pattycake
-
Posts
6 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by pattycake
-
Unable to get rid of malware,
pattycake replied to pattycake's topic in Resolved Malware Removal Logs
I downloaded "ComboFix" to the desktop and read all of the directions. It then installed the Windows Recovery Console. It did run a scan but I could never locate the report... It would say "deleting folders" and then restart my computer but there was never a report anywhere. I tried a "search" last night and let it run all night...it was still searching this a.m. I tried downloading and installing ComboFix from another of the suggested sites, with the same results.. What to do?? -
Unable to get rid of malware,
pattycake replied to pattycake's topic in Resolved Malware Removal Logs
Looks like one my Duh days.. Malwarebytes' Anti-Malware 1.37 Database version: 2203 Windows 5.1.2600 Service Pack 3 5/31/2009 2:27:08 PM mbam-log-2009-05-31 (14-26-39).txt may 31 Scan type: Quick Scan Objects scanned: 90631 Time elapsed: 4 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 59 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\explore.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\services.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\comploader.dll (Adware.BHO) -> No action taken. C:\WINDOWS\SYSTEM32\socul.dll (Adware.BHO) -> No action taken. C:\WINDOWS\SYSTEM32\sodahk.dll (Adware.BHO) -> No action taken. C:\WINDOWS\SYSTEM32\unsocul.exe (Adware.BHO) -> No action taken. C:\WINDOWS\SYSTEM32\rundll.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\winhost.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\server.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\winupd.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\sksdrvr2.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\svhost.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\winsys.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\csrss.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\SYSTEM32\iexplore.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\SYSTEM32\msupdate.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\SYSTEM32\win32.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\SYSTEM32\msmsgs.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\SYSTEM32\skybot.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> No action taken. C:\csrss.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\svchost32.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\0.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\windll.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\smss.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\SYSTEM32\iexplorer.exe (Trojan.Downloader) -> No action taken. C:\winstall.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\SYSTEM32\klo5.sys (Stolen.Data) -> No action taken. C:\WINDOWS\SYSTEM32\draw32.dll (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\c3.dll (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\cm.dll (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\sdmapi.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\boot32.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\vdnt32.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\memlow.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\c3.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\c4.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\hm.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\wd.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\winxp.exe (Backdoor.Poison) -> No action taken. C:\WINDOWS\SYSTEM32\servises.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\msnmsgrs.exe (Trojan.Banker) -> No action taken. C:\hellmsn.exe (Worm.Mytob) -> No action taken. C:\WINDOWS\SYSTEM32\taskgmr32.exe (Worm.Mytob) -> No action taken. C:\WINDOWS\SYSTEM32\svshost.exe (Adware.EasySearch) -> No action taken. C:\WINDOWS\SYSTEM32\censored.exe (Backdoor.Hupigon) -> No action taken. C:\WINDOWS\SYSTEM32\mswins.exe (Backdoor.Sdbot) -> No action taken. C:\WINDOWS\skynetave.exe (Worm.Sasser) -> No action taken. Malwarebytes' Anti-Malware 1.37 Database version: 2203 Windows 5.1.2600 Service Pack 3 5/31/2009 2:58:47 PM mbam-log-2009-05-31 (14-58-47).txt Scan type: Quick Scan Objects scanned: 90632 Time elapsed: 5 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 59 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\explore.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\services.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\comploader.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\SYSTEM32\socul.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\SYSTEM32\sodahk.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\SYSTEM32\unsocul.exe (Adware.BHO) -> Delete on reboot. C:\WINDOWS\SYSTEM32\rundll.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\winhost.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\server.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\winupd.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\sksdrvr2.sys (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\svhost.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\winsys.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\csrss.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\SYSTEM32\iexplore.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\SYSTEM32\msupdate.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\SYSTEM32\win32.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\SYSTEM32\msmsgs.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\SYSTEM32\skybot.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Delete on reboot. C:\csrss.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\svchost32.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\0.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\windll.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\smss.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\SYSTEM32\iexplorer.exe (Trojan.Downloader) -> Delete on reboot. C:\winstall.exe (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\SYSTEM32\klo5.sys (Stolen.Data) -> Delete on reboot. C:\WINDOWS\SYSTEM32\draw32.dll (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\c3.dll (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\cm.dll (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\sdmapi.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\boot32.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\vdnt32.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\memlow.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\c3.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\c4.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\hm.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\wd.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\winxp.exe (Backdoor.Poison) -> Delete on reboot. C:\WINDOWS\SYSTEM32\servises.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\msnmsgrs.exe (Trojan.Banker) -> Delete on reboot. C:\hellmsn.exe (Worm.Mytob) -> Delete on reboot. C:\WINDOWS\SYSTEM32\taskgmr32.exe (Worm.Mytob) -> Delete on reboot. C:\WINDOWS\SYSTEM32\svshost.exe (Adware.EasySearch) -> Delete on reboot. C:\WINDOWS\SYSTEM32\censored.exe (Backdoor.Hupigon) -> Delete on reboot. C:\WINDOWS\SYSTEM32\mswins.exe (Backdoor.Sdbot) -> Delete on reboot. C:\WINDOWS\skynetave.exe (Worm.Sasser) -> Delete on reboot. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-05-14.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 1/28/2005 10:31:54 PM System Uptime: 5/31/2009 3:02:42 PM (0 hours ago) Motherboard: Dell Computer Corp. | | 0F8403 Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 34 GiB total, 19.043 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP116: 4/29/2009 5:55:01 PM - System Checkpoint RP117: 4/30/2009 6:13:51 PM - System Checkpoint RP118: 5/1/2009 6:24:51 PM - System Checkpoint RP119: 5/2/2009 9:08:03 PM - System Checkpoint RP120: 5/4/2009 9:49:01 AM - System Checkpoint RP121: 5/5/2009 2:08:36 PM - System Checkpoint RP122: 5/6/2009 2:56:37 PM - System Checkpoint RP123: 5/7/2009 3:59:17 PM - System Checkpoint RP124: 5/8/2009 4:23:46 PM - System Checkpoint RP125: 5/9/2009 5:00:01 PM - System Checkpoint RP126: 5/11/2009 6:31:25 AM - Installed Do not compress old files for Disk Cleanup Tool RP127: 5/11/2009 8:51:20 AM - Installed MediaImpression RP128: 5/11/2009 8:54:00 AM - Installed Connect Service RP129: 5/11/2009 9:48:13 AM - Installed MediaImpression RP130: 5/12/2009 10:09:40 AM - System Checkpoint RP131: 5/13/2009 8:53:20 AM - Software Distribution Service 3.0 RP132: 5/13/2009 10:26:36 AM - Installed Windows Media Player 11 RP133: 5/13/2009 10:30:08 AM - Installed Windows XP MSCompPackV1. RP134: 5/13/2009 4:40:40 PM - Removed MediaImpression RP135: 5/14/2009 5:59:04 PM - System Checkpoint RP136: 5/15/2009 7:07:21 PM - System Checkpoint RP137: 5/16/2009 7:34:18 PM - System Checkpoint RP138: 5/17/2009 7:36:57 PM - System Checkpoint RP139: 5/19/2009 10:04:53 AM - System Checkpoint RP140: 5/20/2009 10:18:08 AM - System Checkpoint RP141: 5/21/2009 11:44:41 AM - System Checkpoint RP142: 5/22/2009 12:11:04 PM - System Checkpoint RP143: 5/23/2009 1:00:28 PM - System Checkpoint RP144: 5/24/2009 1:12:10 PM - System Checkpoint RP145: 5/25/2009 2:23:00 PM - System Checkpoint RP146: 5/26/2009 2:33:52 PM - System Checkpoint RP147: 5/27/2009 2:43:43 PM - System Checkpoint RP148: 5/27/2009 9:24:58 PM - Software Distribution Service 3.0 RP149: 5/28/2009 7:25:46 AM - Installed Windows Internet Explorer 8. RP150: 5/28/2009 7:27:17 AM - Software Distribution Service 3.0 RP151: 5/29/2009 8:26:39 AM - System Checkpoint RP152: 5/30/2009 8:35:19 AM - System Checkpoint RP153: 5/31/2009 1:54:28 PM - System Checkpoint ==== Installed Programs ====================== 2004 Mahjongg Lite Adobe AIR Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Flash Player 10 ActiveX Adobe Reader 8.1.4 Adobe Shockwave Player 11.5 Advanced Audio FX Engine Advanced Video FX Engine Advanced WindowsCare AiO_Scan_CDA AiOSoftwareNPI AnalogX SuperShredder Anark Client 4 Apple Mobile Device Support Apple Software Update ARP++ Banctec Service Agreement BufferChm C3100 c3100_Help Camera Support Core Library Canon Camera Support Core Library CCleaner (remove only) Creative Software AutoUpdate CustomerResearchQFolder Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Media Experience Dell Support 5.0.0 (630) Dell System Restore Destinations DeviceManagementQFolder Digital Line Detect DirectX for Managed Code Update (December 2004) DocProc DocProcQFolder DriverAgent by TouchStone Software eSupportQFolder Fax_CDA Get High Speed Internet! HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB954550-v5) HP Photosmart Essential HP Update HPPhotoSmartExpress HPProductAssistant ieSpell Inpaint InstantShareDevicesMFC Intel® Extreme Graphics 2 Driver Intel® PRO Network Adapters and Drivers Intel® PROSet for Wired Connections Internet Explorer Default Page Java 6 Update 12 Java 6 Update 5 Java 6 Update 6 Java 6 Update 7 Jing KeyScrambler Learn2 Player (Uninstall Only) MAGIX FunPix Maker 1.0.0.0 (US) Malwarebytes' Anti-Malware MarketResearch McAfee SecurityCenter MFC RunTime files Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Managed DirectX (1126) Microsoft Plus! Digital Media Edition Installer Microsoft Visual C++ 2005 Redistributable Modem Helper Moraff's MomJongg 1.00 Move Networks Media Player for Internet Explorer MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Musicmatch for Windows Media Player Musicmatch -
Unable to get rid of malware,
pattycake replied to pattycake's topic in Resolved Malware Removal Logs
I downloaded updates and ran scan, deleted all files and a restart with another scan..Also a copy of the DDS.txt and the Attach.txt is enclosed. Thank you for you help and patience -
Unable to get rid of malware,
pattycake replied to pattycake's topic in Resolved Malware Removal Logs
Sorry about sending the wrong copy.. These were just done this a.m. Malwarebytes' Anti-Malware 1.37 Database version: 2190 Windows 5.1.2600 Service Pack 3 5/30/2009 8:02:35 AM mbam-log-2009-05-30 (08-02-35).txt Scan type: Quick Scan Objects scanned: 90318 Time elapsed: 2 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 59 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\explore.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\services.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\comploader.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\SYSTEM32\socul.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\SYSTEM32\sodahk.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\SYSTEM32\unsocul.exe (Adware.BHO) -> Delete on reboot. C:\WINDOWS\SYSTEM32\rundll.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\winhost.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\server.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\winupd.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\sksdrvr2.sys (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\svhost.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\winsys.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\csrss.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\SYSTEM32\iexplore.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\SYSTEM32\msupdate.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\SYSTEM32\win32.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\SYSTEM32\msmsgs.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\SYSTEM32\skybot.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Delete on reboot. C:\csrss.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\svchost32.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\0.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\windll.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\smss.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\WINDOWS\SYSTEM32\iexplorer.exe (Trojan.Downloader) -> Delete on reboot. C:\winstall.exe (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\SYSTEM32\klo5.sys (Stolen.Data) -> Delete on reboot. C:\WINDOWS\SYSTEM32\draw32.dll (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\c3.dll (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\cm.dll (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\sdmapi.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\boot32.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\vdnt32.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\memlow.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\c3.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\c4.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\hm.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\wd.sys (Rootkit.Haxdor) -> Delete on reboot. C:\WINDOWS\SYSTEM32\winxp.exe (Backdoor.Poison) -> Delete on reboot. C:\WINDOWS\SYSTEM32\servises.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\msnmsgrs.exe (Trojan.Banker) -> Delete on reboot. C:\hellmsn.exe (Worm.Mytob) -> Delete on reboot. C:\WINDOWS\SYSTEM32\taskgmr32.exe (Worm.Mytob) -> Delete on reboot. C:\WINDOWS\SYSTEM32\svshost.exe (Adware.EasySearch) -> Delete on reboot. C:\WINDOWS\SYSTEM32\censored.exe (Backdoor.Hupigon) -> Delete on reboot. C:\WINDOWS\SYSTEM32\mswins.exe (Backdoor.Sdbot) -> Delete on reboot. C:\WINDOWS\skynetave.exe (Worm.Sasser) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:10:31 AM, on 5/30/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\CapsUnlock\CapsUnlock.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\PROGRA~1\Webshots\webshots.scr C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file) O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: CapsUnlock.lnk = C:\Program Files\CapsUnlock\CapsUnlock.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- -
Unable to get rid of malware. Am using the latest free version This has been going on since Jan. I have ran a full virus scan with McAfee and these are the log files from MB and HJ this.. Please help. Thank you, pat Malwarebytes' Anti-Malware 1.37 Database version: 2190 Windows 5.1.2600 Service Pack 3 5/28/2009 6:46:48 PM mbam-log-2009-05-28 (18-46-33).txt two Scan type: Quick Scan Objects scanned: 88446 Time elapsed: 4 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 59 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\explore.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\services.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\comploader.dll (Adware.BHO) -> No action taken. C:\WINDOWS\SYSTEM32\socul.dll (Adware.BHO) -> No action taken. C:\WINDOWS\SYSTEM32\sodahk.dll (Adware.BHO) -> No action taken. C:\WINDOWS\SYSTEM32\unsocul.exe (Adware.BHO) -> No action taken. C:\WINDOWS\SYSTEM32\rundll.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\winhost.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\server.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\winupd.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\sksdrvr2.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\svhost.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\winsys.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\csrss.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\SYSTEM32\iexplore.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\SYSTEM32\msupdate.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\SYSTEM32\win32.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\SYSTEM32\msmsgs.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\SYSTEM32\skybot.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> No action taken. C:\csrss.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\svchost32.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\0.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\windll.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\smss.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\SYSTEM32\iexplorer.exe (Trojan.Downloader) -> No action taken. C:\winstall.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\SYSTEM32\klo5.sys (Stolen.Data) -> No action taken. C:\WINDOWS\SYSTEM32\draw32.dll (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\c3.dll (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\cm.dll (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\sdmapi.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\boot32.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\vdnt32.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\memlow.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\c3.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\c4.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\hm.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\wd.sys (Rootkit.Haxdor) -> No action taken. C:\WINDOWS\SYSTEM32\winxp.exe (Backdoor.Poison) -> No action taken. C:\WINDOWS\SYSTEM32\servises.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\msnmsgrs.exe (Trojan.Banker) -> No action taken. C:\hellmsn.exe (Worm.Mytob) -> No action taken. C:\WINDOWS\SYSTEM32\taskgmr32.exe (Worm.Mytob) -> No action taken. C:\WINDOWS\SYSTEM32\svshost.exe (Adware.EasySearch) -> No action taken. C:\WINDOWS\SYSTEM32\censored.exe (Backdoor.Hupigon) -> No action taken. C:\WINDOWS\SYSTEM32\mswins.exe (Backdoor.Sdbot) -> No action taken. C:\WINDOWS\skynetave.exe (Worm.Sasser) -> No action taken. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:40:01 PM, on 5/28/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\CapsUnlock\CapsUnlock.exe C:\PROGRA~1\Webshots\webshots.scr C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Outlook Express\MSIMN.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file) O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: CapsUnlock.lnk = C:\Program Files\CapsUnlock\CapsUnlock.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11112 bytes
-
Hi, I've had "Malwarebytes free" installed on my PC for a few months now. When I first used it everything work fine. A couple of months ago it quit deleting the found problems. I use the "Quick Scan" and it says that my computer has to be restarted to complete the removal. After it restarts and I scan again, I have the same 59 problems. Don't know what I'm doing wrong or what step I'm missing. My son has it installed on his Laptop with Vista and it works fine. Would sure appreciate any help available. Thank you, pat