Mad Dog Vee

So after Comodo was highly recommended nearly everywhere as the best free firewall I grabbed myself a copy and installed both the firewall & AV. I vaguely remember that the Comodo AV doesn't conflict with your regular one (AVG on the machine in question). I ran the AV & on my external HDD which just happened to be still attach it found Foxitcreator_setup.exe to be a TrojWare.Win32.TrojanDropper.Agent.~DB(ID=0xc9a30) Now I am wondering whether this is a false positive (FP, F/P as you lot seem to call them) or whether Foxit really isn't that great. I've never ran this program or at least not that I recall because I discovered it was one of the Foxit pay for tools. I was/am only interested in free or near free downloads. I use Foxit Reader without any problems. I'm guessing and I stress, guessing, that it is a false positive, probably because it carries an optional toolbar or some such. What do you think? Over to you.

Merry Christmas everyone!

Don't knock my platypus. I've been hanging around cos this forum is polite unlike so many others. Though I notice most members just disappear once they have their malware repaired.

I believe I'm clean of Malware, its not that MBAM didn't work, I had a corrupt system disk, a chkdsk in safe, normal or reboot mode would fizzle out but there was something about repairing it in the Lenovo Rescue and Recovery, that seems to have fixed the Malware. I've posted 6 current versions of MBAM logs over here: http://www.malwarebytes.org/forums/index.p...amp;#entry39757. My only worry now is Browser problems so, if someone could just quickly make sure the MBAM logs are accurate and someone could run me down what to do with HiJackThis if anything. The original RSIT log is in the initial post on the other link and the standard HiJackThis is in the most recent post. If there is anyway I can quickly facilitate this please let me know. PS. I know volunteers tend to look for 0 replies in the help thread and that I replied to my own making it appeared worked on but I don't have a lot of patience with my own machines, someone else's on the other hand...(provided they're not looking over my shoulder )

QUICK SAFE Malwarebytes' Anti-Malware 1.31 Database version: 1492 Windows 6.0.6000 12/12/2008 20:36:02 mbam-log-2008-12-12 (20-36-02).txt Scan type: Quick Scan Objects scanned: 45073 Time elapsed: 2 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) FULL SAFE Malwarebytes' Anti-Malware 1.31 Database version: 1492 Windows 6.0.6000 12/12/2008 21:08:26 mbam-log-2008-12-12 (21-08-26).txt Scan type: Full Scan (C:\|) Objects scanned: 131201 Time elapsed: 30 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) QUICK NORMAL Malwarebytes' Anti-Malware 1.31 Database version: 1492 Windows 6.0.6000 12/12/2008 21:17:43 mbam-log-2008-12-12 (21-17-43).txt Scan type: Quick Scan Objects scanned: 47191 Time elapsed: 5 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) FULL NORMAL Malwarebytes' Anti-Malware 1.31 Database version: 1492 Windows 6.0.6000 12/12/2008 22:28:45 mbam-log-2008-12-12 (22-28-45).txt Scan type: Full Scan (C:\|) Objects scanned: 127780 Time elapsed: 1 hour(s), 9 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) QUICK DEVELOPER Malwarebytes' Anti-Malware 1.31 Database version: 1492 Windows 6.0.6000 12/12/2008 22:34:35 mbam-log-2008-12-12 (22-34-35).txt Scan type: Quick Scan Objects scanned: 47219 Time elapsed: 3 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) FULL DEVELOPER Malwarebytes' Anti-Malware 1.31 Database version: 1492 Windows 6.0.6000 12/12/2008 23:52:15 mbam-log-2008-12-12 (23-52-15).txt Scan type: Full Scan (C:\|) Objects scanned: 127866 Time elapsed: 1 hour(s), 14 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HIJACK THIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:53:50, on 12/12/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe C:\Program Files\Lenovo\PM Driver\PMHandler.exe C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System\w98eject.exe C:\Windows\system32\CMD.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: w98Eject.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{D665E2D9-879B-4DFE-8711-49D4750D47B3}: NameServer = 61.9.194.49,61.9.195.193,208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\Apache\bin\httpd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: System Update (SUService) - - c:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- End of file - 9262 bytes

I know a few of us are waiting patiently for the volunteers to get to our logs which I am sure they will in due course, so for those members and any others that wish to contribute to the discussion What Malware prevention tools do you use? I only use freeware MalwareBytes' AntiMalware of course. This little beauty only popped up on my radar recently but its everywhere I turn lately. I got infected, I think by visiting a site that carries game patches, ran MBAM and all delete on reboot but that didn't work, so I am here. A question you may ask is how did I get infected then? I got lax and didn't keep things up to date cos Vista would protect me, that and I forgot to turn UAC back on one time. On my laptop I have Avast! On my current Desktop I have AVG 8 I'm also running CCleaner SpybotSD without TeaTimer (it's a pita) SuperAntiSpyware I also run a multifunction tool called Advanced System Optimizer but that's the only thing besides Windows that is not freeware or shareware use. I currently have on my laptop SmitFraudFix, HiJackThis, rogueRemoverFree, as well as all the above (The AVs being different of course) What tools do you use? Free or paid?

FireFox 3.04 Its more secure than IE6 and its not extremely slow like IE7

Exile360, Tigger93 Thank you. I have posted it here: http://www.malwarebytes.org/forums/index.php?showtopic=8192

If MBAM is ran in Safe Mode it finds nothing. I'm following instructions from this thread: http://www.malwarebytes.org/forums/index.php?showtopic=8155 0. REGULAR MBAM Malwarebytes' Anti-Malware 1.31 Database version: 1464 Windows 6.0.6000 6/12/2008 17:46:38 mbam-log-2008-12-06 (17-46-38).txt Scan type: Quick Scan Objects scanned: 47115 Time elapsed: 4 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 68 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\ProgramData\PC-Antispyware (Rogue.PCAntispyware) -> Delete on reboot. C:\ProgramData\nuvageliqi.bin (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\obyqihyhyn.pif (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\oceme.lib (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\odohyd.bat (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\ogax.dll (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\wesydyho.sys (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\wypoworof.scr (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\zobijut._sy (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\zularanyzo.bat (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\redir.dll (Rogue.SpyGuarder) -> Delete on reboot. C:\ProgramData\spyguarder.exe (Rogue.SpyGuarder) -> Delete on reboot. C:\ProgramData\services\services.dll (Trojan.Agent) -> Delete on reboot. C:\ProgramData\spooll.exe (Trojan.Agent) -> Delete on reboot. C:\ProgramData\Roaming\inst.exe (Trojan.Agent) -> Delete on reboot. C:\ProgramData\temp.dll (Trojan.Agent) -> Delete on reboot. C:\ProgramData\Twain\Twain.exe (Trojan.Agent) -> Delete on reboot. C:\ProgramData\Part Long Boob Idle (Trojan.Agent) -> Delete on reboot. C:\ProgramData\oembios.exe (Trojan.Agent) -> Delete on reboot. C:\ProgramData\Mozilla\Firefox\Profiles\main\browserui.dll (Trojan.Agent) -> Delete on reboot. C:\ProgramData\Mozilla\Firefox\Profiles\main\mt_32.dll (Trojan.Agent) -> Delete on reboot. C:\ProgramData\Mozilla\Firefox\Profiles\main\winload.dll (Trojan.Agent) -> Delete on reboot. C:\ProgramData\Partner\partner.dll (Trojan.Agent) -> Delete on reboot. C:\ProgramData\partner\partner.exe (Trojan.Agent) -> Delete on reboot. C:\ProgramData\WinButler\WinButler.exe (Backdoor.Bot) -> Delete on reboot. C:\ProgramData\wane.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\nazutire.pif (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\pizehacal.reg (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\tazebama\zPharaoh.dat (Worm.Mabezat) -> Delete on reboot. C:\ProgramData\winifixer.exe (Trojan.Agent) -> Delete on reboot. C:\ProgramData\rojad.inf (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\ujysirup.sys (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\zylogi.pif (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\uhybiful.dll (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\utywuwunif.dat (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\ybeqato.com (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\pcant.exe (Trojan.Agent) -> Delete on reboot. C:\ProgramData\szuteved.dll (Trojan.Agent) -> Delete on reboot. C:\ProgramData\Windowsupdate.exe (Trojan.Agent) -> Delete on reboot. C:\ProgramData\spool.exe (Trojan.Agent) -> Delete on reboot. C:\ProgramData\tmfubwny.dll (Trojan.Vundo) -> Delete on reboot. C:\ProgramData\n.ini (Malware.Trace) -> Delete on reboot. C:\ProgramData\uycej.exe (Trojan.Downloader) -> Delete on reboot. C:\ProgramData\ydfjo.exe (Trojan.FakeAlert) -> Delete on reboot. C:\ProgramData\~tmp.html (Malware.Trace) -> Delete on reboot. C:\ProgramData\odbcbase.ocx (Malware.Trace) -> Delete on reboot. C:\ProgramData\ntos.exe (Backdoor.Proxy) -> Delete on reboot. C:\ProgramData\urlredir.cfg (Adware.RightOnAds) -> Delete on reboot. C:\ProgramData\zeve.db (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\zaluwysa.vbs (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\syrux.bat (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\ugirelijo.scr (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\xebywygy._dl (Fake.Dropped.Malware) -> Delete on reboot. C:\ProgramData\syscleaner.exe (Rogue.Installer) -> Delete on reboot. C:\ProgramData\pcpriv.exe (Trojan.FakeAlert) -> Delete on reboot. C:\ProgramData\sysdefender.exe (Trojan.FakeAlert) -> Delete on reboot. C:\ProgramData\tparb.exe (Trojan.FakeAlert) -> Delete on reboot. C:\ProgramData\vhjr.exe (Trojan.Fakealert) -> Delete on reboot. C:\ProgramData\Roaming\Google\visfdw.exe (Trojan.FakeAlert) -> Delete on reboot. C:\ProgramData\ypetehmx\ehspyxcd.exe (Trojan.FakeAlert) -> Delete on reboot. C:\ProgramData\srcss.exe (Trojan.FakeAlert) -> Delete on reboot. C:\ProgramData\scrmss.exe (Trojan.FakeAlert) -> Delete on reboot. C:\ProgramData\shellex.dll (Trojan.FakeAlert) -> Delete on reboot. C:\ProgramData\shellex_old.dll (Trojan.FakeAlert) -> Delete on reboot. C:\ProgramData\zifgfehy.dll (Trojan.FakeAlert) -> Delete on reboot. C:\ProgramData\trant.exe (Trojan.FakeAlert) -> Delete on reboot. C:\ProgramData\wall.htm (Rogue.SunshineSpy) -> Delete on reboot. C:\ProgramData\ppldr.exe (Trojan.FakeAlert) -> Delete on reboot. 1. MBAM /DEVELOPER Malwarebytes' Anti-Malware 1.31 Database version: 1469 Windows 6.0.6000 7/12/2008 22:13:56 mbam-log-2008-12-07 (22-13-56).txt Scan type: Quick Scan Objects scanned: 48276 Time elapsed: 8 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 68 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\ProgramData\PC-Antispyware (Rogue.PCAntispyware) -> Delete on reboot. [3857535134305180728670154936347985748481908866837013013627614983807283667837668 566614936143479857484819088668370] C:\ProgramData\nuvageliqi.bin (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566617986876672707774827415677479] C:\ProgramData\obyqihyhyn.pif (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566618067908274739073907915817471] C:\ProgramData\oceme.lib (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661806870787015777467] C:\ProgramData\odohyd.bat (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 685666180698073906915676685] C:\ProgramData\ogax.dll (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566618072668915697777] C:\ProgramData\wesydyho.sys (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661887084906990738015849084] C:\ProgramData\wypoworof.scr (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 685666188908180888083807115846883] C:\ProgramData\zobijut._sy (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566619180677475868515648490] C:\ProgramData\zularanyzo.bat (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566619186776683667990918015676685] C:\ProgramData\redir.dll (Rogue.SpyGuarder) -> Delete on reboot. [3857535134305180728670155281904086668369708313013627614983807283667837668566618 37069748315697777] C:\ProgramData\spyguarder.exe (Rogue.SpyGuarder) -> Delete on reboot. [3857535134305180728670155281904086668369708313013627614983807283667837668566618 481907286668369708315708970] C:\ProgramData\services\services.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661847083877 468708461847083877468708415697777] C:\ProgramData\spooll.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661848180807 77715708970] C:\ProgramData\Roaming\inst.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661518066787 47972617479848515708970] C:\ProgramData\temp.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661857078811 5697777] C:\ProgramData\Twain\Twain.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661538866747 961538866747915708970] C:\ProgramData\Part Long Boob Idle (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661496683850 14580797201358080670142697770] C:\ProgramData\oembios.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661807078677 4808415708970] C:\ProgramData\Mozilla\Firefox\Profiles\main\browserui.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661468091747 77766613974837071808961498380717477708461786674796167838088847083867415697777] C:\ProgramData\Mozilla\Firefox\Profiles\main\mt_32.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661468091747 777666139748370718089614983807174777084617866747961788564201915697777] C:\ProgramData\Mozilla\Firefox\Profiles\main\winload.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661468091747 7776661397483707180896149838071747770846178667479618874797780666915697777] C:\ProgramData\Partner\partner.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661496683857 97083618166838579708315697777] C:\ProgramData\partner\partner.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661816683857 97083618166838579708315708970] C:\ProgramData\WinButler\WinButler.exe (Backdoor.Bot) -> Delete on reboot. [3857535134303566687669808083153580851301362761498380728366783766856661567479358 6857770836156747935868577708315708970] C:\ProgramData\wane.exe (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566618866797015708970] C:\ProgramData\nazutire.pif (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661796691868574837015817471] C:\ProgramData\pizehacal.reg (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 685666181749170736668667715837072] C:\ProgramData\tazebama\zPharaoh.dat (Worm.Mabezat) -> Delete on reboot. [3857535134305680837815466667709166851301362761498380728366783766856661856691706 766786661914973668366807315696685] C:\ProgramData\winifixer.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661887479747 17489708315708970] C:\ProgramData\rojad.inf (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661838075666915747971] C:\ProgramData\ujysirup.sys (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661867590847483868115849084] C:\ProgramData\zylogi.pif (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 685666191907780727415817471] C:\ProgramData\uhybiful.dll (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661867390677471867715697777] C:\ProgramData\utywuwunif.dat (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566618685908886888679747115696685] C:\ProgramData\ybeqato.com (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566619067708266858015688078] C:\ProgramData\pcant.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661816866798 515708970] C:\ProgramData\szuteved.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661849186857 087706915697777] C:\ProgramData\Windowsupdate.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661567479698 0888486816966857015708970] C:\ProgramData\spool.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661848180807 715708970] C:\ProgramData\tmfubwny.dll (Trojan.Vundo) -> Delete on reboot. [3857535134305383807566791555867969801301362761498380728366783766856661857871866 788799015697777] C:\ProgramData\n.ini (Malware.Trace) -> Delete on reboot. [3857535134304666778866837015538366687013013627614983807283667837668566617915747 974] C:\ProgramData\uycej.exe (Trojan.Downloader) -> Delete on reboot. [3857535134305383807566791537808879778066697083130136276149838072836678376685666 1869068707515708970] C:\ProgramData\ydfjo.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566619 06971758015708970] C:\ProgramData\~tmp.html (Malware.Trace) -> Delete on reboot. [3857535134304666778866837015538366687013013627614983807283667837668566619585788 11573857877] C:\ProgramData\odbcbase.ocx (Malware.Trace) -> Delete on reboot. [3857535134304666778866837015538366687013013627614983807283667837668566618069676 86766847015806889] C:\ProgramData\ntos.exe (Backdoor.Proxy) -> Delete on reboot. [3857535134303566687669808083154983808990130136276149838072836678376685666179858 08415708970] C:\ProgramData\urlredir.cfg (Adware.RightOnAds) -> Delete on reboot. [3857535134303469886683701551747273854879346984130136276149838072836678376685666 1868377837069748315687172] C:\ProgramData\zeve.db (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 685666191708770156967] C:\ProgramData\zaluwysa.vbs (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661916677868890846615876784] C:\ProgramData\syrux.bat (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661849083868915676685] C:\ProgramData\ugirelijo.scr (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 685666186727483707774758015846883] C:\ProgramData\xebywygy._dl (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661897067908890729015646977] C:\ProgramData\syscleaner.exe (Rogue.Installer) -> Delete on reboot. [3857535134305180728670154279848566777770831301362761498380728366783766856661849 0846877706679708315708970] C:\ProgramData\pcpriv.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 1688183748715708970] C:\ProgramData\sysdefender.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 49084697071707969708315708970] C:\ProgramData\tparb.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 58166836715708970] C:\ProgramData\vhjr.exe (Trojan.Fakealert) -> Delete on reboot. [3857535134305383807566791539667670667770838513013627614983807283667837668566618 773758315708970] C:\ProgramData\Roaming\Google\visfdw.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566615 1806678747972614080807277706187748471698815708970] C:\ProgramData\ypetehmx\ehspyxcd.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566619 08170857073788961707384819089686915708970] C:\ProgramData\srcss.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 48368848415708970] C:\ProgramData\scrmss.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 4688378848415708970] C:\ProgramData\shellex.dll (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 473707777708915697777] C:\ProgramData\shellex_old.dll (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 47370777770896480776915697777] C:\ProgramData\zifgfehy.dll (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566619 17471727170739015697777] C:\ProgramData\trant.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 58366798515708970] C:\ProgramData\wall.htm (Rogue.SunshineSpy) -> Delete on reboot. [3857535134305180728670155286798473747970528190130136276149838072836678376685666 18866777715738578] C:\ProgramData\ppldr.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 18177698315708970] 2. PANDA ACTIVE SCAN Congratulations! Today you are not infected. No option about saving a log or anything came up, I think the setup may have changed since the tutorial was written. 3. HIJACK THIS This is a HiJack This log but it was ran with RSIT which also creates another sort of log file. Logfile of random's system information tool 1.04 (written by random/random) Run by MadDogVee at 2008-12-07 09:35:18 Microsoft

The result is the same either way.

Thanks Here's the log Malwarebytes' Anti-Malware 1.31 Database version: 1469 Windows 6.0.6000 7/12/2008 21:16:37 mbam.txt Scan type: Quick Scan Objects scanned: 48276 Time elapsed: 8 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 68 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\ProgramData\PC-Antispyware (Rogue.PCAntispyware) -> No action taken. [3857535134305180728670154936347985748481908866837013013627614983807283667837668 566614936143479857484819088668370] C:\ProgramData\nuvageliqi.bin (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566617986876672707774827415677479] C:\ProgramData\obyqihyhyn.pif (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566618067908274739073907915817471] C:\ProgramData\oceme.lib (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661806870787015777467] C:\ProgramData\odohyd.bat (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 685666180698073906915676685] C:\ProgramData\ogax.dll (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566618072668915697777] C:\ProgramData\wesydyho.sys (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661887084906990738015849084] C:\ProgramData\wypoworof.scr (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 685666188908180888083807115846883] C:\ProgramData\zobijut._sy (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566619180677475868515648490] C:\ProgramData\zularanyzo.bat (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566619186776683667990918015676685] C:\ProgramData\redir.dll (Rogue.SpyGuarder) -> No action taken. [3857535134305180728670155281904086668369708313013627614983807283667837668566618 37069748315697777] C:\ProgramData\spyguarder.exe (Rogue.SpyGuarder) -> No action taken. [3857535134305180728670155281904086668369708313013627614983807283667837668566618 481907286668369708315708970] C:\ProgramData\services\services.dll (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661847083877 468708461847083877468708415697777] C:\ProgramData\spooll.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661848180807 77715708970] C:\ProgramData\Roaming\inst.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661518066787 47972617479848515708970] C:\ProgramData\temp.dll (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661857078811 5697777] C:\ProgramData\Twain\Twain.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661538866747 961538866747915708970] C:\ProgramData\Part Long Boob Idle (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661496683850 14580797201358080670142697770] C:\ProgramData\oembios.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661807078677 4808415708970] C:\ProgramData\Mozilla\Firefox\Profiles\main\browserui.dll (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661468091747 77766613974837071808961498380717477708461786674796167838088847083867415697777] C:\ProgramData\Mozilla\Firefox\Profiles\main\mt_32.dll (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661468091747 777666139748370718089614983807174777084617866747961788564201915697777] C:\ProgramData\Mozilla\Firefox\Profiles\main\winload.dll (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661468091747 7776661397483707180896149838071747770846178667479618874797780666915697777] C:\ProgramData\Partner\partner.dll (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661496683857 97083618166838579708315697777] C:\ProgramData\partner\partner.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661816683857 97083618166838579708315708970] C:\ProgramData\WinButler\WinButler.exe (Backdoor.Bot) -> No action taken. [3857535134303566687669808083153580851301362761498380728366783766856661567479358 6857770836156747935868577708315708970] C:\ProgramData\wane.exe (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566618866797015708970] C:\ProgramData\nazutire.pif (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661796691868574837015817471] C:\ProgramData\pizehacal.reg (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 685666181749170736668667715837072] C:\ProgramData\tazebama\zPharaoh.dat (Worm.Mabezat) -> No action taken. [3857535134305680837815466667709166851301362761498380728366783766856661856691706 766786661914973668366807315696685] C:\ProgramData\winifixer.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661887479747 17489708315708970] C:\ProgramData\rojad.inf (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661838075666915747971] C:\ProgramData\ujysirup.sys (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661867590847483868115849084] C:\ProgramData\zylogi.pif (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 685666191907780727415817471] C:\ProgramData\uhybiful.dll (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661867390677471867715697777] C:\ProgramData\utywuwunif.dat (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566618685908886888679747115696685] C:\ProgramData\ybeqato.com (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 68566619067708266858015688078] C:\ProgramData\pcant.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661816866798 515708970] C:\ProgramData\szuteved.dll (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661849186857 087706915697777] C:\ProgramData\Windowsupdate.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661567479698 0888486816966857015708970] C:\ProgramData\spool.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761498380728366783766856661848180807 715708970] C:\ProgramData\tmfubwny.dll (Trojan.Vundo) -> No action taken. [3857535134305383807566791555867969801301362761498380728366783766856661857871866 788799015697777] C:\ProgramData\n.ini (Malware.Trace) -> No action taken. [3857535134304666778866837015538366687013013627614983807283667837668566617915747 974] C:\ProgramData\uycej.exe (Trojan.Downloader) -> No action taken. [3857535134305383807566791537808879778066697083130136276149838072836678376685666 1869068707515708970] C:\ProgramData\ydfjo.exe (Trojan.FakeAlert) -> No action taken. [3857535134305383807566791539667670347770838513013627614983807283667837668566619 06971758015708970] C:\ProgramData\~tmp.html (Malware.Trace) -> No action taken. [3857535134304666778866837015538366687013013627614983807283667837668566619585788 11573857877] C:\ProgramData\odbcbase.ocx (Malware.Trace) -> No action taken. [3857535134304666778866837015538366687013013627614983807283667837668566618069676 86766847015806889] C:\ProgramData\ntos.exe (Backdoor.Proxy) -> No action taken. [3857535134303566687669808083154983808990130136276149838072836678376685666179858 08415708970] C:\ProgramData\urlredir.cfg (Adware.RightOnAds) -> No action taken. [3857535134303469886683701551747273854879346984130136276149838072836678376685666 1868377837069748315687172] C:\ProgramData\zeve.db (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 685666191708770156967] C:\ProgramData\zaluwysa.vbs (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661916677868890846615876784] C:\ProgramData\syrux.bat (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661849083868915676685] C:\ProgramData\ugirelijo.scr (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 685666186727483707774758015846883] C:\ProgramData\xebywygy._dl (Fake.Dropped.Malware) -> No action taken. [3857535134303966767015378380818170691546667788668370130136276149838072836678376 6856661897067908890729015646977] C:\ProgramData\syscleaner.exe (Rogue.Installer) -> No action taken. [3857535134305180728670154279848566777770831301362761498380728366783766856661849 0846877706679708315708970] C:\ProgramData\pcpriv.exe (Trojan.FakeAlert) -> No action taken. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 1688183748715708970] C:\ProgramData\sysdefender.exe (Trojan.FakeAlert) -> No action taken. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 49084697071707969708315708970] C:\ProgramData\tparb.exe (Trojan.FakeAlert) -> No action taken. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 58166836715708970] C:\ProgramData\vhjr.exe (Trojan.Fakealert) -> No action taken. [3857535134305383807566791539667670667770838513013627614983807283667837668566618 773758315708970] C:\ProgramData\Roaming\Google\visfdw.exe (Trojan.FakeAlert) -> No action taken. [3857535134305383807566791539667670347770838513013627614983807283667837668566615 1806678747972614080807277706187748471698815708970] C:\ProgramData\ypetehmx\ehspyxcd.exe (Trojan.FakeAlert) -> No action taken. [3857535134305383807566791539667670347770838513013627614983807283667837668566619 08170857073788961707384819089686915708970] C:\ProgramData\srcss.exe (Trojan.FakeAlert) -> No action taken. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 48368848415708970] C:\ProgramData\scrmss.exe (Trojan.FakeAlert) -> No action taken. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 4688378848415708970] C:\ProgramData\shellex.dll (Trojan.FakeAlert) -> No action taken. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 473707777708915697777] C:\ProgramData\shellex_old.dll (Trojan.FakeAlert) -> No action taken. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 47370777770896480776915697777] C:\ProgramData\zifgfehy.dll (Trojan.FakeAlert) -> No action taken. [3857535134305383807566791539667670347770838513013627614983807283667837668566619 17471727170739015697777] C:\ProgramData\trant.exe (Trojan.FakeAlert) -> No action taken. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 58366798515708970] C:\ProgramData\wall.htm (Rogue.SunshineSpy) -> No action taken. [3857535134305180728670155286798473747970528190130136276149838072836678376685666 18866777715738578] C:\ProgramData\ppldr.exe (Trojan.FakeAlert) -> No action taken. [3857535134305383807566791539667670347770838513013627614983807283667837668566618 18177698315708970] mbam2.txt mbam2.txt

I'm pretty sure they're not false positives but where would you like me to post the log? In the Malware removal forum? Here? Or where? I've ran it and saved the log, haven't taken "action" yet.

Hi, everyone, I've ran MBAM and found 68 infections. I remove them and reboot. All the actions are listed as delete on reboot. I reboot, run MBAM and all thos infections are back. I've ran other antimalware tools including AVs (Panda and Kaspersky online), SpybotSD, AdAware, SmitFraudFix, CCleaner and usually I get an alert telling me that the said tool is corrupt. So I've got a sneaking suspicion that the malware is disabling tools that can eliminate it. Either that or they are removed and MBAM is reporting false positives. I'm running Windows Vista Home Basic on a Lenovo 3000 c200 laptop and all the malware appears to reside in c:\programdata\ but that folder either appears empty or inaccessible. I'm awaiting assistance on another forum but this behaviour just appears odd to me. It peeves me more so that was my netbanking machine. So suggestions and what not are welcome.