boomaholic

I suppose a reformat is the best option. Does Vista have the built in reformat option? This is actually my father's computer. On my PC I still run XP and I've had to reformat it a few times and was able to do so without any discs or other media.

MBAM still will not run in Normal Mode. Below is the log that was created when I ran MBAM in Safe Mode. Malwarebytes' Anti-Malware 1.44 Database version: 3884 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18882 3/18/2010 10:47:56 PM mbam-log-2010-03-18 (22-47-56).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 277418 Time elapsed: 34 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 38 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 16 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{5c013fe7-b5be-3630-957f-2027cc668757} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{48815cbd-4aeb-3ad0-a584-a1ec2389c83e} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8a756c07-5906-30d8-9751-3a72c8072888} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\{8a756c07-5906-30d8-9751-3a72c8072888} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8a756c07-5906-30d8-9751-3a72c8072888} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8a756c07-5906-30d8-9751-3a72c8072888} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\ProgramData\10638321 (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\ProgramData\{7FAC77E1-454F-40CB-AF3A-A465E4548AE6}\OFFLINE\mFileBagIDE.dll\bag\stbterm.exe (Adware.ColorSoft) -> Quarantined and deleted successfully. C:\Users\Weizenbock1\AppData\Local\Temp\Low\0.026504983942922333.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Weizenbock1\AppData\Local\Temp\Low\0.30067173199079755.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Weizenbock1\AppData\Local\Temp\Low\1267181785.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\Weizenbock1\AppData\Local\Temp\Low\4_pinnew.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Weizenbock1\AppData\Local\Temp\Low\5_odbn0.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Users\Weizenbock1\AppData\Local\Temp\Low\5_odbns.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Users\Weizenbock1\AppData\Local\Temp\Low\6_ldry3.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Weizenbock1\AppData\Local\Temp\Low\avto1.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Users\Weizenbock1\AppData\Local\Temp\Low\jar_cache36185.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Weizenbock1\AppData\Local\Temp\Low\pdfupd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Weizenbock1\AppData\Local\Temp\Low\q1.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Users\Weizenbock1\AppData\Local\Temp\Low\teste1_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Users\Weizenbock1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\6dee5eb9-3cbd7421 (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Windows\System32\ctfmon_gp.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\System32\tg62241.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Was able to get MBAM updated and running in Safe Mode. If problem persists in Normal Mode I will reply again.

I am receiving error 732 (12029, 0) when attempting to update. When I perform a scan the program will crash around twenty minutes in. It does not give me an error code. I do not have an MBAM log to post as it has never successfully completed a scan on this computer. DDS (Ver_10-03-17.01) - NTFSx86 Run by Weizenbock1 at 20:13:54.15 on Thu 03/18/2010 Internet Explorer: 8.0.6001.18882 Microsoft Attach.zip