Desda

It seems like people who ask for help in the forum sometimes go ignored. I thought there was some sort of priority system implemented here, but apparently not.

Sorry for the 'bump' but I'm just posting the results of my full system scan. Computer 1 - Log#2: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4131 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 05/22/2010 10:50:42 PM mbam-log-2010-05-22 (22-50-42).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 228473 Time elapsed: 1 hour(s), 7 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{94ED2A7A-95C7-4B10-829D-F6E0C8983663}\RP965\A0747920.exe (Worm.Magania) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{94ED2A7A-95C7-4B10-829D-F6E0C8983663}\RP965\A0748756.exe (Worm.Magania) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{94ED2A7A-95C7-4B10-829D-F6E0C8983663}\RP965\A0749756.exe (Worm.Magania) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{94ED2A7A-95C7-4B10-829D-F6E0C8983663}\RP976\A0761352.exe (Trojan.Backdoor) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{94ED2A7A-95C7-4B10-829D-F6E0C8983663}\RP965\A0747922.exe (Worm.Magania) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{94ED2A7A-95C7-4B10-829D-F6E0C8983663}\RP965\A0747924.exe (Worm.Magania) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{94ED2A7A-95C7-4B10-829D-F6E0C8983663}\RP970\A0752792.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{94ED2A7A-95C7-4B10-829D-F6E0C8983663}\RP971\A0752845.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. For Computer 2, nothing was detected :/ So is it safe now? And I'm posting this from Computer 1 - I had to log in...so is my password for this site running a risk of being discovered too? Is it safe for me to log in my email and stuff from this computer? I don't know if the person who hacked my game account was just after that or...like, knows all my confidential information now. I changed my pass for a lot of things after I found my items in game missing a few days ago...but the viruses and threats weren't removed and since them i've logged on my email and stuff from this computer. Thanks!

I was recommended to DL malwarebytes and I did. I ran a scan...on both my computers. It's saying I have stuff like "spyware.onlinegames" and I made sure all the boxes were checked and then clicked remove. (Basically, I got hacked on my Maplestory account a few days ago. I want to get rid of everything bad and be sure that I can log into my game safely without someone watching what I'm typing for a password or something. I have no idea how they managed to get into my account because I've never been on suspicious websites or DL'd something weird or shared my info.) Please help! Sorry I'm very new to this and very confused. Thanks everyone! Computer 2 - Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4131 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 5/22/2010 6:07:19 PM mbam-log-2010-05-22 (18-07-19).txt Scan type: Quick scan Objects scanned: 147021 Time elapsed: 17 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 5 Registry Values Infected: 6 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\Tencent\SSPlus\SSup.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{669751ed-d558-49ae-b01a-3b374cc7910e} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{669751ed-d558-49ae-b01a-3b374cc7910e} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{669751ed-d558-49ae-b01a-3b374cc7910e} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a49f431-2a2e-41a5-9080-0f41d1a3aec2} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\TBH (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0c7c23ef-a848-485b-873c-0ed954731014} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{669751ed-d558-49ae-b01a-3b374cc7910e} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{a57e074f-56d8-4a33-8112-aac9693aa909} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stup.exe (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Tencent\SSPlus\SSup.dll (Trojan.Agent) -> Delete on reboot. C:\Program Files\Tencent\SSPlus\Stup.exe (Trojan.Agent) -> Quarantined and deleted successfully. Computer 1 - Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4131 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 05/22/2010 5:43:15 PM mbam-log-2010-05-22 (17-43-15).txt Scan type: Quick scan Objects scanned: 125556 Time elapsed: 10 minute(s), 0 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 2 Files Infected: 3 Memory Processes Infected: C:\Program Files\Common Files\Sogou PXP\p2psvr.exe (Trojan.BHO) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{3084bc3d-c0d6-4a28-a8a4-5857165886ee} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0c7c23ef-a848-485b-873c-0ed954731014} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p4p service (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Sohu R&D (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dso32 (Spyware.OnlineGames) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Common Files\Sogou PXP (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Common Files\Sogou PXP\p2psvr.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Admin\Local Settings\Temp\dsoqq1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

The above is the log and pic for my second computer. --- Here is the log and pic for my first computer - the one that my account was hacked on... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4131 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 05/22/2010 5:43:15 PM mbam-log-2010-05-22 (17-43-15).txt Scan type: Quick scan Objects scanned: 125556 Time elapsed: 10 minute(s), 0 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 2 Files Infected: 3 Memory Processes Infected: C:\Program Files\Common Files\Sogou PXP\p2psvr.exe (Trojan.BHO) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{3084bc3d-c0d6-4a28-a8a4-5857165886ee} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0c7c23ef-a848-485b-873c-0ed954731014} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p4p service (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Sohu R&D (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dso32 (Spyware.OnlineGames) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Common Files\Sogou PXP (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Common Files\Sogou PXP\p2psvr.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Admin\Local Settings\Temp\dsoqq1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

like..is my computer safe now? Picture before I clicked "remove"

How do I edit my post? I don't see the button. Sorry. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4131 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 5/22/2010 6:07:19 PM mbam-log-2010-05-22 (18-07-19).txt Scan type: Quick scan Objects scanned: 147021 Time elapsed: 17 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 5 Registry Values Infected: 6 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\Tencent\SSPlus\SSup.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{669751ed-d558-49ae-b01a-3b374cc7910e} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{669751ed-d558-49ae-b01a-3b374cc7910e} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{669751ed-d558-49ae-b01a-3b374cc7910e} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a49f431-2a2e-41a5-9080-0f41d1a3aec2} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\TBH (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0c7c23ef-a848-485b-873c-0ed954731014} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{669751ed-d558-49ae-b01a-3b374cc7910e} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{a57e074f-56d8-4a33-8112-aac9693aa909} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stup.exe (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Tencent\SSPlus\SSup.dll (Trojan.Agent) -> Delete on reboot. C:\Program Files\Tencent\SSPlus\Stup.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Hi everyone, I'm new to this forum. I was recommended to DL malwarebytes and I did. I ran a scan on my other computer and now it's restarting. I'm currently running a scan on this computer. It's saying I have stuff like "spyware.onlinegames" and I made sure all the boxes were checked and then clicked remove. Should I post up the log? Basically, I got hacked on my Maplestory account a few days ago. I want to get rid of everything bad and be sure that I can log into my game safely without someone watching what I'm typing for a password or something. I have no idea how they managed to get into my account because I've never been on suspicious websites or DL'd something weird or shared my info. Sorry I'm very new to this and very confused. Thanks everyone!