Please analyze hijackthis log

[fathippo]

First off thanks for a wonderful product. Malwarebytes is truly one of the best if not THE best malware eliminators.

I own a copy of Malwarebytes and had an issue with a virus. Right now Malwarebytes is saying everything is clean but I don't believe it is. I think there's something hiding on my machine and would love if someone could analyze my log file.

Here's what happened:

I had Protection Enabled on startup. When my cpu turned on, Malwarebytes popped-up a window

that said it had blocked a process from accessing the internet

(C:\System32\MSCTF.dll: rootkit.Goldun). It gave me the option to

quarantine the virus but the pop-up window froze and my system locked up

so I was never able to quarantine it. It's worked fine in the past, just

seemed to have a problem with this virus.

What's also strange and concerning to me is when I disabled protection at

startup and ran a scan with Malwarebytes on it's own it said that it found no malicious

programs on my cpu. As soon as I enabled the protection again, the window popped-up saying it

found the rootkit.Goldun again and would freeze.

I took a chance and ran McAfee which I'm not a fan of but it did find one trojan that malwarebytes didn't called Arftemis!C6216C66E6EB. I don't know what happened with the original rootkit.Goldun virus that Malware was freezing on which makes me think it's still here. Anyway, McAfee quarantined the Artemis trojan and now Malwarebytes works fine with no pop ups on startup and when I run a scan it says everything is clean.

Thing is I'm still afraid that something is on here because for the past few days I keep getting virus alerts when I haven't gone anywhere differently on the web. Malwarebytes removes it and then the next day a new one shows up. I think something is hiding on my cpu.

Any help would be greatly appreciated! Log file and MBAM logs below. Thanks!

Malwarebytes' Anti-Malware 1.37

Database version: 2219

Windows 5.1.2600 Service Pack 3

6/3/2009 11:48:12 AM

mbam-log-2009-06-03 (11-48-12).txt

Scan type: Full Scan (C:\|)

Objects scanned: 248265

Time elapsed: 1 hour(s), 20 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

===================================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:14:20 PM, on 6/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\WLTRAY.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\WINDOWS\system32\STacSV.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Darin Galgano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe

C:\Program Files\FileZilla FTP Client\filezilla.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090205

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1234419453193

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234491428000

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Update Service (gupdate1c98d998a4a476a) (gupdate1c98d998a4a476a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 13627 bytes

[miekiemoes]

Hi,

This was a readerror in malwarebytes causing this false positive. This has been resolved already. Please update malwarebytes and let me know if it's still detecting Goldun.

[fathippo]

Hi,

This was a readerror in malwarebytes causing this false positive. This has been resolved already. Please update malwarebytes and let me know if it's still detecting Goldun.

Hi Miekie - After updating Malwarebytes this has been fixed but I've been getting viruses every once in a while even though I'm not going anywhere different really in my browser. I thought it was good to just post the log anyway as I thought maybe something was hiding on my system still. Does my log look okay to you?

Thanks for responding.

[miekiemoes]

Hi,

I can't see anything suspicious in your log, otherwise I would have told you

[fathippo]

Hi,

I can't see anything suspicious in your log, otherwise I would have told you

awesome, thank you Miekie. Sorry I guess I just get nervous and until I hear you say those words...you know how it is. Thanks so much!

[miekiemoes]

You're most welcome

[miekiemoes]

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.