| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 129056 | 2013-01-30 20:23:00 | PUP.MyWebSearch HJT | NZHawk (4093) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1325696 | 2013-01-30 20:23:00 | I ran Malwarebytes on a computer & it came up with 333 incidents of PUP.MyWebSearch is this an infection or what? Here is the HJT log if someone could look at it and tell me if it is still infected: many thanks Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:39:25 a.m., on 31/01/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\Owner\Application Data\alotservice\alotservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\tcnz\McciTrayApp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\msiexec.exe F:\2 Cleaning Tools\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {b3b5c47e-61f7-4d81-af06-461fc86686ce} - C:\Program Files\MyScrapNook_12\bar\1.bin\12SrcAs.dll (file missing) O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.0.9\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: ALOT Appbar Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.0.9\coIEPlg.dll O3 - Toolbar: My Scrap Nook - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll (file missing) O3 - Toolbar: MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (file missing) O3 - Toolbar: ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\ALOTHelper.dll O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [tcnz_McciTrayApp] "C:\Program Files\tcnz\McciTrayApp.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Driver Manager] C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O8 - Extra context menu item: &Search - tbedits.totalrecipesearch.com O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - www.update.microsoft.com O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe O23 - Service: ALOT Update Service (AlotService) - Inuvo Inc. - C:\Documents and Settings\Owner\Application Data\alotservice\alotservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- End of file - 6523 bytes |
NZHawk (4093) | ||
| 1325697 | 2013-01-30 20:37:00 | Did you tell mbam to remove all of the entries?? Uninstall this if its still installed R3 - URLSearchHook: (no name) - {b3b5c47e-61f7-4d81-af06-461fc86686ce} - C:\Program Files\MyScrapNook_12\bar\1.bin\12SrcAs.dll (file missing) Uninstall this too O2 - BHO: ALOT Appbar Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll Uninstall this too O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: My Scrap Nook - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll (file missing) Uninstall this too O3 - Toolbar: MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (file missing) O3 - Toolbar: ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\ALOTHelper.dll O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" This may go after you uninstall Alot toolbar or whatever it is O23 - Service: ALOT Update Service (AlotService) - Inuvo Inc. - C:\Documents and Settings\Owner\Application Data\alotservice\alotservice.exe |
Speedy Gonzales (78) | ||
| 1325698 | 2013-01-30 20:46:00 | Yes - I told mbam to remove all after I uninstall the above do you want another HJT or should I run MBAM again? |
NZHawk (4093) | ||
| 1325699 | 2013-01-30 20:59:00 | I would do a full scan with mabam after | Speedy Gonzales (78) | ||
| 1325700 | 2013-01-30 22:52:00 | 2nd scan with Malwarebytes: clean | NZHawk (4093) | ||
| 1325701 | 2013-01-30 23:36:00 | Run Spybot S&D -- I did a laptop here yesterday, ran Malwarebytes first, then Spybot. Spybot picked up a further 30 odd that MB missed. | wainuitech (129) | ||
| 1325702 | 2013-01-30 23:42:00 | Thanks for a great suggestion! will do |
NZHawk (4093) | ||
| 1 | |||||