i was finally able to get malwarebytes to run - and it said it needed me to restart to get rid of malware defense virus. after i did and returned to normal mode - the desktop icons were gone but slowly came back along with the virus. here is my latest malwarebytes scan :
Malwarebytes' Anti-Malware 1.44
Database version: 3621
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
1/23/2010 2:56:27 PM
mbam-log-2010-01-23 (14-56-27).txt
Scan type: Quick Scan
Objects scanned: 137067
Time elapsed: 30 minute(s), 44 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 21
Memory Processes Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\extrac64_cab.exe (Rogue.Installer.Gen) -> Unloaded process successfully.
Memory Modules Infected:
\\?\globalroot\systemroot\system32\H8SRTqumqsyngmm.dll (Rootkit.TDSS.Gen) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\extrac64_cab.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\malware Defense (Rogue.MalwareDefense) -> Delete on reboot.
C:\Documents and Settings\Owner\Start Menu\Programs\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
Files Infected:
\\?\globalroot\systemroot\system32\H8SRTqumqsyngmm.dll (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\extrac64_cab.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
C:\WINNT\Temp\210.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
C:\WINNT\Temp\78.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
C:\WINNT\Temp\8C.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINNT\Temp\93.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\help.ico (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\md.db (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\mdefense.exe (Rogue.MalwareDefense) -> Delete on reboot.
C:\Program Files\malware Defense\mdext.dll (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\uninstall.exe (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\malware Defense\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\malware Defense\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\malware Defense\Uninstall Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\winhlp64.exe (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Owner\Desktop\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
please help - been trying for 2 days to fix this...
Malwarebytes' Anti-Malware 1.44
Database version: 3621
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
1/23/2010 2:56:27 PM
mbam-log-2010-01-23 (14-56-27).txt
Scan type: Quick Scan
Objects scanned: 137067
Time elapsed: 30 minute(s), 44 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 21
Memory Processes Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\extrac64_cab.exe (Rogue.Installer.Gen) -> Unloaded process successfully.
Memory Modules Infected:
\\?\globalroot\systemroot\system32\H8SRTqumqsyngmm.dll (Rootkit.TDSS.Gen) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\extrac64_cab.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\malware Defense (Rogue.MalwareDefense) -> Delete on reboot.
C:\Documents and Settings\Owner\Start Menu\Programs\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
Files Infected:
\\?\globalroot\systemroot\system32\H8SRTqumqsyngmm.dll (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\extrac64_cab.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
C:\WINNT\Temp\210.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
C:\WINNT\Temp\78.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
C:\WINNT\Temp\8C.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINNT\Temp\93.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\help.ico (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\md.db (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\mdefense.exe (Rogue.MalwareDefense) -> Delete on reboot.
C:\Program Files\malware Defense\mdext.dll (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\uninstall.exe (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\malware Defense\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\malware Defense\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\malware Defense\Uninstall Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\winhlp64.exe (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Owner\Desktop\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
please help - been trying for 2 days to fix this...
