Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect and it has banned this site


  • Please log in to reply
15 replies to this topic

#1 gt66stang

gt66stang

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 13 February 2009 - 07:23 PM

I don't know how I got the malware or spyware.

I would use Mozilla or IE6 and both would send me to another link from Google or yahoo, like mountaincoupon.com. Also I found out it bans me from getting the www.bleepingcomputer.com, free-av.com and other malware sites. Also I can't do a system restore.

Please help.


DDS (Ver_09-02-01.01) - NTFSx86
Run by AJ at 17:06:26.34 on Fri 02/13/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.463 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\DOCUME~1\AJ\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\DOCUME~1\AJ\LOCALS~1\Temp\Temporary Directory 1 for typeteller2006_0145_setup.zip\TypeTeller 2006\typeteller.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\Research in Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\AJ\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\neroph~1\data\xtras\mssysmgr.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [RIMDeviceManager] "c:\program files\common files\research in motion\rimdevicemanager\RIMDeviceManager.exe" -RunServer
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 944\memcard.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NWEReboot]
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_03\bin\jusched.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\tbmon.exe"
mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [CTFMon] c:\windows\system32\ctf\ctfmon.exe
mRun: [pcmn451.exe] c:\program files\pcs-451\fkl\pcmn451.exe
mRun: [typeteller] c:\docume~1\aj\locals~1\temp\temporary directory 1 for typeteller2006_0145_setup.zip\typeteller 2006\typeteller.exe
mRun: [TFMCM] "c:\documents and settings\all users\_qbothome\_qbotinj.exe" "c:\documents and settings\all users\_qbothome\_qbot.dll" /c c:\progra~1\mi8572~1\mcm.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ICS]
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://vpn.compucom.com/vdesk/terminal/urxvpn.cab#version=6020,2007,1213,2012
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://vpn.compucom.com/vdesk/terminal/InstallerControl.cab#version=6020,2007,1213,2012
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://vpn.compucom.com/vdesk/terminal/urTermProxy.cab#version=6020,2007,1213,2004
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - hxxp://www.charter.net/files/charter/securitysuite/fscax.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vpn.compucom.com/vdesk/terminal/urxshost.cab#version=6020,2007,1213,2008
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://vpn.compucom.com/vdesk/terminal/urxhost.cab#version=6020,2007,1213,2007
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\aj\applic~1\mozilla\firefox\profiles\3tayxxmb.default\
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

============= SERVICES / DRIVERS ===============

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-11-8 59904]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2007-11-8 102463]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\mcshield.exe [2007-1-18 221191]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\vstskmgr.exe [2007-1-18 29184]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2007-11-8 117024]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\urvpndrv.sys [2004-9-1 27008]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2006-11-23 10752]
S3 WOEM_3_2a;WinPcap Packet Driver (WOEM_3_2a);c:\windows\system32\drivers\woem_3_2a.sys --> c:\windows\system32\drivers\WOEM_3_2a.sys [?]

=============== Created Last 30 ================

2009-02-10 22:45 724,992 a------- c:\windows\iun6002.exe
2009-02-10 22:45 <DIR> --d----- C:\spywarebegone
2009-02-10 22:45 170 a------- c:\windows\spywarebegone-fullversion-installed.html
2009-02-10 17:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ICS
2009-01-24 12:49 63 a------- c:\windows\mdm.ini

==================== Find3M ====================

2009-02-13 17:05 256 a------- c:\documents and settings\aj\pool.bin
2009-01-26 22:16 31,698 a------- c:\docume~1\aj\applic~1\wklnhst.dat
2009-01-24 12:49 5,058 a------- c:\windows\help\hhcolreg.dat
2008-12-12 12:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-03-30 07:12 84,608 a------- c:\docume~1\aj\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 17:08:02.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:35 AM

Posted 17 February 2009 - 08:21 PM

hi,

Your log is several days old. If you still need help, simply reply to my post.

How Can I Reduce My Risk to Malware?


#3 gt66stang

gt66stang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 18 February 2009 - 10:34 AM

heck ya man I still need help, I was just waiting for a reply to my post. Yeah my computer is still slow and when I want to connect to this website, it gives me a DNS error, but other website I can connect fine. Also like Free-av.com and other free anti-spyware software it gives me a dns error.

Thanks

#4 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:35 AM

Posted 18 February 2009 - 05:21 PM

ok we will start with MBAM. Link and directions below:

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop:

http://www.malwarebytes.org/mbam.php

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click **Remove Selected.**
*A restart may be required to finish the clean up process*
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

please post the MBAM log in reply

How Can I Reduce My Risk to Malware?


#5 gt66stang

gt66stang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 20 February 2009 - 06:01 PM

I've installed the Malwarebytes software, but for some reason it isn't letting me run the program. Please help.....

#6 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:35 AM

Posted 21 February 2009 - 09:07 AM

ok skip MBAM for now. We will get another download to use first. Its called combofix. There is a guide to read first. Read through the guide, download combofix and save it to your desktop.
Disable any AV or anti-malware as explained in the guide, doubleclick the combofix icon and follow the prompts. Post the combofix log.
After you are finsihed with combofix try using MBAM again after updating it first. Do a full scan and post the MBAM log also.

the guide:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

How Can I Reduce My Risk to Malware?


#7 gt66stang

gt66stang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 23 February 2009 - 07:06 PM

Well I don't know what is going on, but I can't execute that file either. I'm having a hard time executing some files here that is directly related to malware

boy do I need help guys

#8 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:35 AM

Posted 23 February 2009 - 08:39 PM

lets try running MBAM in safe mode. But first you can get the latest def. files here:
http://www.gt500.org/malwarebytes/database.jsp

download the exe and install this will update MBAM. Dont scan yet:

Boot your computer into safe mode. To reach safe mode you would tap the f8 key during a computer restart. chose the first option from the list: safe mode.
Once at the safe mode desktop try launching MBAM and doing a full scan.
If MBAM fails try running combofix in safe mode, by double clicking the icon on the desktop.

How Can I Reduce My Risk to Malware?


#9 gt66stang

gt66stang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 26 February 2009 - 08:22 AM

Man my computer is becoming lifeless. I booted to safe mode and tried both and no go, I looked in the task manager to see if the process would pop up and it does for a second and then disappear. Once again my laptop won't let me connect to this website using both IE 7 and FireFox 3. I was able to execute ad-ware free last night, do you want the export report from that? I don't get why it won't execute either one of those programs.

#10 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:35 AM

Posted 26 February 2009 - 10:30 PM

i guess getting ad aware to run is better than nothing. Yes you can post the log from it. you can try this also;
go to start>run and type in combofix /u
click ok or enter
Note: there is a space after the x and before the /

Get a new copy of combofix from one of the links below. But this time before you save it to your desktop: rename it to scanner, then save it to your desktop. see if it launches then.

http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

How Can I Reduce My Risk to Malware?


#11 gt66stang

gt66stang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 27 February 2009 - 10:37 AM

Logfile created: 2/25/2009 23:22:8
Lavasoft Ad-Aware version: 8.0
Extended engine version: 8.1
User performing scan: AJ

*********************** Definitions database information ***********************
Lavasoft definition file: 144.0
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 117012
Objects detected: 8


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 8
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0



Skipped items:
Description: C:\WINDOWS\system32\xvid-uninstall.exe Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\LIIOSIXD\vbzlib1.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0

Quarantined items:
Description: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP812\A0099875.sys Family Name: FakeAlert Clean status: Success Item ID: 112456 Family ID: 352
Description: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP818\A0099876.sys Family Name: FakeAlert Clean status: Success Item ID: 112456 Family ID: 352
Description: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP818\A0099877.sys Family Name: FakeAlert Clean status: Success Item ID: 112456 Family ID: 352
Description: C:\WINDOWS\system32\drivers\wufnommc.sys Family Name: FakeAlert Clean status: Success Item ID: 112456 Family ID: 352
Description: C:\WINDOWS\system32\drivers\xjofjf.sys Family Name: FakeAlert Clean status: Success Item ID: 112456 Family ID: 352
Description: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP782\A0092547.dll Family Name: Win32.Monitor.SpectorPro Clean status: Success Item ID: 394273 Family ID: 3804

Scan and cleaning complete: Finished correctly after 2015 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value: C:\
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Wed Feb 25 23:12:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Feb 25 23:12:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant


****************************** System information ******************************
Computer name: AJ2005
Processor name: Intel® Pentium® M processor 1.86GHz
Processor identifier: x86 Family 6 Model 13 Stepping 8
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3336, number of processors 1
Physical memory available: 424419328 bytes
Physical memory total: 1064693760 bytes
Virtual memory available: 2046656512 bytes
Virtual memory total: 2147352576 bytes
Memory load: 60%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 872 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 924 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 956 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1000 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1012 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1160 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1260 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1296 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1336 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1452 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1636 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1760 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1828 name: C:\WINDOWS\system32\brsvc01a.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1844 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1856 name: C:\WINDOWS\system32\brss01a.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1988 name: C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2016 name: C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe owner: SYSTEM domain: NT AUTHORITY
PID: 188 name: C:\WINDOWS\eHome\ehRecvr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 228 name: C:\WINDOWS\eHome\ehSched.exe owner: SYSTEM domain: NT AUTHORITY
PID: 288 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 372 name: C:\Program Files\Network Associates\Common Framework\FrameworkService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 544 name: C:\Program Files\Network Associates\VirusScan\mcshield.exe owner: SYSTEM domain: NT AUTHORITY
PID: 572 name: C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 588 name: C:\Program Files\Network Associates\VirusScan\vstskmgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 660 name: C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe owner: SYSTEM domain: NT AUTHORITY
PID: 512 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 840 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1212 name: C:\WINDOWS\ehome\mcrdsvc.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1324 name: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2520 name: C:\WINDOWS\system32\dllhost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2676 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2688 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2916 name: C:\WINDOWS\Explorer.EXE owner: AJ domain: AJ2005
PID: 3180 name: C:\WINDOWS\ehome\ehtray.exe owner: AJ domain: AJ2005
PID: 3188 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: AJ domain: AJ2005
PID: 3196 name: C:\Program Files\Dell\Media Experience\DMXLauncher.exe owner: AJ domain: AJ2005
PID: 3204 name: C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe owner: AJ domain: AJ2005
PID: 3212 name: C:\WINDOWS\system32\Rundll32.exe owner: AJ domain: AJ2005
PID: 3244 name: C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe owner: AJ domain: AJ2005
PID: 3252 name: C:\Program Files\Dell Photo AIO Printer 944\memcard.exe owner: AJ domain: AJ2005
PID: 3260 name: C:\Program Files\QuickTime\QTTask.exe owner: AJ domain: AJ2005
PID: 3372 name: C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE owner: AJ domain: AJ2005
PID: 3456 name: C:\DOCUME~1\AJ\LOCALS~1\Temp\clclean.0001 owner: AJ domain: AJ2005
PID: 3492 name: C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe owner: AJ domain: AJ2005
PID: 3732 name: C:\WINDOWS\system32\dlcdcoms.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3844 name: C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe owner: AJ domain: AJ2005
PID: 3892 name: C:\WINDOWS\system32\hkcmd.exe owner: AJ domain: AJ2005
PID: 3912 name: C:\WINDOWS\eHome\ehmsas.exe owner: AJ domain: AJ2005
PID: 4028 name: C:\WINDOWS\system32\igfxpers.exe owner: AJ domain: AJ2005
PID: 4084 name: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe owner: AJ domain: AJ2005
PID: 4092 name: C:\Program Files\Pure Networks\Network Magic\nmapp.exe owner: AJ domain: AJ2005
PID: 824 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: AJ domain: AJ2005
PID: 1560 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: AJ domain: AJ2005
PID: 1432 name: C:\Program Files\Messenger\msmsgs.exe owner: AJ domain: AJ2005
PID: 1672 name: C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe owner: AJ domain: AJ2005
PID: 1396 name: C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe owner: AJ domain: AJ2005
PID: 1696 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1912 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: AJ domain: AJ2005
PID: 2108 name: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe owner: AJ domain: AJ2005
PID: 3716 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3524 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
PID: 244 name: C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe owner: AJ domain: AJ2005
PID: 1876 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: AJ domain: AJ2005

Startup items:
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: ehTray
imagepath: C:\WINDOWS\ehome\ehtray.exe
Name: SynTPEnh
imagepath: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Name: DMXLauncher
imagepath: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
Name: CTSysVol
imagepath: C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
Name: MBMon
imagepath: Rundll32 CTMBHA.DLL,MBMon
Name: UpdReg
imagepath: C:\WINDOWS\UpdReg.EXE
Name: ISUSPM Startup
imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
Name: ISUSScheduler
imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Name: dlcdmon.exe
imagepath: "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
Name: MemoryCardManager
imagepath: "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: ShStatEXE
imagepath: "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
Name: McAfeeUpdaterUI
imagepath: "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
Name: Network Associates Error Reporting Service
imagepath: "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: ALG
displayname: Application Layer Gateway Service
Name: AOL ACS
displayname: AOL Connectivity Service
Name: AudioSrv
displayname: Windows Audio
Name: Brother XP spl Service
displayname: BrSplService
Name: Browser
displayname: Computer Browser
Name: COMSysApp
displayname: COM+ System Application
Name: Creative Labs Licensing Service
displayname: Creative Labs Licensing Service
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: dlcd_device
displayname: dlcd_device
Name: Dnscache
displayname: DNS Client
Name: ehRecvr
displayname: Media Center Receiver Service
Name: ehSched
displayname: Media Center Scheduler Service
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: helpsvc
displayname: Help and Support
Name: HTTPFilter
displayname: HTTP SSL
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: McAfeeFramework
displayname: McAfee Framework Service
Name: McrdSvc
displayname: Media Center Extender Service
Name: McTaskManager
displayname: Network Associates Task Manager
Name: Netman
displayname: Network Connections
Name: NICCONFIGSVC
displayname: NICCONFIGSVC
Name: Nla
displayname: Network Location Awareness (NLA)
Name: nmservice
displayname: Pure Networks Platform Service
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RemoteRegistry
displayname: Remote Registry
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: w32time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wuauserv
displayname: Automatic Updates
Name: WudfSvc
displayname: Windows Driver Foundation - User-mode Driver Framework

#12 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:35 AM

Posted 27 February 2009 - 05:36 PM

hi,

iam not familiar with ad aware logs. It looks like ad aware did remove some malware. This dosnt mean you dont still have a malware problem though. Where you able to rename combofix and run it?

How Can I Reduce My Risk to Malware?


#13 gt66stang

gt66stang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 27 February 2009 - 06:53 PM

Yes I renamed malwarebytes and combo fix and they work great, here is the post
malwarebytes first

Malwarebytes' Anti-Malware 1.34
Database version: 1793
Windows 5.1.2600 Service Pack 3

2/27/2009 5:54:52 PM
mbam-log-2009-02-27 (17-54-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 190603
Time elapsed: 53 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 35

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\AJ\Local Settings\Temp\UAC3017.tmp (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\UACaqjoobrx.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\UACdajiigtu.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\UACwosrqhyl.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\drivers\UACruypywsw.sys (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\homepage.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo1.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo2.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo3.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo4.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo5.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo6.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promogif1.gif (Malware.Trace) -> No action taken.
C:\WINDOWS\promogif2.gif (Malware.Trace) -> No action taken.
C:\WINDOWS\promogif3.gif (Malware.Trace) -> No action taken.
C:\WINDOWS\licencia.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\textos.txt (Malware.Trace) -> No action taken.
C:\Documents and Settings\AJ\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\AJ\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\AJ\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\AJ\My Documents\My Documents.url (Trojan.Zlob) -> No action taken.
C:\WINDOWS\system32\pharma.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\other.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\finance.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\adult.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\lt.res (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> No action taken.
C:\WINDOWS\index.html (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\AJ\Favorites\Online Security Test.url (Rogue.Link) -> No action taken.
C:\WINDOWS\system32\UACiugyxwgk.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\UACklrqjibb.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\UACrsklsxmy.log (Trojan.Agent) -> No action taken.


Here is Combofix

ComboFix 09-02-27.02 - AJ 2009-02-27 18:30:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.470 [GMT -5:00]
Running from: c:\documents and settings\AJ\Desktop\scanner.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\mainms.vpi
c:\windows\megavid.cdt
c:\windows\muotr.so
c:\windows\system32\bszip.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 )))))))))))))))))))))))))))))))
.

2009-02-27 16:58 . 2009-02-27 16:58 <DIR> d-------- c:\documents and settings\AJ\Application Data\Malwarebytes
2009-02-26 10:33 . 2009-02-26 10:33 <DIR> d-------- c:\program files\Common Files\supportsoft
2009-02-26 10:32 . 2007-07-30 14:44 3,518,464 --a------ c:\windows\system32\cdintf300.dll
2009-02-26 10:32 . 2007-06-28 14:09 1,843,200 --a------ c:\windows\system32\acXMLParser.dll
2009-02-26 10:23 . 2009-02-26 10:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2009-02-26 10:23 . 2009-02-26 10:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\COMMON FILES
2009-02-26 10:23 . 2009-02-26 10:32 95 --a------ c:\windows\QBChanUtil_Trigger.ini
2009-02-26 01:42 . 2009-02-27 17:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-26 01:42 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-26 01:42 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-26 00:37 . 2009-02-26 00:37 <DIR> d-------- c:\program files\Avira
2009-02-26 00:37 . 2009-02-26 00:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-02-26 00:23 . 2009-02-26 00:23 23,142 --a------ c:\windows\system32\AAWService_2009_02_26_00_23_52.dmp
2009-02-25 23:10 . 2009-02-25 23:10 <DIR> d-------- c:\program files\Lavasoft
2009-02-25 23:10 . 2009-02-27 18:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-25 22:10 . 2009-02-26 00:27 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-25 22:10 . 2009-02-26 00:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-25 21:38 . 2009-02-25 21:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-25 21:37 . 2009-02-25 21:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2009-02-25 19:00 . 2009-02-25 19:00 <DIR> d-------- C:\685b0c4a8ed3e53429
2009-02-24 17:52 . 2009-01-09 14:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 13:24 . 2009-02-24 13:24 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-24 13:24 . 2009-02-24 13:24 1,409 --a------ c:\windows\QTFont.for
2009-02-23 20:33 . 2009-02-23 20:34 <DIR> d-------- C:\ea50cb5c99ec19b598e110
2009-02-20 21:37 . 2009-02-20 21:37 <DIR> d-------- c:\program files\Apple Software Update
2009-02-20 21:37 . 2009-02-20 21:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-02-20 19:35 . 2009-02-20 19:35 <DIR> d-------- c:\program files\Common Files\AnswerWorks 4.0
2009-02-20 17:20 . 2009-02-20 17:20 <DIR> d-------- c:\program files\Alwil Software
2009-02-19 15:30 . 2009-02-19 15:30 4,128 --a------ C:\INFCACHE.1
2009-02-16 17:10 . 2009-02-23 18:38 36,928 --a------ c:\windows\system32\drivers\pssdk41.sys
2009-02-15 20:30 . 2009-02-15 20:31 784 ---hs---- c:\windows\system\actualspystart.lnk
2009-02-14 13:19 . 2009-02-14 13:19 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-13 23:41 . 2009-02-14 13:19 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-13 21:26 . 2009-02-13 21:26 <DIR> d-------- c:\program files\AVG
2009-02-10 22:45 . 2009-02-10 22:45 724,992 --a------ c:\windows\iun6002.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-02-26 15:27 --------- d-----w c:\program files\Common Files\Intuit
2009-02-26 03:13 --------- d-----w c:\program files\WinAce
2009-02-26 00:00 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 00:07 --------- d-----w c:\program files\Dl_cats
2009-02-23 23:35 --------- d-----w c:\program files\Roxio
2009-02-23 23:35 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-02-23 23:35 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-02-23 23:31 --------- d-----w c:\program files\Common Files\Research in Motion
2009-02-21 23:51 --------- d-----w c:\program files\MySpace
2009-02-21 23:37 256 ----a-w c:\documents and settings\AJ\pool.bin
2009-02-21 02:38 --------- d-----w c:\documents and settings\AJ\Application Data\Apple Computer
2009-02-21 00:21 --------- d-----w c:\program files\Brownie
2009-02-21 00:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-20 22:02 --------- d-----w c:\program files\Common Files\Adobe
2009-02-20 03:49 31,698 ----a-w c:\documents and settings\AJ\Application Data\wklnhst.dat
2009-02-18 07:25 --------- d-----w c:\documents and settings\AJ\Application Data\Ahead
2009-02-14 18:19 --------- d-----w c:\program files\Java
2009-02-12 03:33 --------- d-----w c:\program files\Google
2009-02-02 04:39 --------- d-----w c:\program files\Incomplete
2009-02-02 04:38 --------- d-----w c:\program files\LimeWire
2009-01-27 02:59 --------- d--h--w c:\documents and settings\AJ\Application Data\Move Networks
2008-03-30 12:12 84,608 ----a-w c:\documents and settings\AJ\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-07 290816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 98304]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2006-02-24 73728]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-09-14 648488]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-09-14 705832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-14 148888]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"MBMon"="CTMBHA.DLL" [2006-03-03 c:\windows\system32\CTMBHA.DLL]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2001-06-25 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-12-09 984352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv50"= c:\windows\ir50_32.dll
"vidc.mpg4"= c:\windows\mpg4c32.dll
"vidc.mpg2"= c:\windows\mpg4c32.dll
"vidc.mpg3"= c:\windows\mpg4c32.dll
"vidc.MJPG"= c:\windows\m3jpeg32.dll
"vidc.dmb1"= c:\windows\m3jpeg32.dll
"vidc.GEOX"= c:\windows\GeoCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-11-08 59904]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\urvpndrv.sys [2004-09-01 27008]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2006-11-23 10752]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-02-16 36928]
S3 WOEM_3_2a;WinPcap Packet Driver (WOEM_3_2a);c:\windows\system32\drivers\WOEM_3_2a.sys --> c:\windows\system32\drivers\WOEM_3_2a.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e18d04e0-0003-11dd-816a-00038a000015}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - e:\resycled\boot.com e:
.
Contents of the 'Scheduled Tasks' folder

2009-02-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-26 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe []

2009-02-26 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot []

2009-02-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe []

2009-02-21 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-PhotoShow Deluxe Media Manager - c:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe
HKLM-Run-CTFMon - c:\windows\system32\CTF\ctfmon.exe
HKLM-Run-pcmn451.exe - c:\program files\PCS-451\Fkl\pcmn451.exe
Notify-Event Agent - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\AJ\Application Data\Mozilla\Firefox\Profiles\3tayxxmb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 18:36:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1229115304-1040851673-3272932634-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1265F089-B484-FD18-621E-40057454569A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hahkbdljnkhfadcd"=hex:6d,61,65,6b,61,69,70,65,62,69,69,68,6b,6a,6f,70,63,6e,
61,6c,70,6c,70,6b,6c,63,00,00
"jagkkdjjiabebkjfgodo"=hex:64,62,6d,6b,69,64,64,63,6b,68,6a,69,6e,62,62,65,69,
6a,6a,6d,70,70,6a,64,67,6b,6c,6b,63,6c,6d,6e,66,6a,70,6a,65,6a,61,6d,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1012)
c:\windows\system32\EntApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BRSS01A.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\mcshield.exe
c:\program files\Network Associates\VirusScan\vstskmgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\docume~1\AJ\LOCALS~1\temp\clclean.0001
c:\windows\system32\dlcdcoms.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-02-27 18:41:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-27 23:40:29

Pre-Run: 10,069,041,152 bytes free
Post-Run: 10,229,420,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut

263 --- E O F --- 2009-02-26 00:00:26


Let me know what else I need to add.

Thanks for the help

#14 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:35 AM

Posted 27 February 2009 - 07:51 PM

ok good. You rebooted after running malwarebytes?

* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click **Remove Selected.**
*A restart may be required to finish the clean up process*
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

please post the MBAM log in reply

How Can I Reduce My Risk to Malware?


#15 gt66stang

gt66stang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 03 March 2009 - 09:33 PM

Thanks for all the help, it is all clean and working pretty smoothe

Malwarebytes' Anti-Malware 1.34
Database version: 1815
Windows 5.1.2600 Service Pack 3

3/3/2009 9:31:30 PM
mbam-log-2009-03-03 (21-31-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 211438
Time elapsed: 1 hour(s), 0 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users