Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Scratching my head, can't find Malware in my PC

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Scratching my head, can't find Malware in my PC

Unread postby spankyjo54 » December 25th, 2008, 7:43 pm

Sorry for the long response. I almost got to spend Christmas in the hospital with my son who became very ill and had to have surgery. He is home now and we got here last night.
OK. I did do the Jotti thing, it did a scan and found nothing. sooooo, I guess I am looking for something that is not there. Nothing new for me. Thanks for your help though. My PC seems to be working fine. I will worry about problems as they arise. I did get "Viper" by Sunbelt and really like it. I have it set to the hilt so, if anything gets through, it will be an unknown infection or new enough that Sunbelt does not have the cure yet.
Thanks, A Barton
spankyjo54
Active Member
 
Posts: 13
Joined: December 6th, 2008, 2:58 am
Advertisement
Register to Remove

Re: Scratching my head, can't find Malware in my PC

Unread postby chryssi2001 » December 26th, 2008, 4:20 am

Hello spankyjo54,

Sorry for the long response. I almost got to spend Christmas in the hospital with my son who became very ill and had to have surgery. He is home now and we got here last night.

Best wishes to your son for a speedy recovery.
----------------------------------------------
Glad the file you uploaded to Jotti is clean too.
----------------------------------------------
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Scratching my head, can't find Malware in my PC

Unread postby spankyjo54 » December 27th, 2008, 2:59 am

Here you go. All the dirty little critters in my PC. I will quarantine them as of now until you get back to me. I knew that Win web was still in my system somewhere and the first time I scanned with Mal-ware it couldn't find it. Looks like the updates caught up with it and got into its hiding space. I think those files I am going to delete for sure. That Pop up Piece of crap about drove me crazy. Try to get some work done and there it is, popping up constantly and trying to scare me into paying them for a bogus piece of software. I just don't have a clue where I got it. I had just Format and reloaded so I had to have gotten it off the net on a web page somewhere because I had not started downloading anything but my MS updates when it showed up. Tricky little piece of annoyance anyhow!!!! And I did have my antivirus up and running at the time too, but was not happy it didn't catch it so bought a different one that I am (so far) very happy with.
Thanks. spankyjo54 :D

Malwarebytes' Anti-Malware 1.31
Database version: 1550
Windows 5.1.2600 Service Pack 3

12/26/2008 11:46:36 PM
mbam-log-2008-12-26 (23-46-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 148908
Time elapsed: 47 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d5df7c9d-6069-4552-8b0c-d02a912fc889} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5df7c9d-6069-4552-8b0c-d02a912fc889} (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP35\A0012084.exe (Rogue.Winweb) -> No action taken.
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP35\A0012085.exe (Rogue.Winweb) -> No action taken.
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP38\A0014338.exe (Rogue.Winweb) -> No action taken.
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP47\A0018045.exe (Rogue.Winweb) -> No action taken.
spankyjo54
Active Member
 
Posts: 13
Joined: December 6th, 2008, 2:58 am

Re: Scratching my head, can't find Malware in my PC

Unread postby chryssi2001 » December 27th, 2008, 4:02 am

Hello spnkyjo54,

And I did have my antivirus up and running at the time too, but was not happy it didn't catch it so bought a different one that I am (so far) very happy with

Anti-virus only cannot protect you from all malware. It works purely on virusses.

You need also a good Anti-Spyware program which you can run on demand.
(I will propose some when we are done, after i am sure you are clean)

Malwarebytes' Anti-Malware is a very good program, i suggest you keep it, and you can have the paid version if you like. It does a very good work with removing infections.

Avoid using P2P programs, and surfing at suspicious sites, clicking on suspicious links, opening email from unknown persons, etc will for sure protect you in future.

Practice safe surfing in the net it's on the best of your pc.
----------------------------------------------
Disable Windows Defender until the computer is clean
Windows Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

  • Open Windows Defender
  • Select Tools and then General Settings
  • Under Real Time Protection Options uncheck Turn on real-time protection
  • Select Save
Don't forget to re-enable it, when your computer is clean.
----------------------------------------------
You didn't follow exactly this part of my instructions when running Malwarebytes' Anti-Malware:
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.

Please upldate Malwarebytes' Anti-Malware, run a scan again and Remove everything if finds, then post back the new report.
(Just follow all the steps i posted about Malwarebytes' Anti-Malware except of the downloading part.)
----------------------------------------------
Please download ATF cleaner
Make sure that all browser windows are closed.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All and UNCHECK Cookies.
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All and UNCHECK Cookies.
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All and UNCHECK Cookies.
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
----------------------------------------------
Latest version of Java doesn't show in HijackThis log, so i want you to go in your Add/Remove programs, and see if you have the latest update which is "Java Runtime Environment Version 6 Update 11. If this is the one you have ignore the below instructions.

If you have an earlier version, follow the instructions below.
----------------------------------------------
Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 11.
  • Go to Java Site
  • Click to Download Java SE Runtime Environment (JRE) 6 Update 11
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u11-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer
----------------------------------------------
Run Kaspersky Online AV Scanner
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
----------------------------------------------
Post back:
The new Malwarebytes' Anti-Malware report.
Kaspersky report.
A new HijackThis log (Please close browsers when scanning with HijackThis).
Tell me how the pc is running now.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Scratching my head, can't find Malware in my PC

Unread postby spankyjo54 » December 29th, 2008, 3:23 am

Firstly, I did do another scan with Malware and got rid of all that was found. I knew they were not suppose to be in my regestry nor other filesl because I remember the "Winweb Security" Trojan or what ever it is infected my computer after I had done a format and reload. I had gotten all my MS updates, put in all my software I have on disk here. I have a very good bit of software that started out to just be "Counterspy, but was offered Viper along with it for a discount. Viper uses less RAM, CPU and most power drained by other antivirus and spy and malware software. I was using Avast when I got the Winweb and others. That is what caused me to look for a good bit of software. I am still using the Windows firewall but know that Sunbelt also has a firewall that claims to be better. I do know that nothing I am aware of has gotten past Viper since I installed it.
I also have a friend in the UK that is a software maker, (can't think of the term), and he has advised me on two different kinds of software for cleaning my registry that is dummy proof called, Regvac Registry cleaner and also gives me the option to go into the advanced mode and pack the registry. Also a PC Cleaner called A1Click Ultra PC Cleaner. Along with the Malware you recommended, etc. I think I am pretty well covered. I need to find a way to back up since I have way too much on here to put on a disk. I will look into an on line file keeper.
Oh and I do have the recent version of Java.Version 6 Update 11. About the ATF Cleaner. I will go take a look at that and do as you ask. And will do the online scan also and send you the report. I think you for hanging in there with me. I really think things are better already. The "Winweb Security" joke, if that's what you want to call it has been totally taken off my PC. I now remember how I got it. I was going to one of my regular sites to download some software I use off that site quite a bit. I had never seen this drop-down plug-in request before but since I have seen it many times before I thought nothing of it. I did not open any infected e-mail but as soon as I downloaded that plug-in I started getting the Security warning from Winweb Security.
I think anyone putting that onto another's web site is about a low as you can sink to try and show how smart they THING they are. Most are just pure ignorant. :?: :) spankyjo.
spankyjo54
Active Member
 
Posts: 13
Joined: December 6th, 2008, 2:58 am

Re: Scratching my head, can't find Malware in my PC

Unread postby chryssi2001 » December 29th, 2008, 8:12 am

Hello spankyjo54,

Registry Cleaners

We generally do not recommend the use of registry cleaners.

Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference.
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html
----------------------------------------------
FREE FIREWALLS

Below is a list of some free firewalls (in no order of preference).
----------------------------------------------
I am waiting the reports i asked in my previous post:
Post back:
The latest Malwarebytes' Anti-Malware report.
Kaspersky report.
A new HijackThis log (Please close browsers when scanning with HijackThis).
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Scratching my head, can't find Malware in my PC

Unread postby spankyjo54 » December 30th, 2008, 12:22 am

I did Malwarebytes scan and this is the results of that scan:

Malwarebytes' Anti-Malware 1.31
Database version: 1550
Windows 5.1.2600 Service Pack 3

12/26/2008 11:46:36 PM
mbam-log-2008-12-26 (23-46-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 148908
Time elapsed: 47 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d5df7c9d-6069-4552-8b0c-d02a912fc889} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5df7c9d-6069-4552-8b0c-d02a912fc889} (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP35\A0012084.exe (Rogue.Winweb) -> No action taken.
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP35\A0012085.exe (Rogue.Winweb) -> No action taken.
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP38\A0014338.exe (Rogue.Winweb) -> No action taken.
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP47\A0018045.exe (Rogue.Winweb) -> No action taken.

Kaspersky REport was a bit harder. I stated this afternoon, let it run, it had scanned 2hrs and 56 minutes, was almost done and the electricity went off. !$#%@#$%!@#%$!@
Did it again this evening and see where I had put some things on my computer from old disks that are infected, I will have to get rid of them but will wait for your advise.


Files scanned 76704
Threat name 7
Infected objects 16
Suspicious objects 0
Duration of the scan 01:59:36

File name Threat name Threats count
C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Dolphins\dolphinfree.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 3

C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Dolphins\dolphinfree.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1

C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Dolphins\dolphinfree.exe Infected: not-a-virus:AdWare.Win32.WebHancer 5

C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Dolphins\dolphinfree.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.h 1

C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Gills Themes\Jeweled Dragon\jewelledragond.exe Infected: not-a-virus:AdWare.Win32.EZula.j 1

C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Gills Themes\Jeweled Dragon\jewelledragond.exe Infected: not-a-virus:AdWare.Win32.IGetNet.a 1

C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Sea Pearls\41575.exe Infected: not-a-virus:AdWare.Win32.Gator.3103 1

C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Sea Pearls\41575.exe Infected: not-a-virus:AdWare.Win32.IGetNet.a 1

C:\Program Files\Plus!\Themes\Star Fall.exe Infected: not-a-virus:AdWare.Win32.Gator.3103 1

C:\Program Files\Plus!\Themes\Star Fall.exe Infected: not-a-virus:AdWare.Win32.IGetNet.a 1

The selected area was scanned.

And Last but not least the Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:25 PM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00

(7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program

Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common

Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Sunbelt

Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt

Software\VIPRE\SBAMTray.exe
C:\Program Files\Trend Hijack

This\Hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

(file missing)
O2 - BHO: RealPlayer Download and Record

Plugin for Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} -

C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dl

l
O2 - BHO: Java(tm) Plug-In SSV Helper -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program

Files\Google\GoogleToolbarNotifier\5.0.926.345

0\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d

ll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Firefox] "C:\Program

Files\Mozilla Firefox\firefox.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program

Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]

"C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs]

"C:\Program

Files\Bootskins_free.exe\BootSkin.exe"

/StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program

Files\WinCustomize\LogonStudio\logonstudio.exe

" /RANDOM
O4 - HKLM\..\Run: [C-Media Speaker

Configuration] E:\Cmi8738-6ch\Setup.exe

/SPEAKER
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe

/startup
O4 - HKLM\..\Run: [trioService]

"C:\PROGRA~1\ScreenSaver.com\Living 3D

Dolphins\trioService.exe "
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Cloudmark Desktop for

Outlook Express.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk =

C:\Program

Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to

Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/

3000
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger

- {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V

5Controls/en/x86/client/wuweb_site.cab?1227905

199279
O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6

/V5Controls/en/x86/client/muweb_site.cab?12279

20209140
O18 - Protocol: bwfile-8876480 -

{9462A756-7B47-47BC-8C80-C34B9B80B32B} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-88764

80.dll
O23 - Service: Google Updater Service (gusvc)

- Google - C:\Program

Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program

(IJPLMSVC) - Unknown owner - C:\Program

Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter

(JavaQuickStarterService) - Sun Microsystems,

Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service

(LBTServ) - Logitech, Inc. - C:\Program

Files\Common

Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: O&O Defrag - O&O Software GmbH

- C:\WINDOWS\system32\oodag.exe
O23 - Service: VIPRE Antivirus + Antispyware

(SBAMSvc) - Sunbelt Software - C:\Program

Files\Sunbelt Software\VIPRE\SBAMSvc.exe

--
End of file - 5647 bytes

Looks like a mess to me. :?: :D
spankyjo54
Active Member
 
Posts: 13
Joined: December 6th, 2008, 2:58 am

Re: Scratching my head, can't find Malware in my PC

Unread postby spankyjo54 » December 30th, 2008, 12:30 am

I meant to ask, is the Window XP firewall not reliable? Since I do have Sunbelts Viper and extra features added to its scanning other than just viruses. I may download their firewall and see if I like it and disable XP's.
Come to think of it, XP's firewall has let several Trojans get into the back door in the long past. Thank goodness there were cures, so to speak, to download and rid one of those nasty's. Thanks, A Barton (JO)
spankyjo54
Active Member
 
Posts: 13
Joined: December 6th, 2008, 2:58 am

Re: Scratching my head, can't find Malware in my PC

Unread postby chryssi2001 » December 30th, 2008, 2:43 am

Hello spankyjo54,

Windows Firewall controls only one way of the traffic (inbound). So it would be better to install an independant one.
-----------------------------------------------
Update and run again Malwarebytes' Anti-Malware.
  • Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • Go in Logs Tab, and post back the new report.
-----------------------------------------------
Word Wrap

Your HijackThis log, is messed up. This is cause by having Word Wrap checked.
Before running HijackThis again, follow the steps below:

1. Click Start > All Programs > Accessories > Notepad
2. On the menu bar in Notepad select Format and click on WordWrap so it appears un-checked.
-----------------------------------------------
Post back:
Malwarebytes' Anti-Malware report.
A new HijackThis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Scratching my head, can't find Malware in my PC

Unread postby spankyjo54 » December 30th, 2008, 8:25 pm

I will get this to you ASAP. I found out today what I thought was just a little cold has now blown up into a full blast of the flu. Thought I was over that junk. Guess not. But, I can have the scans going while I feel sorry for myself. LOL :pale: :)
spankyjo54
Active Member
 
Posts: 13
Joined: December 6th, 2008, 2:58 am

Re: Scratching my head, can't find Malware in my PC

Unread postby spankyjo54 » December 30th, 2008, 11:00 pm

I hope I got it right this time.

Malwarebytes' Anti-Malware 1.31
Database version: 1580
Windows 5.1.2600 Service Pack 3

12/30/2008 7:52:22 PM
mbam-log-2008-12-30 (19-52-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 149329
Time elapsed: 1 hour(s), 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP34\A0012070.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP35\A0012150.exe (Rogue.Installer) -> No action taken.

Hijackthis scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:18 PM, on 12/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Returnil\Returnil.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Trend Hijack This\Hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Firefox] "C:\Program Files\Mozilla Firefox\firefox.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Bootskins_free.exe\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [C-Media Speaker Configuration] E:\Cmi8738-6ch\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\ScreenSaver.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [Rvsystem] C:\PROGRA~1\Returnil\Returnil.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GTRipple] C:\Program Files\GTDesktop\Plugins\GTRipple.exe
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7905199279
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7920209140
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 6237 bytes
spankyjo54
Active Member
 
Posts: 13
Joined: December 6th, 2008, 2:58 am

Re: Scratching my head, can't find Malware in my PC

Unread postby chryssi2001 » December 31st, 2008, 4:12 am

Hi, i hope you are feeling a little better.

HijackThis report is fine, but you fail to remove what Malwarebytes' Anti-Malware found.
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP34\A0012070.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP35\A0012150.exe (Rogue.Installer) -> No action taken.


See my previous explanation how to remove what the tool found.

Please repeat the scan, and:
Be sure that everything is checked, and click Remove Selected

Then post back the report.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Scratching my head, can't find Malware in my PC

Unread postby spankyjo54 » December 31st, 2008, 7:13 pm

Oh, sorry, I did, but sent you what was in there. Ah, fever does strange things to the brain. LOL Good to hear the Hijackthis scan was OK and I did get rid of the things that Mal ware found. So, I guess that means I am clean and my PC is running real fast but then, I am not done with my reloading saved files, etc. Thanks, nice to know I finally did get rid of "Winweb Security", my rear!!! It will Winweb you into totally destroying the files in your OS. So be sure to let others know about that sneaky little what ever it is. It shows itself on different web sites as a plug-in that needs to be installed to see the site better. Uh HUH. If you see it, your lucky. LOL :lol: Its does not destroy anything but slows down your system and annoys the heck out of you all day with its pop-ups constantly.
spankyjo54
Active Member
 
Posts: 13
Joined: December 6th, 2008, 2:58 am

Re: Scratching my head, can't find Malware in my PC

Unread postby chryssi2001 » January 1st, 2009, 4:47 am

Hi spankyjo54,

Please post the latest Malwarebytes' Anti-Malware i asked after you remove what it finds, and a new HijackThis log, you are not competely clean yet.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Scratching my head, can't find Malware in my PC

Unread postby spankyjo54 » January 5th, 2009, 4:21 am

I am so sorry I have been so poky getting back to you especially since you have been on top of this problem for me from the start. Personal problems with my son have kept me busy the last few days and will be in Phoenix tomorrow all day. I will try and get that last scan done on Tuesday, so, take a break, (yeah right) like I am the only one on here????? NOT!!! LOL Have a good week. JO
spankyjo54
Active Member
 
Posts: 13
Joined: December 6th, 2008, 2:58 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware