| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 129243 | 2013-02-12 20:31:00 | HJT Log | NZHawk (4093) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1327652 | 2013-02-12 20:31:00 | This computer was infected with MapsGalaxy, RadioRage & Reference Boss. I ran Malwarebytes which removed 303 infections I then ran Spybot S/D: clean could someone review this HJT log to be sure that all infections are removed, Thank you Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:04:34 a.m., on 13/02/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Administrator\Desktop\2 Cleaning Tools\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Bitdefender\Bitdefender 2012\seccenter.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R3 - URLSearchHook: Yahoo!Xtra Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {3a7f3254-eafa-4dbc-b4f3-0d40916f3352} - C:\Program Files\ReferenceBoss_1p\bar\1.bin\1pSrcAs.dll (file missing) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll O3 - Toolbar: Yahoo!Xtra Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (file missing) O3 - Toolbar: ReferenceBoss - {c4676d53-fce5-4a19-be4d-97e6eaf7e19a} - C:\Program Files\ReferenceBoss_1p\bar\1.bin\1pbar.dll (file missing) O3 - Toolbar: RadioRage - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files\RadioRage_4j\bar\1.bin\4jbar.dll (file missing) O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O8 - Extra context menu item: &Search - tbedits.radiorage.com O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - www.update.microsoft.com O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- End of file - 6019 bytes |
NZHawk (4093) | ||
| 1327653 | 2013-02-12 20:37:00 | O3 - Toolbar: MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (file missing) O3 - Toolbar: ReferenceBoss - {c4676d53-fce5-4a19-be4d-97e6eaf7e19a} - C:\Program Files\ReferenceBoss_1p\bar\1.bin\1pbar.dll (file missing) O3 - Toolbar: RadioRage - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files\RadioRage_4j\bar\1.bin\4jbar.dll (file missing) If ccleaner is installed, go to tools/startup / one of the browser entries. If these appear there delete them. If Java 6 update 39 isnt installed, uninstall all previous versions then update it |
Speedy Gonzales (78) | ||
| 1327654 | 2013-02-12 20:45:00 | thank you | NZHawk (4093) | ||
| 1327655 | 2013-02-12 20:52:00 | No probs | Speedy Gonzales (78) | ||
| 1327656 | 2013-02-12 22:00:00 | MapsGalaxy, ReferenceBoss & RadioRage do appear in CCleaner startup but they are greyed out. Is there a way to complete remove them all traces? |
NZHawk (4093) | ||
| 1327657 | 2013-02-12 22:04:00 | Remove them in whatever browser theyre in under addons | Speedy Gonzales (78) | ||
| 1327658 | 2013-02-12 22:31:00 | Did that - they were in Mozilla FireFox, but they still appear in CCleaner startup but they are greyed out. Do I need to be concerned? |
NZHawk (4093) | ||
| 1327659 | 2013-02-12 22:33:00 | Can you delete them if you highlight them | Speedy Gonzales (78) | ||
| 1327660 | 2013-02-12 22:40:00 | Right o Right click & delete removes them Thanks again |
NZHawk (4093) | ||
| 1327661 | 2013-02-12 22:41:00 | Sweet | Speedy Gonzales (78) | ||
| 1 | |||||