Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Very Frustrating Malware issue

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Very Frustrating Malware issue

Unread postby JBLively » April 7th, 2010, 4:19 pm

Hi Guys. First time having to do this. I use ad-aware free and I have no idea how I got this. I think, based on the research it's the: Trojan-Clicker.win32.cycler bug..but it could be a combo of them.

I've tried the Combofix.exe and it seems to get it all, but then like 30 minutes later..it's all back. I also tried Malwarebytes AntiMalware. Again, it seems to find like 12 threats and deletes them..and then 30 minutes later they are back.

My Primary browser is the latest version of Firefox...but IE is used for logmein purposes on this machine. I was infected on monday evening at around 5:15pm pst.

When in full force, I can't get to regedit, or ctl-alt-del, or folder options, and the bubble in the status bar pops up and give warnings from "XP Anti Malware 2010" And there are lots of new processes like: wq32.exe, wmpscfgs.exe, ave.exe and lots of rundll32.exes

Please help...I don't know who else to turn to.

Joanne

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:18 PM, on 4/7/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\myadremover\AdAware\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PROVIDUSSTD\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kapekabo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\myadremover\AdAware\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {19842866-0467-483b-9bcc-42998e646378} - movasagu.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [siwobirube] Rundll32.exe "movasagu.dll",s
O4 - HKLM\..\Run: [wusidirey] Rundll32.exe "c:\windows\system32\kagetika.dll",a
O4 - HKLM\..\Run: [fzwkht] RUNDLL32.EXE C:\WINDOWS\system32\msuqddft.dll,w
O4 - HKLM\..\Run: [Adobe_Reader] c:\program files\internet explorer\wmpscfgs.exe
O4 - HKCU\..\RunOnce: [SGD] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kapekabo.exe /cs:1
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.taxsoftware.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O21 - SSODL: helozufup - {2a3a357a-fea9-448a-8b5f-cd9654967cad} - c:\windows\system32\biwapuyu.dll (file missing)
O21 - SSODL: fozefenag - {dc9221db-52b6-4877-abee-96ec6671dfc9} - c:\windows\system32\dimisawo.dll (file missing)
O21 - SSODL: zofivodak - {a5ac28b9-7b9a-4fd0-9467-ade7cbafeec1} - c:\windows\system32\kagetika.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O22 - SharedTaskScheduler: mujuzedij - {2a3a357a-fea9-448a-8b5f-cd9654967cad} - c:\windows\system32\biwapuyu.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {dc9221db-52b6-4877-abee-96ec6671dfc9} - c:\windows\system32\dimisawo.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {a5ac28b9-7b9a-4fd0-9467-ade7cbafeec1} - c:\windows\system32\kagetika.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Update Service (gupdate1c9be24b583f0ae) (gupdate1c9be24b583f0ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\myadremover\AdAware\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\Webcam123\dogsvc.exe
O23 - Service: webcamXP Service (wxpSvc) - Moonware Studios - C:\Program Files\wLite\wService.exe

--
End of file - 11462 bytes

2FlyerPro
7-Zip 4.65
AbelCam
Acrobat.com
Ad-Aware
Ad-Aware
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe ColdFusion 8
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Common File Installer
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Flex Builder 3
Adobe Flex Builder 3 Plug-in
Adobe Fonts All
Adobe GoLive 6.0 (ENG)
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 6.0
Adobe Photoshop CS
Adobe Photoshop CS2
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Manager 4.1
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Agere Systems PCI-SV92PP Soft Modem
AIM Pro
Alien Outbreak 2
Ancient Sudoku
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Any Video Converter 3.0.1
Apple Application Support
Apple Software Update
Articulate Studio '09 Pro
Avax-CAD
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Recorder 2.4
AVS Video ReMaker 3.1.1.83
AVS4YOU Software Navigator 1.3
BASIC Stamp Editor v2.2
BasicATOM IDE
Battlefield 2(TM)
Bejeweled 2 Deluxe
Big Kahuna Reef
BIGSPEED Secure Socket Library-Free (remove only)
BIGSPEED Video Chat SDK Free (remove only)
BitPim 0.9.06
Blackhawk Striker 2
Blasterball 2 Remix
Blasterball 2 Revolution
Blaze Media Pro
Bookworm Deluxe
Bounce Symphony
BroadCam Video Streaming Server
BrowserBob 4 Professional
CAM UnZip 4.4
CamStudio
Camtasia Studio
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
Chuzzle Deluxe
Click'N Design 3D (V5)
Compatibility Pack for the 2007 Office system
Complete UI 2007 Q3
Connect
Cool Edit Pro 2.1
Coupon Printer for Windows
Craigslister eAssistant 3.2
Craigslister eAssistant 3.2.0.4
Craigslister eAssistant 3.2.0.4
Create! - Coupon Fusion
Crystal Reports for Visual Studio
Crystal Xcelsius Professional 4.5
Crystal Xcelsius™ Workgroup Designer 4
Customer Experience Enhancement
datagrid
datagrid
DBManager 3.2.4
Digital Crew's CFMyAdmin Version 1.0 BETA-2
Diner Dash
DISCover
DJ Java Decompiler v.3.10.10.93
Dotfuscator Software Services - Community Edition
Driver Sweeper 1.5.5
DriverAgent by eSupport.com
Dundas Gauge v2.5 for Windows Forms - Eval (VS2008)
Easy Internet Sign-up
Easy Java
eFax Messenger 4.3
Enhanced Multimedia Keyboard Solution
ExtractNow
F-15's from The Simulator Store
F-16s from The Simulator Store
F-16's from The Simulator Store
F-18s from The Simulator Store
Fairies
Family Feud
FATE
FileZilla (remove only)
Flash Card Factory
Flip Words
Free PS Convert driver 8.15
Free RAR Extract Frog 1.00
Free Video Dub version 1.5
Free YouTube Download 2.3
GemMaster Mystic
GMSI AngularGauge
Google Desktop
Google Earth Plug-in
Google Gears
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GTK+ Runtime 2.14.7 rev a (remove only)
GUI Design Studio 2.4.79.0
Handbrake 0.9.4
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB958655-v2)
HotPotatoes v 6.3.0.0
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 6.1
HP DVD Play 2.1
HP Game Console
HP Imaging Device Functions 7.0
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 6.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP PSC & OfficeJet 5.3.B
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HP Web Helper
IconCool Editor v5.5x
Insaniquarium Deluxe
Inspiration 8
Instrumentation Widgets 3.0
Internet Information Services (IIS) 7.0 Manager
IP2Location
iSpring Free 4.3
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
jaxquiz
Jewel Quest
Keepinhead 1.2.0
Keyword Country
kuler
kuler
kuler
LightScribe System Software
LightScribe Template Designs - Business Pack 1
LightScribe Template Labeler
LiveUpdate 3.0 (Symantec Corporation)
Logitech QuickCam Software
Logitech® Camera Driver
LogMeIn
LogMeIn
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia FlashPaper 2
Mah Jong Quest
main
main
Malwarebytes' Anti-Malware
MatchWare Mediator 9 Demo
MatchWare ScreenCorder 5.0
MediaCoder 0.7.2.4590
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile Beta 2
Microsoft .NET Framework 4 Client Profile Beta 2
Microsoft .NET Framework 4 Extended Beta 2
Microsoft .NET Framework 4 Extended Beta 2
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft ActiveSync
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Help 3.0 Beta 2
Microsoft Help 3.0 Beta 2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Development Tools for Visual Studio 2010 (x86)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft SharePoint Development Tools
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Smart Display Services
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 Beta English
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 Beta (x86)
Microsoft Sync Framework SDK v1.0 SP1 Beta
Microsoft Sync Framework Services v1.0 SP1 Beta (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 Beta (x86)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 Beta 2 x86 Runtime - 10.0.21006
Microsoft Visual C++ Run Time Lib Setup
Microsoft Visual F# Runtime 1.0
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Beta 2
Microsoft Visual Studio 2010 Professional Beta 2 - ENU
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Macro Tools
Microsoft Web Publishing Wizard 1.53
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Motorola USB Drivers
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.5.9)
MS Access to MySQL 3.0.0.66
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
MySpaceIM
MySQL Connector/ODBC 3.51
MySQL Server 5.0
MySQL Tools for 5.0
Mystery Case Files
MyWitchDLL ActiveX
Neat Image v5 Demo (with plug-in)
NED Knob Control 1.1
NED Recorder 1.0
NED SuperPak 1.2
Nero 6 Ultra Edition
Net Snippets
NETGEAR WN121T wireless USB 2.0 adapter
NVIDIA Drivers
OJOsoft Total Video Converter
OscilloChart Pro ActiveX Control
Otto
Paint Shop Pro 4.12
Paint Shop Pro 7 Beta 5
PC-Doctor 5 for Windows
PCI Audio Driver
PDF Settings CS4
Photoshop Camera Raw
Phrase Loopup
Phrase Loopup (C:\Program Files\PhraseLoopup\)
Phrase Loopup (C:\Program Files\PhraseLoopup\) #3
Pidgin
Pimero 2008 R2
pmSounds
Poker Superstars
PokerStars
Polar Bowler
Polar Golfer
Power Sound Editor Free v5.7.5
PowerISO
PPT2Flash Standard
PPT2Flash Standard
Precision Analog Meter OCX Trial
Precision Bubble Knob OCX
Precision Round Gauge OCX Trial
PremiumSoft Navicat 8.0 Lite for MySQL
Print2Flash
ProntoEdit 4
Publisher to PDF Converter 3.00
pyFlashCards 0.3.0
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickBooks Simple Start 2008
Quicken 2006
QuickTime
RamBooster
RealPlayer
Realtek High Definition Audio Driver
remotedata
remotedata
Revolution Media
Revolution Studio
Ricochet Lost Worlds
SasCam_free
SCRABBLE
Screencaster Plug-in for FF
ScreensaverMaker TE 2.4
screen-scraper basic edition
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Sheridan ActiveThreed Plus
Sheridan Data Widgets 3.12
Sheridan Designer Widgets 2.0
Simnor Image to Icon
SimpleOCR 3.1
Slingo Deluxe
Snowy The Bears Adventure
Soft Gold
Solutions::PIM Professional
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpringSys FormShaper for .NET v2.x
SQL Script Builder 1.6.0.24
SQL Server 2008 R2 Management Objects
SQL Server System CLR Types
StuffIt Expander 2009
Suite Shared Configuration CS4
Super Granny
SupportSoft Assisted Service
SurfAnonymous (Remove Only)
System Requirements Lab
TeamSpeak 2 RC2
TeamSpeak 3 Client
Tennis Titans
TestDrive Client
TinCam 1.07
TinyKeywordTracker
todo24ways
todo24ways
Tornado Jockey
TotalAudioConverter
Tradewinds
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 woriper
TurboTax 2008 wrapper
TurboTax Home & Business 2006
TurboTax Home & Business 2007
TurboTax ItsDeductible 2006
Tweak UI
TweakUI for Windows 64-Bit
Tweakui Powertoy for Windows XP
Ulead DVD Workshop 2 Trial
Uninstall 1.0.0.1
Universal Extractor 1.6
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Updates from HP (remove only)
Usenet.nl
UseNeXT
Valentina for Revolution
Vb Progress-Bar ActiveX
VGA Utility
Video Chat Pro ActiveX Control
VideoLAN VLC media player 0.8.5
ViewSonic AirPanel 150 Smart Display 1.0.0056.11
VIP Application Suite
Virtual Earth 3D (Beta)
Visio 2000
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2010 Beta 2 Tools for SQL Server Compact ENU
Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)
Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
web
web
Web Deployment Tool
Web Scraper Lite
Webcam 1-2-3
Webcam and Screen Recorder 4.8.1
webcamXP Lite
WebEx
WebSpy IE URL navigation reporter version 1.1
WexTech AnswerWorks
WildTangent Web Driver
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player Firefox Plugin
Windows Mobile® Device Handbook
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
WinZip
XRosyGUI (RoseGUI) Evaluation
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Widgets
YASA Video Converter v3.4 (build 0065)
Zeallsoft Screen Saver 2.5
ZNsoft Icon Maker
JBLively
Active Member
 
Posts: 3
Joined: April 7th, 2010, 3:50 pm
Advertisement
Register to Remove

Re: Very Frustrating Malware issue

Unread postby Airscape » April 9th, 2010, 8:56 pm

Hello and welcome to the forum.
My name is Airscape and I'll be helping you with your malware issues.
HijackThis logs can take time to analyze. Please be patient with me.

Take note of following before we begin:
  • Post to this thread only and please stick to it until you are given an All Clean. Absence of symptoms does not mean that your computer is clean.
  • The instructions I give are for This computer only and should not be used on any other pc.
  • Do NOT run any tools/scans unless I instruct you to.
  • Try not to install/uninstall any programs while we work. This will add extra time researching your logs.
  • If you have found assistance elsewhere and no longer require our help, please say so, and this topic will be closed.
  • If you have any problems, please stop and ask before proceeding with any fixes.

Note: As I'm in training at MRU everything I post must be checked by an expert first. So there may be a slight delay in between posts.

No reply within 3 days will result in your topic being closed. If you need more time, please let me know.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Very Frustrating Malware issue

Unread postby JBLively » April 9th, 2010, 9:51 pm

Thank you for your assistance. Just for record the infection is still in full force! AVG 9 is able to contain it, sort of, but I contantly get alerts from AVG and there are still lots of processes running that are malware.

Plus, every time I put a zip drive into the usb port...the dang virus copies it's self to it and create's an auto run and 'hides' them as a system file....very sneaky....

Again, thanks for the help, and it's really apprecated!

JoAnne
JBLively
Active Member
 
Posts: 3
Joined: April 7th, 2010, 3:50 pm

Re: Very Frustrating Malware issue

Unread postby Airscape » April 13th, 2010, 7:50 pm

I've tried the Combofix.exe and it seems to get it all

Please do not run ComboFix on your own, this tool is very powerful and should only be used under the supervision of a Malware removal expert.

It's important you follow all instructions very carefully, untill given an all clean, and please do not run any fixes on your own.

I would like for you to post the ComboFix results and any previous Malwarebytes scans.

Run Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware and click the Update tab >>> then Check for Updates.
  • If an update is found, it will download and install the latest version.
  • Back at the Scanner tab, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked , and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to restart to finish cleaning.... see Extra Note below.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
Failure to reboot will prevent MBAM from removing all the Malware.


------------------------------

So please post the latest MBAM results along with any previous scan you have done and C:\ComboFix.txt in your next reply.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Very Frustrating Malware issue

Unread postby JBLively » April 13th, 2010, 8:28 pm

Ok, the infection got much worse...so, I stopped using the machine unless I am working to fix the infection..

I will access the old combofix log that I ran and then do the Malwarebytes scan and post it's log.

Thanks...it will be later tonight.

JoAnne
JBLively
Active Member
 
Posts: 3
Joined: April 7th, 2010, 3:50 pm

Re: Very Frustrating Malware issue

Unread postby NonSuch » April 17th, 2010, 12:23 am

Due to a lack of activity, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 283 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware