Previous Topic Next Topic

My desktop is not normal as before

Closed
prasanna - Mar 21, 2010 at 06:46 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Mar 21, 2010 at 07:34 AM
i cannot be in contact with you as before because my questions are not reaching you
i dont know why?

this is my position
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 3:45:41 AM, on 3/21/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe
C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\G Data\AntiVirus\GUI\GDSC.exe
c:\program files\g data\antivirus\avk\avk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ycomp/defaults/sp/*https://in.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html?n=77C09F4F&ptnrS=ZCfox000&ptb=CxhK3ahJM2JjMtWyVSlopA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://in.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmp3.tv/bar
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchmp3.tv/...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ycomp/defaults/su/*https://in.yahoo.com/
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\SearchMP3\searchmp3.exe\Streaming_Search_MP3_Toolbar\tbhelper.dll (file missing)
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\AntiVirus\Webfilter\AvkWebIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: TBSB07458 - {5B839A5A-753B-4CFA-9330-071FC5B60471} - C:\Program Files\SearchMP3\searchmp3.exe\Streaming_Search_MP3_Toolbar\tbcore3.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Streaming_Search_MP3_Toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\SearchMP3\searchmp3.exe\Streaming_Search_MP3_Toolbar\tbcore3.dll (file missing)
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\AntiVirus\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000334&p=ZCfox000&si=&a=CxhK3ahJM2JjMtWyVSlopA&n=2010032105
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Streaming_Search_MP3_Toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\SearchMP3\searchmp3.exe\Streaming_Search_MP3_Toolbar\tbcore3.dll (file missing)
O9 - Extra 'Tools' menuitem: Streaming_Search_MP3_Toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\SearchMP3\searchmp3.exe\Streaming_Search_MP3_Toolbar\tbcore3.dll (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{73EF6275-995E-4453-A9E3-8335AB1B19FC}: NameServer = 218.248.255.146 218.248.255.212
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Filesystem Monitor (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe
O23 - Service: G Data Scanner (GDScan) - G DATA Software AG - C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwssvc.exe
Related:

2 responses

Answer 1 / 2
sumana soh Posts 62 Registration date Monday March 15, 2010 Status Member Last seen May 10, 2010 1
Mar 21, 2010 at 06:49 AM
omg better ask ambucias looks like u infected with virus,use avast 5 antivirus along with malwarebytes and scan and tell me the results
Answer 2 / 2
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,166
Mar 21, 2010 at 07:34 AM
Hello,

I was looking for you...

First, I suggest you no longer use Incredimail, it will often keep bugging your system, become a pest and expose you to further infections.

Here is how to remove the infection, please follow these steps carefully:

1. Press together alt+ctrl+del, this open the task manager.
2. Click on the processes tab and locate: C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
3. Terminate that process and close the Task Manager
4. With Hyjackthis, request a scan only.
5. Once the scan is finished, locate and check the following items:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/

O17 - HKLM\System\CCS\Services\Tcpip\..\{73EF6275-995E-4453-A9E3-8335AB1B19FC}: NameServer = 218.248.255.146 218.248.255.212

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwssvc.exe

6. Click on fix checked

7. Close Hyjackthis

8. Download and install Spybot Search and Destroy

https://ccm.net/downloads/security-and-maintenance/4561-spybot-search-destroy/

During the installation process, uncheck the component "Tea Timer" for it is not necessary.

Run a scan with Spybot and delete the items found in red.

One other comment, you have too many antivirus applications which may conflict with one another.

I would much appreciate your feedback, this took a lot of typing

Thank you