JesseXXX

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:46:22 PM, on 10/16/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe C:\WINDOWS\System32\alg.exe C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Tall Emu\Online Armor\oahlp.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O1 - Hosts: GIF89a

Thanks for helping Jean MBAM (what/where is this..?) also a HJT log (same, help...not computer literate) oooo, talking about this: Malwarebytes' Anti-Malware 1.28 Database version: 1270 Windows 5.1.2600 Service Pack 3 10/14/2008 8:38:36 PM mbam-log-2008-10-14 (20-38-36).txt Scan type: Full Scan (A:\|C:\|D:\|E:\|) Objects scanned: 150535 Time elapsed: 2 hour(s), 1 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Jesse!\Desktop\AntiVirus2008.JPG (Rogue.Antivirus) -> Quarantined and deleted successfully

Old Thread: http://www.malwarebytes.org/forums/index.php?showtopic=6276 Confused....Malwarebytes fixed the issue, but its back....huh? ... attached is my norton 2009 detection screen image .... I'm running another malwarebytes scan as I type this..... Update: Okay, scan finished, it was removed....again..how can I stop this from happening again...? Below is the scan report: Malwarebytes' Anti-Malware 1.28 Database version: 1270 Windows 5.1.2600 Service Pack 3 10/14/2008 8:38:36 PM mbam-log-2008-10-14 (20-38-36).txt Scan type: Full Scan (A:\|C:\|D:\|E:\|) Objects scanned: 150535 Time elapsed: 2 hour(s), 1 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Jesse!\Desktop\AntiVirus2008.JPG (Rogue.Antivirus) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:40:59 PM, on 9/14/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\alg.exe C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O1 - Hosts: GIF89a

How do I do that....? I know art, cars, guns and gaming....I don't know computers lol ... Also.... how do I add the MalWarebytes logo/link to my signature....I am a believer and wanna add it to my OTHER Blogs signatures...

There IS a God!! Malwarebytes' Anti-Malware 1.28 Database version: 1143 Windows 5.1.2600 Service Pack 3 9/12/2008 10:18:34 PM mbam-log-2008-09-12 (22-18-34).txt Scan type: Full Scan (C:\|) Objects scanned: 142055 Time elapsed: 1 hour(s), 8 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

I have been trying to remove this (Antivirus2008)..... I am NOT a computer person (please don't hit me ) ... I have Norton Internet Security 2008 , all up to date, my XP is up to date...I did ALL the scans possible and NOTHING has worked...please help me!!!! What will remove this and keep me safe.... My XP firewall is On and my Norton has a firewall as well...I must of clicked on a pop-up and BAM! I got hit.... I do NOT download stuff... Thanks in Advance .... Jesse! SoCal