Malwarebytes shows 'hard to find' entries

Cellulose · Mar 12, 2009

Here is my Hijackthis log (I am running Vista 64bit):

C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe
C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Portrait Displays\HP Display Assistant\DTHtml.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\DAEMON Tools Pro\DTPro.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {6134A39A-C1EA-4E6F-B6D2-9ED5D9CC03B5} - (no file)
O4 - HKLM\..\Run: [DeathAdder] "C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT HWP] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -HWP
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{87E989CB-258D-4813-A945-9FB39193FF21}: NameServer = 62.24.199.13,62.24.199.23
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: {73135D91-673B-44DF-92B9-17419FAF0491} (auioeui) - Unknown owner - C:\Program Files (x86)\ophcrack\pwdump\servpw.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CacheDump - Unknown owner - C:\Users\Joe\AppData\Local\Temp\cachedump64.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Update Service (gupdate1c90c6ea89c7fb4) (gupdate1c90c6ea89c7fb4) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files (x86)\TalkTalk\bin\sprtsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files (x86)\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files (x86)\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: {ECDBFF98-A6B3-403B-8B88-5488D8116D7E} (yslfvhwxj) - Unknown owner - C:\Program Files (x86)\ophcrack\pwdump\servpw.exe

I have since deleted the Ophcrack folders...

I recently ran all my anti-malware software, Malwarebytes, Spybot, ESET, SuperAntiS. All except Malwarebytes was clean.

Malwarebytes showed the following:

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\memman.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\{DE097E60-7F86-4350-B083-1F09B6906C92}\OFFLINE\71747601\2302A1E7\memman.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.
C:\Windows\System32\memman.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\memman.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AntiSpy Protector.lnk (Rogue.AntiSpywareProtector) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiSpy Protector.lnk (Rogue.AntiSpywareProtector) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gbplugin.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\gbplugin.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SYSINFO.OCX (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SYSINFO.OCX (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mstcpmvd.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mstcpmvd.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Win32.dll (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Win32.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windowsupdat.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windowsupdat.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msdoc.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\msdoc.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows32.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows32.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dllhost.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\dllhost.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wend.lnk (Backdoor.Bot) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\wend.lnk (Backdoor.Bot) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KB4182843.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\KB4182843.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cmzo.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cmzo.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\czlq.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\czlq.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bsyys.scr (Spyware.Banker) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\bsyys.scr (Spyware.Banker) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\csrss.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\csrss.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bzts.exe (Adware.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\bzts.exe (Adware.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fqrl.exe (Adware.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\fqrl.exe (Adware.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lwbk.exe (Adware.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\lwbk.exe (Adware.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msnmsgr.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\msnmsgr.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\win.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\win.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GbpSvm.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GbpSvm.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ltul.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ltul.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\toaw.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\toaw.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mccv.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mccv.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncyc.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ncyc.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dniw.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\dniw.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ifmq.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ifmq.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anjwsoinhj.exe (Trojan.Downloader) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\anjwsoinhj.exe (Trojan.Downloader) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YacsMon.exe (Trojan.Lop) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\YacsMon.exe (Trojan.Lop) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DW_Start.lnk (Malware.Links) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DW_Start.lnk (Malware.Links) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Deewoo.lnk (Malware.Links) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Deewoo.lnk (Malware.Links) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lans.exe (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\lans.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gabr.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\gabr.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\findfast.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\findfast.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autos.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\autos.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\infos.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\infos.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.exe (Rogue.WinAntivirus) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\system.exe (Rogue.WinAntivirus) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autorun.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\autorun.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Joe\Start Menu\Programs\Startup\AntiSpy Protector.lnk (Rogue.AntiSpyProtector) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Update.lnk (Worm.P2P) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Update.lnk (Worm.P2P) -> Delete on reboot.
C:\Users\Joe\Start Menu\Programs\Startup\AntiSpyware Protector.lnk (Rogue.AntiSpyware) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

However after going to these folders in explorer I cannot find any evidence of them, even though every time I reboot and rescan the ones that say 'delete on reboot' keep appearing in the Malwarebytes logs.

Is there any way I can confirm that my computer is clean/infected?

Thanks a lot 🙂
Joe

Cujothemadog · Apr 6, 2009

looks like u might have conflicker
http://en.wikipedia.org/wiki/Conficker
u'll need to shut down system restore and run microsoft malisious software removal tool and then get Microsoft?s MS08-067 patch, also known as KB958644

Malwarebytes shows 'hard to find' entries

Cellulose

Senior member

Cujothemadog

Junior Member

TRENDING THREADS