Hi, Boopme. Thank you for taking the time to help me. Here are my MBAM and MBR logs. (FYI, during my first mbam scan the comp shutdown; BS o'Death, but it worked the second time)
Malwarebytes' Anti-Malware 1.44
Database version: 3691
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
2/4/2010 8:24:07 PM
mbam-log-2010-02-04 (20-23-24).txt
Scan type: Quick Scan
Objects scanned: 144187
Time elapsed: 20 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntispyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntispyware) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\HelpAssistant.MARCUSAR-38F8CE.001\Start Menu\Programs\Your PC Protector (Rogue.YourPCProtector) -> No action taken.
Files Infected:
C:\Documents and Settings\HelpAssistant.MARCUSAR-38F8CE.001\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk (Rogue.YourPCProtector) -> No action taken.
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
kernel: MBR read successfully
copy of MBR has been found in sector 0x06FBC03D
malicious code @ sector 0x06FBC040 !
PE file found in sector at 0x06FBC056 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
kernel: MBR read successfully
copy of MBR has been found in sector 0x06FBC03D
malicious code @ sector 0x06FBC040 !
PE file found in sector at 0x06FBC056 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
Some more info: Whatever I'm infected with keeps adding more crap to my comp; yesterday I did some scans and found "sdra64.exe".... I got rid of it, but... I'm wondering how I keep getting new malware when I'm not surfing anymore... I keep getting infected with different nasties... whatever I have has opened a door, a very wide door apparently, because Hitman, Mbam, winpatrol, HJT, etc., kept finding new baddies each day...I did the scans and cleaned, rescanned and thought I was ok, then new stuff kept showing up.. I'm wondering if there's ONE bad guy (rootkit?) that keeps me wide open to new infections... Oh, something else I just remembered: I copied "atapi.sys" from my I386 folder to replace the one in sys32 drivers folder; this was a "fix" I had read about. My atapi.sys was "suspiciously modified" as I stated in my initial post, and when I checked the file it was indeed modified on Jan 18 2010 (original was 2004).. not sure if you need any of this info, just wanted to let you know..
And something else: I connect to the internet with a Netgear USB wireless adaptor; the router I have hooked up to my family's computer upstairs... I set up the router for them, but there's no security on it (they're using WindowsME and the CD that came with the router is not compatible with ME, but the router could still (obviously) be hooked up.. this was the advice the guys at Radio Shack (yeah i know...) gave me, so... how can I secure BOTH our computers??
thanks again for your help.
Edited by Marcusartist, 04 February 2010 - 11:13 PM.