Jump to content

MBAM removes malware on reboot, rerun and they're back


Recommended Posts

If MBAM is ran in Safe Mode it finds nothing. I'm following instructions from this thread: http://www.malwarebytes.org/forums/index.php?showtopic=8155

0. REGULAR MBAM

Malwarebytes' Anti-Malware 1.31

Database version: 1464

Windows 6.0.6000

6/12/2008 17:46:38

mbam-log-2008-12-06 (17-46-38).txt

Scan type: Quick Scan

Objects scanned: 47115

Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 68

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\ProgramData\PC-Antispyware (Rogue.PCAntispyware) -> Delete on reboot.

C:\ProgramData\nuvageliqi.bin (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\obyqihyhyn.pif (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\oceme.lib (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\odohyd.bat (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\ogax.dll (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\wesydyho.sys (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\wypoworof.scr (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\zobijut._sy (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\zularanyzo.bat (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\redir.dll (Rogue.SpyGuarder) -> Delete on reboot.

C:\ProgramData\spyguarder.exe (Rogue.SpyGuarder) -> Delete on reboot.

C:\ProgramData\services\services.dll (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\spooll.exe (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\Roaming\inst.exe (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\temp.dll (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\Twain\Twain.exe (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\Part Long Boob Idle (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\oembios.exe (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\Mozilla\Firefox\Profiles\main\browserui.dll (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\Mozilla\Firefox\Profiles\main\mt_32.dll (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\Mozilla\Firefox\Profiles\main\winload.dll (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\Partner\partner.dll (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\partner\partner.exe (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\WinButler\WinButler.exe (Backdoor.Bot) -> Delete on reboot.

C:\ProgramData\wane.exe (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\nazutire.pif (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\pizehacal.reg (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\tazebama\zPharaoh.dat (Worm.Mabezat) -> Delete on reboot.

C:\ProgramData\winifixer.exe (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\rojad.inf (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\ujysirup.sys (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\zylogi.pif (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\uhybiful.dll (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\utywuwunif.dat (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\ybeqato.com (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\pcant.exe (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\szuteved.dll (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\Windowsupdate.exe (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\spool.exe (Trojan.Agent) -> Delete on reboot.

C:\ProgramData\tmfubwny.dll (Trojan.Vundo) -> Delete on reboot.

C:\ProgramData\n.ini (Malware.Trace) -> Delete on reboot.

C:\ProgramData\uycej.exe (Trojan.Downloader) -> Delete on reboot.

C:\ProgramData\ydfjo.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\ProgramData\~tmp.html (Malware.Trace) -> Delete on reboot.

C:\ProgramData\odbcbase.ocx (Malware.Trace) -> Delete on reboot.

C:\ProgramData\ntos.exe (Backdoor.Proxy) -> Delete on reboot.

C:\ProgramData\urlredir.cfg (Adware.RightOnAds) -> Delete on reboot.

C:\ProgramData\zeve.db (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\zaluwysa.vbs (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\syrux.bat (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\ugirelijo.scr (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\xebywygy._dl (Fake.Dropped.Malware) -> Delete on reboot.

C:\ProgramData\syscleaner.exe (Rogue.Installer) -> Delete on reboot.

C:\ProgramData\pcpriv.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\ProgramData\sysdefender.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\ProgramData\tparb.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\ProgramData\vhjr.exe (Trojan.Fakealert) -> Delete on reboot.

C:\ProgramData\Roaming\Google\visfdw.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\ProgramData\ypetehmx\ehspyxcd.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\ProgramData\srcss.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\ProgramData\scrmss.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\ProgramData\shellex.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\ProgramData\shellex_old.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\ProgramData\zifgfehy.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\ProgramData\trant.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\ProgramData\wall.htm (Rogue.SunshineSpy) -> Delete on reboot.

C:\ProgramData\ppldr.exe (Trojan.FakeAlert) -> Delete on reboot.

1. MBAM /DEVELOPER

Malwarebytes' Anti-Malware 1.31

Database version: 1469

Windows 6.0.6000

7/12/2008 22:13:56

mbam-log-2008-12-07 (22-13-56).txt

Scan type: Quick Scan

Objects scanned: 48276

Time elapsed: 8 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 68

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\ProgramData\PC-Antispyware (Rogue.PCAntispyware) -> Delete on reboot. [3857535134305180728670154936347985748481908866837013013627614983807283667837668

566614936143479857484819088668370]

C:\ProgramData\nuvageliqi.bin (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

68566617986876672707774827415677479]

C:\ProgramData\obyqihyhyn.pif (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

68566618067908274739073907915817471]

C:\ProgramData\oceme.lib (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

6856661806870787015777467]

C:\ProgramData\odohyd.bat (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

685666180698073906915676685]

C:\ProgramData\ogax.dll (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

68566618072668915697777]

C:\ProgramData\wesydyho.sys (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

6856661887084906990738015849084]

C:\ProgramData\wypoworof.scr (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

685666188908180888083807115846883]

C:\ProgramData\zobijut._sy (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

68566619180677475868515648490]

C:\ProgramData\zularanyzo.bat (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

68566619186776683667990918015676685]

C:\ProgramData\redir.dll (Rogue.SpyGuarder) -> Delete on reboot. [3857535134305180728670155281904086668369708313013627614983807283667837668566618

37069748315697777]

C:\ProgramData\spyguarder.exe (Rogue.SpyGuarder) -> Delete on reboot. [3857535134305180728670155281904086668369708313013627614983807283667837668566618

481907286668369708315708970]

C:\ProgramData\services\services.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661847083877

468708461847083877468708415697777]

C:\ProgramData\spooll.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661848180807

77715708970]

C:\ProgramData\Roaming\inst.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661518066787

47972617479848515708970]

C:\ProgramData\temp.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661857078811

5697777]

C:\ProgramData\Twain\Twain.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661538866747

961538866747915708970]

C:\ProgramData\Part Long Boob Idle (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661496683850

14580797201358080670142697770]

C:\ProgramData\oembios.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661807078677

4808415708970]

C:\ProgramData\Mozilla\Firefox\Profiles\main\browserui.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661468091747

77766613974837071808961498380717477708461786674796167838088847083867415697777]

C:\ProgramData\Mozilla\Firefox\Profiles\main\mt_32.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661468091747

777666139748370718089614983807174777084617866747961788564201915697777]

C:\ProgramData\Mozilla\Firefox\Profiles\main\winload.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661468091747

7776661397483707180896149838071747770846178667479618874797780666915697777]

C:\ProgramData\Partner\partner.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661496683857

97083618166838579708315697777]

C:\ProgramData\partner\partner.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661816683857

97083618166838579708315708970]

C:\ProgramData\WinButler\WinButler.exe (Backdoor.Bot) -> Delete on reboot. [3857535134303566687669808083153580851301362761498380728366783766856661567479358

6857770836156747935868577708315708970]

C:\ProgramData\wane.exe (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

68566618866797015708970]

C:\ProgramData\nazutire.pif (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

6856661796691868574837015817471]

C:\ProgramData\pizehacal.reg (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

685666181749170736668667715837072]

C:\ProgramData\tazebama\zPharaoh.dat (Worm.Mabezat) -> Delete on reboot. [3857535134305680837815466667709166851301362761498380728366783766856661856691706

766786661914973668366807315696685]

C:\ProgramData\winifixer.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661887479747

17489708315708970]

C:\ProgramData\rojad.inf (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

6856661838075666915747971]

C:\ProgramData\ujysirup.sys (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

6856661867590847483868115849084]

C:\ProgramData\zylogi.pif (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

685666191907780727415817471]

C:\ProgramData\uhybiful.dll (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

6856661867390677471867715697777]

C:\ProgramData\utywuwunif.dat (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

68566618685908886888679747115696685]

C:\ProgramData\ybeqato.com (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

68566619067708266858015688078]

C:\ProgramData\pcant.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661816866798

515708970]

C:\ProgramData\szuteved.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661849186857

087706915697777]

C:\ProgramData\Windowsupdate.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661567479698

0888486816966857015708970]

C:\ProgramData\spool.exe (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761498380728366783766856661848180807

715708970]

C:\ProgramData\tmfubwny.dll (Trojan.Vundo) -> Delete on reboot. [3857535134305383807566791555867969801301362761498380728366783766856661857871866

788799015697777]

C:\ProgramData\n.ini (Malware.Trace) -> Delete on reboot. [3857535134304666778866837015538366687013013627614983807283667837668566617915747

974]

C:\ProgramData\uycej.exe (Trojan.Downloader) -> Delete on reboot. [3857535134305383807566791537808879778066697083130136276149838072836678376685666

1869068707515708970]

C:\ProgramData\ydfjo.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566619

06971758015708970]

C:\ProgramData\~tmp.html (Malware.Trace) -> Delete on reboot. [3857535134304666778866837015538366687013013627614983807283667837668566619585788

11573857877]

C:\ProgramData\odbcbase.ocx (Malware.Trace) -> Delete on reboot. [3857535134304666778866837015538366687013013627614983807283667837668566618069676

86766847015806889]

C:\ProgramData\ntos.exe (Backdoor.Proxy) -> Delete on reboot. [3857535134303566687669808083154983808990130136276149838072836678376685666179858

08415708970]

C:\ProgramData\urlredir.cfg (Adware.RightOnAds) -> Delete on reboot. [3857535134303469886683701551747273854879346984130136276149838072836678376685666

1868377837069748315687172]

C:\ProgramData\zeve.db (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

685666191708770156967]

C:\ProgramData\zaluwysa.vbs (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

6856661916677868890846615876784]

C:\ProgramData\syrux.bat (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

6856661849083868915676685]

C:\ProgramData\ugirelijo.scr (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

685666186727483707774758015846883]

C:\ProgramData\xebywygy._dl (Fake.Dropped.Malware) -> Delete on reboot. [3857535134303966767015378380818170691546667788668370130136276149838072836678376

6856661897067908890729015646977]

C:\ProgramData\syscleaner.exe (Rogue.Installer) -> Delete on reboot. [3857535134305180728670154279848566777770831301362761498380728366783766856661849

0846877706679708315708970]

C:\ProgramData\pcpriv.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618

1688183748715708970]

C:\ProgramData\sysdefender.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618

49084697071707969708315708970]

C:\ProgramData\tparb.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618

58166836715708970]

C:\ProgramData\vhjr.exe (Trojan.Fakealert) -> Delete on reboot. [3857535134305383807566791539667670667770838513013627614983807283667837668566618

773758315708970]

C:\ProgramData\Roaming\Google\visfdw.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566615

1806678747972614080807277706187748471698815708970]

C:\ProgramData\ypetehmx\ehspyxcd.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566619

08170857073788961707384819089686915708970]

C:\ProgramData\srcss.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618

48368848415708970]

C:\ProgramData\scrmss.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618

4688378848415708970]

C:\ProgramData\shellex.dll (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618

473707777708915697777]

C:\ProgramData\shellex_old.dll (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618

47370777770896480776915697777]

C:\ProgramData\zifgfehy.dll (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566619

17471727170739015697777]

C:\ProgramData\trant.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618

58366798515708970]

C:\ProgramData\wall.htm (Rogue.SunshineSpy) -> Delete on reboot. [3857535134305180728670155286798473747970528190130136276149838072836678376685666

18866777715738578]

C:\ProgramData\ppldr.exe (Trojan.FakeAlert) -> Delete on reboot. [3857535134305383807566791539667670347770838513013627614983807283667837668566618

18177698315708970]

2. PANDA ACTIVE SCAN

Congratulations! Today you are not infected. No option about saving a log or anything came up, I think the setup may have changed since the tutorial was written.

3. HIJACK THIS

This is a HiJack This log but it was ran with RSIT which also creates another sort of log file.

Logfile of random's system information tool 1.04 (written by random/random)

Run by MadDogVee at 2008-12-07 09:35:18

Microsoft

Link to post
Share on other sites

QUICK SAFE

Malwarebytes' Anti-Malware 1.31

Database version: 1492

Windows 6.0.6000

12/12/2008 20:36:02

mbam-log-2008-12-12 (20-36-02).txt

Scan type: Quick Scan

Objects scanned: 45073

Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

FULL SAFE

Malwarebytes' Anti-Malware 1.31

Database version: 1492

Windows 6.0.6000

12/12/2008 21:08:26

mbam-log-2008-12-12 (21-08-26).txt

Scan type: Full Scan (C:\|)

Objects scanned: 131201

Time elapsed: 30 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

QUICK NORMAL

Malwarebytes' Anti-Malware 1.31

Database version: 1492

Windows 6.0.6000

12/12/2008 21:17:43

mbam-log-2008-12-12 (21-17-43).txt

Scan type: Quick Scan

Objects scanned: 47191

Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

FULL NORMAL

Malwarebytes' Anti-Malware 1.31

Database version: 1492

Windows 6.0.6000

12/12/2008 22:28:45

mbam-log-2008-12-12 (22-28-45).txt

Scan type: Full Scan (C:\|)

Objects scanned: 127780

Time elapsed: 1 hour(s), 9 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

QUICK DEVELOPER

Malwarebytes' Anti-Malware 1.31

Database version: 1492

Windows 6.0.6000

12/12/2008 22:34:35

mbam-log-2008-12-12 (22-34-35).txt

Scan type: Quick Scan

Objects scanned: 47219

Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

FULL DEVELOPER

Malwarebytes' Anti-Malware 1.31

Database version: 1492

Windows 6.0.6000

12/12/2008 23:52:15

mbam-log-2008-12-12 (23-52-15).txt

Scan type: Full Scan (C:\|)

Objects scanned: 127866

Time elapsed: 1 hour(s), 14 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HIJACK THIS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:53:50, on 12/12/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

C:\Program Files\Lenovo\PM Driver\PMHandler.exe

C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System\w98eject.exe

C:\Windows\system32\CMD.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe

O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe

O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: w98Eject.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{D665E2D9-879B-4DFE-8711-49D4750D47B3}: NameServer = 61.9.194.49,61.9.195.193,208.67.222.222,208.67.220.220

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Apache\bin\httpd.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: System Update (SUService) - - c:\Program Files\Lenovo\System Update\SUService.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--

End of file - 9262 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.