AJ_CHICAGO

Thank you for the explanation of CTFMON. I should have realized that. It is all gone! MBAM running in safe mode cleared it up and it did not hang in safe mode. Thanks all.

Well, I stayed away from the SYSTEM 32 stuff and the .exe files and whittled it all down to those then ran MBAM from safe mode and it cleaned it all up! But, it nailed CTFMON.EXE for the three Windows accounts on this computer and I know that to be a good file from Microsoft. Am I gonna miss it?

Malwarebytes' Anti-Malware 1.12 Database version: 794 Scan type: Quick Scan Objects scanned: 60393 Time elapsed: 16 minute(s), 42 second(s) Memory Processes Infected: 1 Memory Modules Infected: 1 Registry Keys Infected: 28 Registry Values Infected: 10 Registry Data Items Infected: 0 Folders Infected: 12 Files Infected: 25 Memory Processes Infected: C:\Documents and Settings\Andy\cftmon.exe (Trojan.Agent) -> No action taken. Memory Modules Infected: C:\WINDOWS\SYSTEM32\nvrsma.dll (Trojan.Agent) -> No action taken. Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenUSave) -> No action taken. HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenUSave) -> No action taken. HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenUSave) -> No action taken. HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenUSave) -> No action taken. HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenUSave) -> No action taken. HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenUSave) -> No action taken. HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenUSave) -> No action taken. HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenUSave) -> No action taken. HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenUSave) -> No action taken. HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenUSave) -> No action taken. HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenUSave) -> No action taken. HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenUSave) -> No action taken. HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenUSave) -> No action taken. HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenUSave) -> No action taken. HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenUSave) -> No action taken. HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenUSave) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\AXPFixer (Rogue.AdvancedXPFixer) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Andy\Application Data\AXPFixer (Rogue.AdvancedXPFixer) -> No action taken. C:\Documents and Settings\Andy\Application Data\AXPFixer\AXPFixer (Rogue.AdvancedXPFixer) -> No action taken. C:\Documents and Settings\Andy\Application Data\AXPFixer\AXPFixer\Quarantine (Rogue.AdvancedXPFixer) -> No action taken. C:\Documents and Settings\Andy\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun (Rogue.AdvancedXPFixer) -> No action taken. C:\Documents and Settings\Andy\Application Data\AXPFixer\AXPFixer\Quarantine\BrowserObjects (Rogue.AdvancedXPFixer) -> No action taken. C:\Documents and Settings\Andy\Application Data\AXPFixer\AXPFixer\Quarantine\Packages (Rogue.AdvancedXPFixer) -> No action taken. C:\Documents and Settings\Andy\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU (Rogue.AdvancedXPFixer) -> No action taken. C:\Documents and Settings\Andy\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM (Rogue.AdvancedXPFixer) -> No action taken. C:\Documents and Settings\Andy\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPFixer) -> No action taken. C:\Documents and Settings\Andy\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPFixer) -> No action taken. C:\Documents and Settings\Andy\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPFixer) -> No action taken. C:\Documents and Settings\Andy\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPFixer) -> No action taken. Files Infected: C:\WINDOWS\SYSTEM32\blackster.scr (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\ctfmonb.bmp (Malware.Trace) -> No action taken. C:\WINDOWS\SYSTEM32\ide21201.vxd (Adware.Winad) -> No action taken. C:\qkokqf.exe (Proxy.Ranky) -> No action taken. C:\Documents and Settings\Andy\Local Settings\Temp\.tt7D.tmp (Rogue.AdvancedXPFixer) -> No action taken. C:\Documents and Settings\Andy\Local Settings\Temp\cjvmwwxi.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\nvrsma.dll (Trojan.Agent) -> No action taken. C:\Documents and Settings\Andy\cftmon.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\DRIVERS\spools.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\~.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\ntpl.bin (Trojan.Agent) -> No action taken. C:\WINDOWS\SYSTEM32\kr_done1 (Malware.Trace) -> No action taken. C:\Documents and Settings\Andy\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Andy\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Andy\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Andy\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Andy\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Andy\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Andy\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Andy\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Andy\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Andy\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\LocalService\cftmon.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\Kelly\cftmon.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\Bonnie\cftmon.exe (Trojan.Agent) -> No action taken.

The log is blank, no items listed, right after the quick scan.

I just downloaded MBAM to remove the ADVANCED XP FIXER. It scanned fine and presented me with checkmarked results. It found many more items than just the ADVANCED XP FIXER malware. When I tried to proceed with fixing them MBAM just hangs and I can't even force it out of the system. Must reboot and it never finishes fixing anything. Any suggestions? AJ