEMPLATES\MEMORY.TMP

Trojan.Agent/Gen-FakeAlert[Scar]
	C:\USERS\ANNA\APPDATA\ROAMING\74AE.EXE
	C:\Windows\Prefetch\74AE.EXE-3BFE15D9.pf

Trojan.Vundo-Variant/F
	C:\WINDOWS\JESTERTB.DLL




and heres the host file:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost


----------



## johnb35 (Jul 24, 2010)

Were you able to update Superantispyware, because you aren't running the latest database version.  Have you tried to update Malwarebytes yet?

Post a fresh hijackthis log please.


----------



## Houdini (Jul 25, 2010)

I had the same thing happen to me, my solution was, because there was nothing on this computer, to do a clean install of my o/s.  I did a repair b4 that but it didnt work.       a bad torrent caused mine, and me not paying attention


----------

