HELP!! Malware removal

[skeyeillum]

Here is the log from Hijack This. Please Advise!!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:22:04 PM, on 11/17/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

G:\WINDOWS\System32\smss.exe

G:\WINDOWS\system32\winlogon.exe

G:\WINDOWS\system32\services.exe

G:\WINDOWS\system32\lsass.exe

e:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

G:\WINDOWS\system32\Ati2evxx.exe

G:\WINDOWS\system32\svchost.exe

G:\WINDOWS\System32\svchost.exe

G:\WINDOWS\system32\svchost.exe

G:\WINDOWS\system32\Ati2evxx.exe

G:\WINDOWS\system32\spoolsv.exe

G:\Program Files\Trend Micro\BM\TMBMSRV.exe

G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

G:\Program Files\Bonjour\mDNSResponder.exe

G:\WINDOWS\system32\CTsvcCDA.exe

G:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe

E:\Program Files\Java\jre6\bin\jqs.exe

G:\WINDOWS\system32\LxrSII1s.exe

G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

G:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

G:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

G:\WINDOWS\system32\svchost.exe

G:\Program Files\Trend Micro\Internet Security\TmProxy.exe

e:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

G:\WINDOWS\Explorer.EXE

G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE

E:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

E:\Program Files\Java\jre6\bin\jusched.exe

G:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe

G:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe

E:\AnyDVD\AnyDVDtray.exe

G:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

G:\Program Files\Messenger\msmsgs.exe

G:\Program Files\Microsoft ActiveSync\wcescomm.exe

G:\WINDOWS\system32\ctfmon.exe

G:\PROGRA~1\MICROS~4\rapimgr.exe

G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

G:\Program Files\iPod\bin\iPodService.exe

E:\Program Files\Java\jre6\bin\jucheck.exe

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {f4a5b33a-56fd-4951-b19e-fd14aa610764} - yoyaheku.dll (file missing)

O4 - HKLM\..\Run: [startCCC] "G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] "G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"

O4 - HKLM\..\Run: [mmtask] "E:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [CTCheck] "G:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe"

O4 - HKLM\..\Run: [ufSeAgnt.exe] "G:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [intuit SyncManager] "G:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe" startup

O4 - HKLM\..\Run: [MSConfig] "G:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto

O4 - HKLM\..\Run: [sutajugoh] "Rundll32.exe" "g:\windows\system32\rokesoza.dll",a

O4 - HKLM\..\Run: [spySweeper] "E:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [AnyDVD] "E:\AnyDVD\AnyDVDtray.exe"

O4 - HKCU\..\Run: [CTSyncU.exe] "G:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "G:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] "G:\WINDOWS\system32\ctfmon.exe"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - G:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://chat.bresnan.com/sdccommon/download/tgctlcm.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1258401804968

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - D:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll

O20 - AppInit_DLLs: g:\windows\system32\rokesoza.dll,danipowu.dll

O21 - SSODL: dumunawon - {0818c7a3-f129-4bd0-adfd-aa77ad4bfb6d} - g:\windows\system32\rokesoza.dll (file missing)

O22 - SharedTaskScheduler: kupuhivus - {0818c7a3-f129-4bd0-adfd-aa77ad4bfb6d} - g:\windows\system32\rokesoza.dll (file missing)

O22 - SharedTaskScheduler: jkshf8a3rudbfa873fudfhbdugf87whjdb - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - (no file)

O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Update Service (gupdate1c9d3777cc23f66) (gupdate1c9d3777cc23f66) - Google Inc. - G:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - G:\WINDOWS\SYSTEM32\LxrSII1s.exe

O23 - Service: QBCFMonitorService - Intuit - G:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - G:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - G:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - G:\Program Files\Common Files\supportsoft\bin\ssrc.exe

O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - G:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - G:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - G:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - e:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - e:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--

End of file - 9256 bytes

[skeyeillum]

Sorry I wasn't thinking when I wrote that. I am trying to get Malwarebytes to run. However everytime that I try to install it something deletes mbab.exe. I have tried the four steps up above without any success.

[screen317]

Hi and welcome to Malwarebytes.

My apologies for the delay. Do you still need help?

-screen317

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!