Jump to content

I was infected...now I'm not...I think


Recommended Posts

Hello. I believe I have a unusual problem. I tried to update to MBAM 1.51.1800, and I couldn't open it after I installed it. I tried Sandboxie, I tried the first 6 or 7 things on the Malware Removal Guides and Self Help Guides page, I ran Mcaffe, AVG, Microsoft security, Microsoft Malicious Software Removal Tool, Spybot, Housecall, nothing helped. Finally, I downloaded MBAM from another computer onto a flash drive, and tried running it from there.Would not open. I deleted MBAM off the flashdrive, and one piece would not delete. So, I was going to try the Alternate Methods of Starting Malwarebytes, so I downloaded it again. This time it opened. So I first signed up for the free 14 day trial of MBAM Pro, then ran a quick scan, a flash scan, then a full scan. Didn't find anything. So, am I safe? My wife got a notice from PayPal that her password has been compromised, and can't do anything on there. That was before I got MBAM to work. Here's the scan results:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7340

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/31/2011 3:11:05 PM

mbam-log-2011-07-31 (15-11-05).txt

Scan type: Quick scan

Objects scanned: 181533

Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7340

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/31/2011 3:13:54 PM

mbam-log-2011-07-31 (15-13-54).txt

Scan type: Flash scan

Objects scanned: 128423

Time elapsed: 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7340

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/31/2011 4:26:56 PM

mbam-log-2011-07-31 (16-26-56).txt

Scan type: Full scan (H:\|)

Objects scanned: 283741

Time elapsed: 1 hour(s), 7 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HijackThis scan:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:44:25 PM, on 7/31/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

h:\Program Files\Microsoft Security Essentials\MsMpEng.exe

H:\Program Files\Sandboxie\SbieSvc.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\AVG\AVG9\avgchsvx.exe

H:\Program Files\AVG\AVG9\avgrsx.exe

H:\WINDOWS\system32\spoolsv.exe

H:\Program Files\AVG\AVG9\avgcsrvx.exe

H:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

H:\Program Files\AVG\AVG9\avgwdsvc.exe

H:\WINDOWS\system32\cisvc.exe

H:\WINDOWS\eHome\ehRecvr.exe

H:\WINDOWS\eHome\ehSched.exe

H:\WINDOWS\System32\svchost.exe

H:\Program Files\Java\jre6\bin\jqs.exe

H:\Program Files\Google\Update\GoogleUpdate.exe

H:\Program Files\AVG\AVG9\avgnsx.exe

H:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

H:\Program Files\McAfee\SiteAdvisor\McSACore.exe

H:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

H:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\system32\rundll32.exe

H:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

H:\Program Files\McAfee.com\Agent\mcagent.exe

H:\WINDOWS\system32\mfevtps.exe

H:\Program Files\Logitech\SetPointP\SetPoint.exe

H:\Program Files\Common Files\Java\Java Update\jusched.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Program Files\Sandboxie\SbieCtrl.exe

H:\WINDOWS\system32\java.exe

H:\Program Files\Windows Media Player\WMPNSCFG.exe

H:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

H:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe

H:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

h:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

H:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

H:\Program Files\Memeo\AutoBackup\InstantBackup.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\AVG\AVG9\avgemc.exe

H:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

H:\Program Files\AVG\AVG9\avgcsrvx.exe

H:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

H:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

H:\WINDOWS\system32\SearchIndexer.exe

H:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

H:\WINDOWS\system32\dllhost.exe

H:\Program Files\Mozilla Firefox\firefox.exe

H:\WINDOWS\system32\cidaemon.exe

H:\Program Files\Mozilla Firefox\plugin-container.exe

H:\Malwarebytes' Anti-Malware\mbamservice.exe

H:\Malwarebytes' Anti-Malware\mbamgui.exe

H:\Program Files\McAfee\VirusScan\mcods.exe

H:\Documents and Settings\All Users\Start Menu\Programs\Accessories\wordpad.exe

H:\Program Files\Microsoft Security Essentials\msseces.exe

H:\Malwarebytes' Anti-Malware\mbam.exe

H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

H:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - h:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - H:\Program Files\Search Toolbar\tbhelper.dll

R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - H:\Program Files\Vuze_Remote\prxtbVuz2.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - H:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110510221029.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - H:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - h:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - H:\Program Files\Vuze_Remote\prxtbVuz2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - H:\Program Files\Search Toolbar\tbcore3.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - h:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - H:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - H:\Program Files\Search Toolbar\tbcore3.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - H:\Program Files\Vuze_Remote\prxtbVuz2.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files\ConduitEngine\prxConduitEngine.dll

O4 - HKLM\..\Run: [LXCGCATS] rundll32 H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Memeo Instant Backup] H:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

O4 - HKLM\..\Run: [seagate Dashboard] H:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

O4 - HKLM\..\Run: [NUSB3MON] "H:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mcui_exe] "H:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [EvtMgr6] H:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "H:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON NX125 NX127 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGA.EXE /FU "H:\WINDOWS\TEMP\E_S105E.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [sandboxieControl] "H:\Program Files\Sandboxie\SbieCtrl.exe"

O4 - HKCU\..\Run: [WMPNSCFG] H:\Program Files\Windows Media Player\WMPNSCFG.exe

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259206347796

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4E953EFB-1747-4785-B250-48B5FB0D5AB0}: NameServer = 68.105.28.11,68.105.29.11

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - h:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - h:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - Winlogon Notify: Antiwpa - wpa.dll (file missing)

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - H:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - H:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - H:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

O23 - Service: lxcg_device - - H:\WINDOWS\system32\lxcgcoms.exe

O23 - Service: MBAMService - Malwarebytes Corporation - H:\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - H:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - H:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - H:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - H:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - H:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - H:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - H:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - H:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - H:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: MemeoBackgroundService - Memeo - H:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - H:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - H:\WINDOWS\system32\mfevtps.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - H:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - H:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - H:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe

O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - H:\Program Files\Sandboxie\SbieSvc.exe

O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - H:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

--

End of file - 13210 bytes

Somebody please help, thank you

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.