trojan keeps coming back.

[hunt3rshadow]

So my problem is,  3 same trojans keep coming back after I remove them with Malwarebytes. I have tried 6 times with MBAM to remove the trojans, but they just come back. Also I do not know if this is related to the Trojans, but for some odd reason, my P2P program utorrent does not work anymore. I try to execute it, but nothing happens. So I tried to uninstall it, but it wouldn't let me and I ended up just deleting the actual folder with all the files. Another program I have trouble with is a game client file (.exe) I downloaded it off the correct site and I'm pretty sure it's clean but just like the utorrent problem, when I try to execute it, nothing happens. It just stand there. help would be appreciated.

Other info:
I run on Windows XP professional and I currently don't have an anti virus and I doubt I can get any in the near future with this computer, as this device is essentially ancient. The computer would be slow at incomprehensible speeds, so that is why I don't have an anti virus.

MBAM

Malwarebytes' Anti-Malware 1.44
Database version: 3747
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/19/2010 8:49:32 PM
mbam-log-2010-02-19 (20-49-32).txt

Scan type: Quick Scan
Objects scanned: 124567
Time elapsed: 9 minute(s), 29 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\powermanager (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/19/2010 at 07:54 PM

Application Version : 4.34.1000

Core Rules Database Version : 4597
Trace Rules Database Version: 2409

Scan type       : Complete Scan
Total Scan Time : 02:38:52

Memory items scanned      : 480
Memory threats detected   : 1
Registry items scanned    : 5782
Registry threats detected : 26
File items scanned        : 69975
File threats detected     : 78

Trojan.SVCHost/Fake
   C:\WINDOWS\SVCHOST.EXE
   C:\WINDOWS\SVCHOST.EXE
   C:\WINDOWS\Prefetch\SVCHOST.EXE-16C7D411.pf

Adware.Tracking Cookie
   C:\Documents and Settings\Richard\Cookies\richard@interclick[1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@toplist[3].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@overture[1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@insightexpressai[1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@fastclick[1].txt
   C:\Documents and Settings\Richard\Cookies\richard@burstnet[1].txt
   C:\Documents and Settings\Richard\Cookies\richard@casalemedia[2].txt
   C:\Documents and Settings\Richard\Cookies\richard@spylog[1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
   C:\Documents and Settings\Richard\Cookies\richard@pro-market[2].txt
   C:\Documents and Settings\Richard\Cookies\richard@serving-sys[1].txt
   C:\Documents and Settings\Richard\Cookies\richard@adcentriconline[1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@tacoda[1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@247realmedia[1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@toplist[1].txt
   C:\Documents and Settings\Richard\Cookies\richard@smartadserver[2].txt
   C:\Documents and Settings\Richard\Cookies\richard@doubleclick[2].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@advertising[1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@adlegend[1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
   C:\Documents and Settings\Richard\Cookies\richard@statcounter[2].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@mediafire[2].txt
   C:\Documents and Settings\Richard\Cookies\richard@media6degrees[1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
   C:\Documents and Settings\Richard\Cookies\richard@invitemedia[1].txt
   C:\Documents and Settings\Richard\Cookies\richard@57472748[2].txt
   C:\Documents and Settings\Richard\Cookies\richard@cgi-bin[2].txt
   C:\Documents and Settings\Richard\Cookies\richard@tribalfusion[2].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@yadro[2].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@collective-media[1].txt
   C:\Documents and Settings\Richard\Cookies\richard@questionmarket[2].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
   C:\Documents and Settings\Richard\Cookies\richard@2o7[2].txt
   C:\Documents and Settings\Richard\Cookies\richard@mediaplex[1].txt
   C:\Documents and Settings\Richard\Cookies\richard@atdmt[2].txt
   C:\Documents and Settings\Richard\Cookies\richard@apmebf[2].txt
   C:\Documents and Settings\Richard\Cookies\richard@chitika[1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@zedo[1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@realmedia[2].txt
   C:\Documents and Settings\jimmy\Cookies\jimmy@2o7[1].txt
   C:\Documents and Settings\jimmy\Cookies\[email protected][1].txt
   C:\Documents and Settings\jimmy\Cookies\[email protected][2].txt
   C:\Documents and Settings\jimmy\Cookies\jimmy@atdmt[2].txt
   C:\Documents and Settings\jimmy\Cookies\[email protected][1].txt
   C:\Documents and Settings\jimmy\Cookies\jimmy@doubleclick[1].txt
   C:\Documents and Settings\jimmy\Cookies\jimmy@trafficmp[1].txt
   C:\Documents and Settings\William\Cookies\william@atwola[1].txt
   C:\Documents and Settings\William\Cookies\william@doubleclick[1].txt

Virus.HiddenDragon
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER#NextInstance
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#Service
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#Legacy
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#ConfigFlags
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#Class
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#ClassGUID
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#DeviceDesc
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000#Driver
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000\Control
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POWERMANAGER\0000\Control#ActiveService
   HKLM\SYSTEM\CurrentControlSet\Services\PowerManager
   HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#Type
   HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#Start
   HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#ErrorControl
   HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#ImagePath
   HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#DisplayName
   HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#ObjectName
   HKLM\SYSTEM\CurrentControlSet\Services\PowerManager#Description
   HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Security
   HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Security#Security
   HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Enum
   HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Enum#0
   HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Enum#Count
   HKLM\SYSTEM\CurrentControlSet\Services\PowerManager\Enum#NextInstance
   C:\QOOBOX\QUARANTINE\C\WINDOWS\SVCHOST.EXE.VIR

Trojan.Agent/Gen-Nullo[Short]
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B5FEA85-F8E2-4BD4-82C8-85241A71E15E}\RP67\A0023991.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B5FEA85-F8E2-4BD4-82C8-85241A71E15E}\RP81\A0026149.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B5FEA85-F8E2-4BD4-82C8-85241A71E15E}\RP83\A0027415.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B5FEA85-F8E2-4BD4-82C8-85241A71E15E}\RP90\A0027589.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B5FEA85-F8E2-4BD4-82C8-85241A71E15E}\RP96\A0029169.EXE

[hunt3rshadow]

uggh there seems to be another problem now. my computer is running slower then usual. Could this be the effect of the svchost.exe trojan?

[hunt3rshadow]

Am I allowed to bump?

[evilfantasy]

Am I allowed to bump?

It makes your wait time longer because you go to the end of the list.


Download TrendMicro HijackThis.exe (HJT) to the desktop.

* Double-click on HJTInstall.
* Click on the Install button.
* It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
* Upon install, HijackThis should open for you.
* Important! If using Windows Vista or Windows 7, close HijackThis. Now right-click HijackThis and Run As Administrator
* Click on the Do a system scan and save a log file button
* HijackThis will scan and then a log will open in notepad.
* Copy and then paste the entire contents of the log in your post.
* Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.