kevint

Hi everyone. My computer just keep crashing every 5 mins or so. It showed up the blue screen that dumping memory and also got malware too. It keep redirect me to somewhere whenever i click on the search link. I downloaded malwarebytes, installed it and updated and ran quick scan after installed. But somehow my computer crash with blue screen. After it restarted i try to run malware again but it show running error 0 then running error 440. Since then my computer keep crashing every 5 mins. What should i do now ? any helps appreciate. Thanks

i ran a complete full scan but couldn't find any infection ? what should i do, please help

i think my little sister's computer got infected by this malware. It won't lets me run malwarebytes. I have to run in safe mode and uncheck use proxy server in internet explore then run malwarebytes. Will i able to remove it completely in safe mode.

here is the log after run combofix again ComboFix 10-02-20.01 - Theresa 02/20/2010 10:50:25.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.474 [GMT -8:00] Running from: c:\documents and settings\Theresa\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\NPROTECT\00181449. c:\recycler\NPROTECT\00182366.DAT c:\recycler\NPROTECT\00182367.DAT c:\recycler\NPROTECT\00182368 c:\recycler\NPROTECT\00182369 c:\recycler\NPROTECT\00182370 c:\recycler\NPROTECT\00182371 c:\recycler\NPROTECT\00182373 c:\recycler\NPROTECT\00182375 c:\recycler\NPROTECT\00182376 c:\recycler\NPROTECT\00182378 c:\recycler\NPROTECT\00182380.DAT c:\recycler\NPROTECT\00182381 c:\recycler\NPROTECT\00182382 c:\recycler\NPROTECT\00182383 c:\recycler\NPROTECT\00182384 c:\recycler\NPROTECT\00182386 c:\recycler\NPROTECT\00182387.DAT c:\recycler\NPROTECT\00182388 c:\recycler\NPROTECT\00182389 c:\recycler\NPROTECT\00182390 c:\recycler\NPROTECT\00182391 c:\recycler\NPROTECT\00182392.DAT c:\recycler\NPROTECT\00182393 c:\recycler\NPROTECT\00182394 c:\recycler\NPROTECT\00182395 c:\recycler\NPROTECT\00182396 c:\recycler\NPROTECT\00182397 c:\recycler\NPROTECT\00182398 c:\recycler\NPROTECT\00182399 c:\recycler\NPROTECT\00182400 c:\recycler\NPROTECT\00182401 c:\recycler\NPROTECT\00182402 c:\recycler\NPROTECT\00182403 c:\recycler\NPROTECT\00182404 c:\recycler\NPROTECT\00182405.dat c:\recycler\NPROTECT\00182406 c:\recycler\NPROTECT\00182407 c:\recycler\NPROTECT\00182410 c:\recycler\NPROTECT\00182411 c:\recycler\NPROTECT\00182412 c:\recycler\NPROTECT\00182414 c:\recycler\NPROTECT\00182415 c:\recycler\NPROTECT\00182417 c:\recycler\NPROTECT\00182418 c:\recycler\NPROTECT\00182419 c:\recycler\NPROTECT\00182420 c:\recycler\NPROTECT\00182421 c:\recycler\NPROTECT\00182422 c:\recycler\NPROTECT\00182423 c:\recycler\NPROTECT\00182424 c:\recycler\NPROTECT\00182425 c:\recycler\NPROTECT\00182426 c:\recycler\NPROTECT\00182428 c:\recycler\NPROTECT\00182429 c:\recycler\NPROTECT\00182430 c:\recycler\NPROTECT\00182431 c:\recycler\NPROTECT\00182432 c:\recycler\NPROTECT\00182435 c:\recycler\NPROTECT\00182436 c:\recycler\NPROTECT\00182437 c:\recycler\NPROTECT\00182438 c:\recycler\NPROTECT\00182440 c:\recycler\NPROTECT\00182441 c:\recycler\NPROTECT\00182442 c:\recycler\NPROTECT\00182444 c:\recycler\NPROTECT\00182445 c:\recycler\NPROTECT\00182446 c:\recycler\NPROTECT\00182447 c:\recycler\NPROTECT\00182448.DB~ c:\recycler\NPROTECT\00182449.edb c:\recycler\NPROTECT\00182450 c:\recycler\NPROTECT\00182451 c:\recycler\NPROTECT\00182452 c:\recycler\NPROTECT\00182453 c:\recycler\NPROTECT\00182454 c:\recycler\NPROTECT\00182455 c:\recycler\NPROTECT\00182456 c:\recycler\NPROTECT\00182458 c:\recycler\NPROTECT\00182459 c:\recycler\NPROTECT\00182461 c:\recycler\NPROTECT\00182462 c:\recycler\NPROTECT\00182464 c:\recycler\NPROTECT\00182465 c:\recycler\NPROTECT\00182466 c:\recycler\NPROTECT\00182467 c:\recycler\NPROTECT\00182468 c:\recycler\NPROTECT\00182470 c:\recycler\NPROTECT\00182471 c:\recycler\NPROTECT\00182472 c:\recycler\NPROTECT\00182473 c:\recycler\NPROTECT\00182475 c:\recycler\NPROTECT\00182476 c:\recycler\NPROTECT\00182477 c:\recycler\NPROTECT\00182478 c:\recycler\NPROTECT\00182479 c:\recycler\NPROTECT\00182480 c:\recycler\NPROTECT\00182481 c:\recycler\NPROTECT\00182482 c:\recycler\NPROTECT\00182483 c:\recycler\NPROTECT\00182484 c:\recycler\NPROTECT\00182485 c:\recycler\NPROTECT\00182486 c:\recycler\NPROTECT\00182487 c:\recycler\NPROTECT\00182491 c:\recycler\NPROTECT\00182492.dat c:\recycler\NPROTECT\00182493.dat c:\recycler\NPROTECT\00182495 c:\recycler\NPROTECT\00182496 c:\recycler\NPROTECT\00182497 c:\recycler\NPROTECT\00182498 c:\recycler\NPROTECT\00182499 c:\recycler\NPROTECT\00182500 c:\recycler\NPROTECT\00182501 c:\recycler\NPROTECT\00182503 c:\recycler\NPROTECT\00182505.dat c:\recycler\NPROTECT\00182507 c:\recycler\NPROTECT\00182508.bat c:\recycler\NPROTECT\00182509 c:\recycler\NPROTECT\00182510 c:\recycler\NPROTECT\00182512 c:\recycler\NPROTECT\00182514 c:\recycler\NPROTECT\00182515 c:\recycler\NPROTECT\00182518 c:\recycler\NPROTECT\00182519 c:\recycler\NPROTECT\00182520 c:\recycler\NPROTECT\00182521 c:\recycler\NPROTECT\00182523 c:\recycler\NPROTECT\00182524 c:\recycler\NPROTECT\00182525 c:\recycler\NPROTECT\00182526 c:\recycler\NPROTECT\00182527 c:\recycler\NPROTECT\00182528 c:\recycler\NPROTECT\00182529 c:\recycler\NPROTECT\00182530 c:\recycler\NPROTECT\00182531 c:\recycler\NPROTECT\00182532 c:\recycler\NPROTECT\00182533 c:\recycler\NPROTECT\00182534 c:\recycler\NPROTECT\00182535 c:\recycler\NPROTECT\00182536 c:\recycler\NPROTECT\00182537 c:\recycler\NPROTECT\00182538 c:\recycler\NPROTECT\00182539 c:\recycler\NPROTECT\00182540 c:\recycler\NPROTECT\00182541 c:\recycler\NPROTECT\00182542 c:\recycler\NPROTECT\00182543 c:\recycler\NPROTECT\00182544 c:\recycler\NPROTECT\00182545 c:\recycler\NPROTECT\00182546 c:\recycler\NPROTECT\00182547 c:\recycler\NPROTECT\00182548 c:\recycler\NPROTECT\00182549 c:\recycler\NPROTECT\00182551 c:\recycler\NPROTECT\00182552 c:\recycler\NPROTECT\00182555 c:\recycler\NPROTECT\00182558 c:\recycler\NPROTECT\00182559 c:\recycler\NPROTECT\00182560 c:\recycler\NPROTECT\00182561 c:\recycler\NPROTECT\00182562 c:\recycler\NPROTECT\00182563.dat c:\recycler\NPROTECT\00182564 c:\recycler\NPROTECT\00182565.bad c:\recycler\NPROTECT\00182566 c:\recycler\NPROTECT\00182567 c:\recycler\NPROTECT\00182568 c:\recycler\NPROTECT\00182569 c:\recycler\NPROTECT\00182570 c:\recycler\NPROTECT\00182576.md5 c:\recycler\NPROTECT\00182585 c:\recycler\NPROTECT\00182586 c:\recycler\NPROTECT\NPROTECT.LOG c:\recycler\NPROTECT . . . . failed to delete . ---- Previous Run ------- . c:\recycler\NPROTECT\00181449. c:\recycler\NPROTECT\00272234.DAT c:\recycler\NPROTECT\00272235.DAT c:\recycler\NPROTECT\00272236 c:\recycler\NPROTECT\00272237 c:\recycler\NPROTECT\00272238 c:\recycler\NPROTECT\00272239 c:\recycler\NPROTECT\00272241 c:\recycler\NPROTECT\00272243 c:\recycler\NPROTECT\00272244 c:\recycler\NPROTECT\00272246 c:\recycler\NPROTECT\00272248.DAT c:\recycler\NPROTECT\00272249 c:\recycler\NPROTECT\00272250 c:\recycler\NPROTECT\00272251 c:\recycler\NPROTECT\00272252 c:\recycler\NPROTECT\00272254 c:\recycler\NPROTECT\00272255.DAT c:\recycler\NPROTECT\00272256 c:\recycler\NPROTECT\00272257 c:\recycler\NPROTECT\00272258 c:\recycler\NPROTECT\00272259 c:\recycler\NPROTECT\00272260.DAT c:\recycler\NPROTECT\00272261 c:\recycler\NPROTECT\00272262 c:\recycler\NPROTECT\00272263 c:\recycler\NPROTECT\00272264 c:\recycler\NPROTECT\00272265 c:\recycler\NPROTECT\00272266 c:\recycler\NPROTECT\00272267 c:\recycler\NPROTECT\00272268 c:\recycler\NPROTECT\00272269 c:\recycler\NPROTECT\00272270 c:\recycler\NPROTECT\00272271 c:\recycler\NPROTECT\00272272 c:\recycler\NPROTECT\00272273.dat c:\recycler\NPROTECT\00272274 c:\recycler\NPROTECT\00272275 c:\recycler\NPROTECT\00272278 c:\recycler\NPROTECT\00272279 c:\recycler\NPROTECT\00272280 c:\recycler\NPROTECT\00272282 c:\recycler\NPROTECT\00272283 c:\recycler\NPROTECT\00272285 c:\recycler\NPROTECT\00272286 c:\recycler\NPROTECT\00272287 c:\recycler\NPROTECT\00272288 c:\recycler\NPROTECT\00272289 c:\recycler\NPROTECT\00272290 c:\recycler\NPROTECT\00272291 c:\recycler\NPROTECT\00272292 c:\recycler\NPROTECT\00272293 c:\recycler\NPROTECT\00272294 c:\recycler\NPROTECT\00272296 c:\recycler\NPROTECT\00272297 c:\recycler\NPROTECT\00272298 c:\recycler\NPROTECT\00272299 c:\recycler\NPROTECT\00272300 c:\recycler\NPROTECT\00272303 c:\recycler\NPROTECT\00272304 c:\recycler\NPROTECT\00272305 c:\recycler\NPROTECT\00272306 c:\recycler\NPROTECT\00272308 c:\recycler\NPROTECT\00272309 c:\recycler\NPROTECT\00272310 c:\recycler\NPROTECT\00272312 c:\recycler\NPROTECT\00272313 c:\recycler\NPROTECT\00272314 c:\recycler\NPROTECT\00272315 c:\recycler\NPROTECT\00272316 c:\recycler\NPROTECT\00272317 c:\recycler\NPROTECT\00272318 c:\recycler\NPROTECT\00272319 c:\recycler\NPROTECT\00272320 c:\recycler\NPROTECT\00272321 c:\recycler\NPROTECT\00272322 c:\recycler\NPROTECT\00272324 c:\recycler\NPROTECT\00272325 c:\recycler\NPROTECT\00272327 c:\recycler\NPROTECT\00272328 c:\recycler\NPROTECT\00272330 c:\recycler\NPROTECT\00272331 c:\recycler\NPROTECT\00272332 c:\recycler\NPROTECT\00272333 c:\recycler\NPROTECT\00272334 c:\recycler\NPROTECT\00272336 c:\recycler\NPROTECT\00272337 c:\recycler\NPROTECT\00272338 c:\recycler\NPROTECT\00272339 c:\recycler\NPROTECT\00272341 c:\recycler\NPROTECT\00272342 c:\recycler\NPROTECT\00272343 c:\recycler\NPROTECT\00272344 c:\recycler\NPROTECT\00272345 c:\recycler\NPROTECT\00272346 c:\recycler\NPROTECT\00272347 c:\recycler\NPROTECT\00272348 c:\recycler\NPROTECT\00272349 c:\recycler\NPROTECT\00272350 c:\recycler\NPROTECT\00272351 c:\recycler\NPROTECT\00272352 c:\recycler\NPROTECT\00272353 c:\recycler\NPROTECT\00272357 c:\recycler\NPROTECT\00272358.dat c:\recycler\NPROTECT\00272359.dat c:\recycler\NPROTECT\00272361 c:\recycler\NPROTECT\00272362 c:\recycler\NPROTECT\00272363 c:\recycler\NPROTECT\00272364 c:\recycler\NPROTECT\00272365 c:\recycler\NPROTECT\00272366 c:\recycler\NPROTECT\00272367 c:\recycler\NPROTECT\00272369 c:\recycler\NPROTECT\00272371.dat c:\recycler\NPROTECT\00272373 c:\recycler\NPROTECT\00272374.bat c:\recycler\NPROTECT\00272375 c:\recycler\NPROTECT\00272376 c:\recycler\NPROTECT\00272378 c:\recycler\NPROTECT\00272380 c:\recycler\NPROTECT\00272381 c:\recycler\NPROTECT\00272384 c:\recycler\NPROTECT\00272385 c:\recycler\NPROTECT\00272386 c:\recycler\NPROTECT\00272387 c:\recycler\NPROTECT\00272389 c:\recycler\NPROTECT\00272390 c:\recycler\NPROTECT\00272391 c:\recycler\NPROTECT\00272392 c:\recycler\NPROTECT\00272393 c:\recycler\NPROTECT\00272394 c:\recycler\NPROTECT\00272395 c:\recycler\NPROTECT\00272396 c:\recycler\NPROTECT\00272397 c:\recycler\NPROTECT\00272398 c:\recycler\NPROTECT\00272399 c:\recycler\NPROTECT\00272400 c:\recycler\NPROTECT\00272401 c:\recycler\NPROTECT\00272402 c:\recycler\NPROTECT\00272403 c:\recycler\NPROTECT\00272404 c:\recycler\NPROTECT\00272405 c:\recycler\NPROTECT\00272406 c:\recycler\NPROTECT\00272407 c:\recycler\NPROTECT\00272408 c:\recycler\NPROTECT\00272409 c:\recycler\NPROTECT\00272410 c:\recycler\NPROTECT\00272411 c:\recycler\NPROTECT\00272412 c:\recycler\NPROTECT\00272413 c:\recycler\NPROTECT\00272414 c:\recycler\NPROTECT\00272415 c:\recycler\NPROTECT\00272417 c:\recycler\NPROTECT\00272418 c:\recycler\NPROTECT\00272421 c:\recycler\NPROTECT\00272424 c:\recycler\NPROTECT\00272425 c:\recycler\NPROTECT\00272426 c:\recycler\NPROTECT\00272427 c:\recycler\NPROTECT\00272428 c:\recycler\NPROTECT\00272429.dat c:\recycler\NPROTECT\00272430 c:\recycler\NPROTECT\00272431.bad c:\recycler\NPROTECT\00272432 c:\recycler\NPROTECT\00272433 c:\recycler\NPROTECT\00272434 c:\recycler\NPROTECT\00272435 c:\recycler\NPROTECT\00272436 c:\recycler\NPROTECT\00272442.md5 c:\recycler\NPROTECT\00272443.DAT c:\recycler\NPROTECT\00272735 c:\recycler\NPROTECT\00272736 c:\recycler\NPROTECT\NPROTECT.LOG . original MBR restored successfully ! . ((((((((((((((((((((((((( Files Created from 2010-01-20 to 2010-02-20 ))))))))))))))))))))))))))))))) . 2010-02-02 16:05 . 2010-02-02 16:05 -------- d-----w- c:\documents and settings\HelpAssistant\UserData 2010-02-02 16:05 . 2010-02-02 16:05 -------- d-----w- c:\documents and settings\HelpAssistant\Shared 2010-02-02 16:03 . 2010-02-02 16:03 -------- d-----w- c:\documents and settings\HelpAssistant\Incomplete 2010-02-01 22:48 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-01 22:48 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-01 22:40 . 2010-02-01 22:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar 2010-02-01 22:40 . 2010-02-01 22:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-02-01 21:46 . 2010-02-01 22:30 -------- d-----w- c:\program files\schtml 2010-02-01 21:41 . 2010-02-01 21:41 36 ----a-w- c:\program files\skynet.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-02 17:15 . 2008-07-12 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2010-02-02 07:03 . 2007-12-18 00:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-02-02 05:52 . 2009-12-14 04:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-31 07:56 . 2008-06-01 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-01-31 07:54 . 2008-06-01 00:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-01-25 12:38 . 2010-02-02 07:03 3777816 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe 2010-01-19 02:54 . 2005-09-24 16:52 -------- d-----w- c:\program files\Pinnacle 2010-01-19 02:51 . 2006-10-25 23:38 -------- d-----w- c:\program files\Kensington 2010-01-04 21:37 . 2006-05-31 17:42 43064 ----a-w- c:\documents and settings\Theresa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2006-06-12 08:33 . 2006-06-12 08:33 397352 ----a-w- c:\program files\msgr75us.exe 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480] "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-02 3587120] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] "ares vista"="c:\program files\Ares Vista\AresVista.exe" [2009-04-23 3042816] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080] "nwiz"="nwiz.exe" [2007-09-17 1626112] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-12 185872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2006-05-16 67264] c:\documents and settings\Theresa\Start Menu\Programs\Startup\ Registration-Studio 8.lnk - c:\program files\Pinnacle\Studio 8\Register\RegTool.exe [2005-9-24 245760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-7-6 692224] PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-8-5 11537920] Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-1-16 151552] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-21 00:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-12 05:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2008-11-18 18:03 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] 2005-08-05 22:08 67160 ----a-w- c:\program files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] 2008-10-21 17:09 50472 ----a-w- c:\program files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2004-08-04 07:56 110592 ------w- c:\windows\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 07:56 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2004-10-27 22:21 61952 ------w- c:\windows\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2004-06-03 08:50 204800 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2006-10-30 17:36 256576 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher] 2007-05-09 06:57 3084288 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-09-17 08:07 8491008 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-09-17 08:07 81920 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-09-17 08:07 1626112 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER] 2005-09-26 02:15 6656 ----atw- c:\program files\Qurb\QSP-3.0.311.7\QOELoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-10-26 02:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2004-12-01 07:54 77824 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] 2005-09-07 22:35 716800 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2005-05-20 01:11 925696 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-11-10 20:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] 2005-09-26 03:30 100056 ----a-w- c:\progra~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-10-12 02:37 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32] 2004-06-03 08:51 172032 ----a-w- c:\program files\Microsoft IntelliType Pro\type32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] 2004-11-11 04:15 111816 ----a-w- c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2006-10-25 05:37 35328 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-19 03:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Ares Vista\\AresVista.exe"= "c:\\Program Files\\Paltalk Messenger\\paltalk.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "2479:TCP"= 2479:TCP:Services "3246:TCP"= 3246:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [7/8/2006 1:00 PM 19507] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/12/2008 1:29 PM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/12/2008 1:29 PM 108552] R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [7/8/2006 1:00 PM 619390] R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [7/8/2006 1:00 PM 423454] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/12/2008 1:29 PM 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/12/2008 1:29 PM 297752] R2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [9/25/2005 6:30 PM 135168] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/5/2009 9:42 PM 24652] S1 sonypvd3;Sony DVD Handycam;c:\windows\system32\drivers\sonypvd3.sys [7/8/2006 1:00 PM 64964] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [10/22/2003 2:27 PM 344800] . Contents of the 'Scheduled Tasks' folder 2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57] 2010-01-30 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job - c:\program files\Common Files\Symantec Shared\NMAIN.EXE [2003-11-10 22:30] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: buy-internet-security10.com Trusted Zone: buy-internetsecurity10.com Trusted Zone: is-soft-download.com Trusted Zone: is-software-download.com Trusted Zone: is-software-download25.com Trusted Zone: buy-internet-security10.com Trusted Zone: buy-internetsecurity10.com TCP: {0D45C3A3-A1EA-42D2-B2EB-E507254C8BEA} = 83.149.115.157,4.2.2.1,192.168.1.1 TCP: {783CA904-CAF9-43A3-9997-53CEDD8FDFDA} = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Theresa\Application Data\Mozilla\Firefox\Profiles\5v8w4uvi.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Theresa\Application Data\Mozilla\Firefox\Profiles\5v8w4uvi.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Panda Security\NanoScan\Plugins\npnanoscan.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-20 10:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x859FB630]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7500fc3 \Driver\ACPI -> 0x859fb630 \Driver\atapi -> atapi.sys @ 0xf73257b4 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0 NDIS: NVIDIA nForce Networking Controller #2 -> SendCompleteHandler -> 0x850a2330 PacketIndicateHandler -> NDIS.sys @ 0xf71feb21 SendHandler -> NDIS.sys @ 0xf71dc87b Warning: possible MBR rootkit infection ! copy of MBR has been found in sector 0x01D1C4581 malicious code @ sector 0x01D1C4584 ! PE file found in sector at 0x01D1C459A ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(564) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\IME\SPGRMR.DLL c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\progra~1\NORTON~1\SPEEDD~1\nopdb.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe . ************************************************************************** . Completion time: 2010-02-20 11:05:24 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-20 19:05 ComboFix2.txt 2010-02-02 05:51 Pre-Run: 129,854,246,912 bytes free Post-Run: 129,686,228,992 bytes free - - End Of File - - 33F7F49844057BD62D48EBA9DF653BD7

I was able to get malwarebytes run after run with combo-fix.exe last night and i scan malewarebytes again before i turn off my computer. But this morning when i turn on my computer and search on google. I got redirect to some websites and my AVG pop up with warning about trojans so i scan with malwarebytes again, after the scan complete i got like 20 objectives infected compare to 25 last night. I still get redirect before i post this thread. Here is the log of 2 days. Please help thanks. Malwarebytes' Anti-Malware 1.44 Database version: 3677 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 2/1/2010 10:56:00 PM mbam-log-2010-02-01 (22-56-00).txt Scan type: Full Scan (C:\|) Objects scanned: 228017 Time elapsed: 1 hour(s), 1 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 31 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\LocalService\Start Menu\Programs\Your PC Protector (Rogue.YourPCProtector) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\dekevimi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fajohiti.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fibideja.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fotuwutu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\juduwuho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yuhasifo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\adc32.dll.vir (Rogue.ASCAntiSpyware) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\derupili.dll.vir (Trojan.Vundo.Gen) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\lizazopi.dll.vir (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\pofusido.dll.vir (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\smss32.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon32.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\NPROTECT\00000689.SYS (Malware.Trace) -> Quarantined and deleted successfully. C:\RECYCLER\NPROTECT\00000808.CFX (Adware.Swizzor) -> Quarantined and deleted successfully. C:\RECYCLER\NPROTECT\00000809.com (Adware.Swizzor) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP866\A0165092.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP866\A0165093.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP866\A0165094.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP867\A0168436.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP867\A0168442.dll (Rogue.ASCAntiSpyware) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0169443.dll (Rogue.ASCAntiSpyware) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170438.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170531.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170569.dll (Rogue.ASCAntiSpyware) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170573.dll (Trojan.Vundo.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170576.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170577.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170578.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170579.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Documents and Settings\Theresa\Desktop\Your PC Protector.lnk (Rogue.YourPCProtector) -> Quarantined and deleted successfully. And this is 2/2/2010 Malwarebytes' Anti-Malware 1.44 Database version: 3677 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 2/2/2010 4:01:02 PM mbam-log-2010-02-02 (16-01-02).txt Scan type: Full Scan (C:\|) Objects scanned: 228644 Time elapsed: 1 hour(s), 6 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 8 Folders Infected: 0 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Theresa\Local Settings\temp\26.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Theresa\Local Settings\temp\27.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Theresa\Local Settings\temp\2A.tmp (Trojan.Dropper) -> Delete on reboot. C:\Documents and Settings\Theresa\Local Settings\temp\BPBs.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Theresa\Local Settings\Temporary Internet Files\Content.IE5\ECDHOUIG\eH7bb06ae8V03007f35002R07bac4db102T30d82049Q00000000901801F002a000aJ0600050 1l0409K682b040830dP000201080[1] (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\temp\2D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\IS15.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

I was able to get malwarebytes run after run with combo-fix.exe last night and i scan malewarebytes again before i turn off my computer. But this morning when i turn on my computer and search on google. I got redirect to some websites and my AVG pop up with warning about trojans so i scan with malwarebytes again, after the scan complete i got like 20 objectives infected compare to 25 last night. I still get redirect before i post this thread. Here is the log of 2 days. Please help thanks. Malwarebytes' Anti-Malware 1.44 Database version: 3677 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 2/1/2010 10:56:00 PM mbam-log-2010-02-01 (22-56-00).txt Scan type: Full Scan (C:\|) Objects scanned: 228017 Time elapsed: 1 hour(s), 1 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 31 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\LocalService\Start Menu\Programs\Your PC Protector (Rogue.YourPCProtector) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\dekevimi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fajohiti.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fibideja.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fotuwutu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\juduwuho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yuhasifo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\adc32.dll.vir (Rogue.ASCAntiSpyware) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\derupili.dll.vir (Trojan.Vundo.Gen) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\lizazopi.dll.vir (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\pofusido.dll.vir (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\smss32.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon32.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\NPROTECT\00000689.SYS (Malware.Trace) -> Quarantined and deleted successfully. C:\RECYCLER\NPROTECT\00000808.CFX (Adware.Swizzor) -> Quarantined and deleted successfully. C:\RECYCLER\NPROTECT\00000809.com (Adware.Swizzor) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP866\A0165092.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP866\A0165093.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP866\A0165094.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP867\A0168436.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP867\A0168442.dll (Rogue.ASCAntiSpyware) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0169443.dll (Rogue.ASCAntiSpyware) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170438.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170531.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170569.dll (Rogue.ASCAntiSpyware) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170573.dll (Trojan.Vundo.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170576.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170577.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170578.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BC436060-F185-4A0C-A8CA-82B54CDC0B4F}\RP868\A0170579.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Documents and Settings\Theresa\Desktop\Your PC Protector.lnk (Rogue.YourPCProtector) -> Quarantined and deleted successfully. And this is 2/2/2010 Malwarebytes' Anti-Malware 1.44 Database version: 3677 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 2/2/2010 4:01:02 PM mbam-log-2010-02-02 (16-01-02).txt Scan type: Full Scan (C:\|) Objects scanned: 228644 Time elapsed: 1 hour(s), 6 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 8 Folders Infected: 0 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Theresa\Local Settings\temp\26.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Theresa\Local Settings\temp\27.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Theresa\Local Settings\temp\2A.tmp (Trojan.Dropper) -> Delete on reboot. C:\Documents and Settings\Theresa\Local Settings\temp\BPBs.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Theresa\Local Settings\Temporary Internet Files\Content.IE5\ECDHOUIG\eH7bb06ae8V03007f35002R07bac4db102T30d82049Q00000000901801F002a000aJ0600050 1l0409K682b040830dP000201080[1] (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\temp\2D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\IS15.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

here is my DDS log: DDS (Ver_09-12-01.01) - NTFSx86 Run by Theresa at 19:44:56.48 on Sat 01/30/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.238 [GMT -8:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe -k LocalService C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe -k bthsvcs C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Paltalk Messenger\paltalk.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Theresa\Desktop\Defogger.exe C:\Documents and Settings\Theresa\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uURLSearchHooks: H - No File uURLSearchHooks: H - No File mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {2ef37a01-884f-11d5-ac99-b112050ecb4f} - ViewSource Class BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll BHO: IEPlugin Class: {cf7c3cf0-4b15-11d1-abed-709549c10000} - c:\program files\advanced system optimizer\IEHelper.dll TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide uRun: [<NO NAME>] uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ares vista] "c:\program files\ares vista\AresVista.exe" -h uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [soundMax] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE mRun: [nwiz] nwiz.exe /install mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [sDTray] "c:\program files\spyware doctor\SDTrayApp.exe" mRun: [riwonosad] Rundll32.exe "c:\windows\system32\hetuyevo.dll",a dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe StartupFolder: c:\docume~1\theresa\startm~1\programs\startup\regist~1.lnk - c:\program files\pinnacle\studio 8\register\RegTool.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} - hxxp://www.nanoscan.com/cabs/nanoinst.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab TCP: {783CA904-CAF9-43A3-9997-53CEDD8FDFDA} = 192.168.0.1 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll AppInit_DLLs: garopudu.dll c:\windows\system32\hetuyevo.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: kikutaked - {3d0d0ae5-86e3-4970-91b4-b1fb3198630c} - c:\windows\system32\hetuyevo.dll STS: gahurihor: {3d0d0ae5-86e3-4970-91b4-b1fb3198630c} - c:\windows\system32\hetuyevo.dll LSA: Notification Packages = scecli zazovera.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\theresa\applic~1\mozilla\firefox\profiles\5v8w4uvi.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\theresa\application data\mozilla\firefox\profiles\5v8w4uvi.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\panda security\nanoscan\plugins\npnanoscan.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-5-31 41288] R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2006-7-8 19507] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-12 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-10-13 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-12 108552] R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-5-31 56832] R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-5-31 74240] R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2006-7-8 619390] R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2006-7-8 423454] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-12 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-12 297752] R2 NProtectService;Norton Unerase Protection;c:\program files\norton systemworks\norton utilities\NPROTECT.EXE [2005-9-25 135168] R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\swdsvc.exe [2008-5-31 1418056] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-5 24652] S1 sonypvd3;Sony DVD Handycam;c:\windows\system32\drivers\sonypvd3.sys [2006-7-8 64964] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2003-10-22 344800] =============== Created Last 30 ================ 2010-01-31 03:42:46 0 ----a-w- c:\documents and settings\theresa\defogger_reenable ==================== Find3M ==================== 2010-01-08 00:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-08 00:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2006-06-12 08:33:55 397352 ----a-w- c:\program files\msgr75us.exe 1601-01-01 00:03:28 43008 --sha-w- c:\windows\system32\diyahema.dll 1601-01-01 00:03:52 55296 --sha-w- c:\windows\system32\garopudu.dll 1601-01-01 00:03:28 96256 --sha-w- c:\windows\system32\hetuyevo.dll 1601-01-01 00:03:52 55296 --sha-w- c:\windows\system32\vukolosu.dll 1601-01-01 00:03:52 55296 --sha-w- c:\windows\system32\zazovera.dll ============= FINISH: 19:46:36.78 =============== DeFogger didn't ask me to restart my comp when i disable so i just run GMER Rootkit Scanner after it but all the system seems not to respond after it scan. So what should i do next because the malware becomes very bad not. please help. thanks

hi every 1, i think the malware just disable my malwarebytes. I tried to search around on google but couldn't get rid of the malware i got this morning by accident click the mouse on 1 of the ads on a free movie sites. i have tried to reinstall, change name but it still there. please help thanks