Okay so the computer works now... but every time I run MBAM I get 10-20 more infections, and it can't clean them. I have used HijackThis to attempt to get rid of some suspicious entries, but they keep coming back! I am posting the HijackThis log and the MBAM log, any help is appreciated!
Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:04 AM, on 7/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL$HONDAEPC\Binn\sqlservr.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spnsrvnt.exe
d:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
d:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$HONDAEPC\Binn\sqlagent.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PCS\PcsPrint\pcsprn.exe
D:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CAPM5RSK.EXE
d:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\DESKTOP\PROCEXP.EXE
C:\WINDOWS\system32\3361\services.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\mssas.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msswgtoq.exe
O4 - HKLM\..\Run: [PCSPrn] C:\PCS\PcsPrint\pcsprn.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "d:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PCSMenu] N:\FOXPRO\PCSMENU.EXE
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\mswcgvd.exe
O4 - HKUS\S-1-5-21-1038429887-3795459445-4233314246-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1038429887-3795459445-4233314246-1008\..\Run: [PCSMenu] N:\FOXPRO\PCSMENU.EXE (User '?')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.164.109.25.72
O15 - Trusted Zone: *.207.130.86.35
O15 - Trusted Zone: *.acura.com
O15 - Trusted Zone: *.ahm-ownerlink.com
O15 - Trusted Zone: *.ahmdealer.com
O15 - Trusted Zone: *.edcor.com
O15 - Trusted Zone: *.in.honda.com
O15 - Trusted Zone: in.honda.com
O15 - Trusted Zone: *.honda.com
O15 - Trusted Zone: *.hondacars.com
O15 - Trusted Zone: *.hondapqr.com
O15 - Trusted Zone: *.jdpower.com
O15 - Trusted Zone: *.xmradio.com
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) -
http://www.in.honda.com/rraaapps/rraasec/codebase/rraainax/RYXAINAX_LandscapePrintingActiveX.cabO16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) -
http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CABO16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) -
http://192.168.2.253/bl_camera.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RiveredgeMarina.local
O17 - HKLM\Software\..\Telephony: DomainName = RiveredgeMarina.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AF707BF-F6A7-49F5-B00A-F13DC73AB7BE}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RiveredgeMarina.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RiveredgeMarina.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = RiveredgeMarina.local
O18 - Protocol: a5res - (no CLSID) - (no file)
O18 - Protocol: XBasic - (no CLSID) - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Unknown owner - C:\Program Files\Symantec\pcAnywhere\awhost32.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - d:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - d:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: PCSSecDevServer (SuperProServer) - Unknown owner - C:\WINDOWS\system32\spnsrvnt.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - d:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
--
End of file - 6563 bytes
and MBAM log:
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3
7/1/2009 8:45:41 AM
mbam-log-2009-07-01 (08-44-59).txt
Scan type: Quick Scan
Objects scanned: 131655
Time elapsed: 10 minute(s), 45 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
C:\WINDOWS\system32\3361\services.exe (Trojan.Downloader) -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> No action taken.
HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> No action taken.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (csfile) Good: (exefile) -> No action taken.
Folders Infected:
C:\WINDOWS\system32\3361 (Trojan.Downloader) -> No action taken.
Files Infected:
c:\WINDOWS\system32\3361\services.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\lsass.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\svchost.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winexec.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winres.dll (Trojan.Agent) -> No action taken.
Thank you in advance for any help you may be able to give!