flemzy

in_unread So i got this virus 2 days ago from msn. Its the fake virus scanner Total Security 4.52 I've tried scanning it with Malwarebytes, it helps for a bit..but after restart the virus is back. I dunno what to do now.....pleeeease help So here is the log from Hjackthis thingy. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:43:10, on 25.08.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe C:Program FilesCommon FilesAVerMediaServiceAVerRemote.exe C:Program FilesCommon FilesAVerMediaServiceAVerScheduleService.exe C:Program FilesBonjourmDNSResponder.exe C:Program FilesJavajre6binjqs.exe C:Program FilesCommon FilesAVerMediaFujitsu RCAVerHIDReceiver.exe C:Program FilesATI TechnologiesATI.ACECLI.EXE C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe C:WINDOWSsystem32RunDll32.exe C:Program FilesWinampwinampa.exe C:Program FilesiTunesiTunesHelper.exe C:Program FilesJavajre6binjusched.exe C:Program FilesSweetIMMessengerSweetIM.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesAnti-Virus&TrojanAnti-Virus&Trojan.exe C:Program FilesCommon FilesAVerMediaFujitsu RCAVerQuick.exe C:Program FilesWindows LiveMessengermsnmsgr.exe C:WINDOWSsystem32taskmgr.exe C:Program FilesiPodbiniPodService.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesWindows LiveContactswlcomm.exe C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesTrend MicroHijackThisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://search.bearshare.com/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1061 R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:Program FilesSweetIMToolbarsInternet ExplorermgHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:Program FilesBearShare ApplicationsBearShareBearShareIEHelper.dll O2 - BHO: Windows Live'i sisselogimisabiline - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:Program FilesSweetIMToolbarsInternet ExplorermgToolbarIE.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:Program FilesSweetIMToolbarsInternet ExplorermgToolbarIE.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:Program FilesBearShare ApplicationsBearShare MediaBarBearShareMediaBar.dll O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe" O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM..Run: [skyTel] SkyTel.EXE O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe O4 - HKLM..Run: [iNPROCOMMWireless] C:Program FilesAtherosWirelessUtilityWlanUtil.exe O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe" O4 - HKLM..Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM..Run: [WinampAgent] "C:Program FilesWinampwinampa.exe" O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe" O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe" O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe" O4 - HKLM..Run: [sweetIM] C:Program FilesSweetIMMessengerSweetIM.exe O4 - HKLM..Run: [11475464] C:Documents and SettingsAll UsersApplication Data1147546411475464.exe O4 - HKCU..Run: [MsnMsgr] ~"C:Program FilesWindows LiveMessengermsnmsgr.exe" /background O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE O4 - Global Startup: Anti-Virus&Trojan.lnk = C:Program FilesAnti-Virus&TrojanAnti-Virus&Trojan.exe O4 - Global Startup: AVer HID Receiver.lnk = C:Program FilesCommon FilesAVerMediaFujitsu RCAVerHIDReceiver.exe O4 - Global Startup: Fujitsu RC.lnk = C:Program FilesCommon FilesAVerMediaFujitsu RCAVerQuick.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: AVerRemote - AVerMedia - C:Program FilesCommon FilesAVerMediaServiceAVerRemote.exe O23 - Service: AVerScheduleService - Unknown owner - C:Program FilesCommon FilesAVerMediaServiceAVerScheduleService.exe O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe -- End of file - 8567 bytes ALSO..here is Malwarebytes log ( i did it with Quick Scan and before doing these both logs.. i deleted the *randomnumber*.exe thing from Task Manager, to do Malwarebytes. : Malwarebytes' Anti-Malware 1.40 Database version: 2688 Windows 5.1.2600 Service Pack 2 25.08.2009 17:55:09 mbam-log-2009-08-25 (17-55-09).txt Scan type: Quick Scan Objects scanned: 92432 Time elapsed: 5 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\11475464 (Rogue.Multiple) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Please help me?

Okay. The thing is.. I got a virus from msn 2 days ago..in the middle of the conversation i got a link. (i know i will ask now the other person if he/she sent a link or not) So i couldn't open any exe files..well..i couldn't open anything. Than i found out i could go to internet explorer and there i downloaded Malwarebytes Anti Malware. I did a quick scan with Safe Mode. Restarted and it was all gone. 5-10 minutes passed and the virus is back. Again i had to scan .. it found the same amount of infected files as before. Today i did a full scan with Malwarebytes..after restart still the Total Security virus was back. I've googled and i know you can get to Task Manager through the system32 folder and rename thing and delete the *randomnumber.exe* thing.. But still after restart everything is back to same. What should i do now? Please help me quickly