Jump to content

Chris Rankin

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello Everyone, I have been scanning multiple times with Malwarebytes and it keeps finding 1 - 5 infections even after removal and reboot. Now it shows the Mariofev worm. Here is the logs but I researched it and it looks like it will need more done to remove it. Any extra help I can get would be greatly appreciated. Thank you! Malwarebytes' Anti-Malware 1.41 Database version: 3183 Windows 5.1.2600 Service Pack 3 11/16/2009 4:34:23 PM mbam-log-2009-11-16 (16-34-23).txt Scan type: Full Scan (C:\|) Objects scanned: 406307 Time elapsed: 50 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\ServicePackFiles\i386\user32.dll (Virus.Mariofev) -> Quarantined and deleted successfully. C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll (Virus.Mariofev) -> Quarantined and deleted successfully. C:\WINDOWS\$NtServicePackUninstall$\user32.dll (Virus.Mariofev) -> Quarantined and deleted successfully.
  2. I have scanned multiple times with malwarebytes (fully updated) and other anti-spyware software and they still show they have not found any infections now, but yet when I go to google.com or any other website, it occasionally will re-direct to a "spyware infection" website or "windowsclick" website. I also have checked my hosts file, and nothing shows signs of parasites in there. How can I get rid of this? malwarebytes, HijackThis seem to not find anything now? Here is my HijackThis Log below. Any help would be appreciated. Thanks! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:56:56 AM, on 11/16/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\SAAZOD\SAAZDPMACTL.EXE C:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exe C:\PROGRA~1\SAAZOD\SAAZScheduler.exe C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Acronis\TrueImageServer\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageServer\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Panasonic\UserUtility\ScannerIndicator.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\RMClient\PMCTray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\PROGRA~1\SAAZOD\RMHLPDSK.exe C:\Documents and Settings\cmott\Desktop\Hello.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageServer\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageServer\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sBAMTray] C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - Global Startup: ScannerIndicator.lnk = C:\Program Files\Panasonic\UserUtility\ScannerIndicator.exe O4 - Global Startup: SmartDeviceMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/ O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1257894497071 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - http://ks.clearfocus.net/inc/kaxRemote.dll O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://asp.ntst.com/ASP/WSRC2006/plugins/j...dows-i586-p.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ntst.webex.com/client/v_mywebex-t20...ent/ieatgpc.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OFFICE.CFCS.NET O17 - HKLM\Software\..\Telephony: DomainName = OFFICE.CFCS.NET O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = OFFICE.CFCS.NET O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 147.56.140.16 147.56.140.18 O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: Intel
  3. I have scanned multiple times with malwarebytes (fully updated) and other anti-spyware software and they still show they have not found any infections now, but yet when I go to google.com or any other website, it occasionally will re-direct to a "spyware infection" website or "windowsclick" website. How can I get rid of this? malwarebytes, HijackThis seem to not find anything now. Any help would be appreciated. Thanks! Chris
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.