Redirecting virus, can't get rid of it. Please help me!

[astridastrid]

Hi. I have Windows XP Professional. I had the Antivirus XP Virus (which was 'removed' twice at work by the IT techs) but my computer is still very sick. When i search in google/yahoo etc and click on links, I am redirected to the wrong pages. Also, sometimes when I open firefox a new tab opens to a spammy type site (not one specific site, it varies). How do I get rid of this virus?

I already have tried Malwarebytes, SpywareBlaster, Spybot, Ad-Aware, CCleaner, Symantic, McAfee, Smitrem and Smitfraudfix. I followed the instructions from http://www.pchell.com/support/smitfraud.shtml except I do not know what to do with the HijackThis system scan Analysis.

Can someone please help me? Thanks, Astrid.

[Maniac]

Hello Astrid! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

• The process of cleaning your system may take some time, so please be patient.
  
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  
• Instructions that I give are for your system only!
  
• If you don't know or can't understand something please ask.
  
• Do not install any software or hardware, while work on.
  

Step 1:

Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.

Step 2:

Please locate to:

C:\Qoobox\

and open Add or Remove Programs.txt . Then copy its content and paste in your next comment.

[astridastrid]

Please locate to:

C:\Qoobox\

and open Add or Remove Programs.txt . Then copy its content and paste in your next comment.

Acapela Speech Engine for Easiteach

Ad-Aware

Ad-Aware Email Scanner for Outlook

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Flash Player 9 ActiveX

Adobe Reader 8.1.4

Adobe Shockwave Player 11.5

Brother MFL-Pro Suite

CCleaner

Compatibility Pack for the 2007 Office system

Conexant HD Audio

D-Link DSLs

Easiteach Geography Licence

Easiteach Literacy Licence

Easiteach Maths Licence

Easiteach Science Licence

Easiteach Starter Licence

Handwriting Recognition for Easiteach

HDAUDIO Soft Data Fax Modem with SmartCP

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB979306)

Intel® Graphics Media Accelerator Driver

Java 6 Update 16

Lexmark Printer Software Uninstall

LiveUpdate 3.2 (Symantec Corporation)

Malwarebytes' Anti-Malware

McAfee Security Scan Plus

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Communicator 2007

Microsoft Office FrontPage 2003

Microsoft Office Professional Edition 2003

Microsoft Office XP Media Content

Microsoft Plus! for Windows XP

Microsoft Producer for Microsoft Office PowerPoint 2003

Microsoft Silverlight

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mozilla Firefox (3.6.2)

OGA Notifier 2.0.0048.0

On Screen Display

PaperPort

Photo Story 3 for Windows

PM Yellow

Quick Vic Reporting - Teacher Components

QuickTime

RM Easiteach

screensaverboy

Security Update for CAPICOM (KB931906)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978706)

Spybot - Search & Destroy

SpywareBlaster 4.2

Symantec AntiVirus

ThinkPad Power Management Driver

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 11

Windows XP Service Pack 3

[astridastrid]

Combo fix log:

ComboFix 10-04-04.01 - 08777658 05/04/2010 23:25:37.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2038.1280 [GMT 10:00]

Running from: c:\documents and settings\Astrid\Desktop\Combo-Fix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\dumphive.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected

Restored copy from - Kitty ate it

.

((((((((((((((((((((((((( Files Created from 2010-03-05 to 2010-04-05 )))))))))))))))))))))))))))))))

.

2010-03-27 09:45 . 2010-03-27 09:45 -------- d-----w- c:\program files\CCleaner

2010-03-27 06:59 . 2010-03-27 04:38 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-27 04:38 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-03-27 04:38 . 2010-03-27 04:38 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-27 04:38 . 2010-03-27 04:38 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

2010-03-27 04:38 . 2010-03-27 04:38 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll

2010-03-27 04:38 . 2010-03-27 04:38 885736 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-03-27 04:38 . 2010-03-27 04:38 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll

2010-03-27 04:38 . 2010-03-27 04:38 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe

2010-03-27 04:37 . 2010-03-27 04:38 210552 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll

2010-03-27 04:37 . 2010-03-27 04:37 393896 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll

2010-03-27 04:37 . 2010-03-27 04:37 565392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-03-27 04:37 . 2010-03-27 04:37 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll

2010-03-27 04:37 . 2010-03-27 04:37 430496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2010-03-27 04:37 . 2010-03-27 04:37 167312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll

2010-03-27 04:37 . 2010-03-27 04:37 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll

2010-03-27 04:37 . 2010-03-27 04:37 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll

2010-03-27 04:37 . 2010-03-27 04:37 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll

2010-03-27 04:37 . 2010-03-27 04:37 329560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll

2010-03-27 04:37 . 2010-03-27 04:37 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-03-27 04:37 . 2010-03-27 04:37 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll

2010-03-27 04:36 . 2010-03-27 04:36 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-03-27 04:36 . 2010-03-27 04:36 848160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-03-27 04:36 . 2010-03-27 04:36 855352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-03-27 04:35 . 2010-03-27 04:36 1597440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-03-27 04:35 . 2010-03-27 04:35 818256 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-03-27 04:35 . 2010-03-27 04:35 1263728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-03-27 04:33 . 2010-03-27 04:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-03-27 04:33 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

2010-03-27 04:32 . 2010-03-27 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-03-27 04:32 . 2010-03-27 04:33 -------- d-----w- c:\program files\Lavasoft

2010-03-27 03:41 . 2010-03-27 03:41 -------- d-----w- c:\program files\Trend Micro

2010-03-27 03:33 . 2010-03-27 03:35 -------- d-----w- c:\program files\SpywareBlaster

2010-03-26 09:40 . 2010-03-26 09:40 205824 --sha-w- c:\documents and settings\LocalService\Local Settings\Application Data\3292048846.dll

2010-03-26 09:40 . 2010-03-26 09:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla

2010-03-26 09:25 . 2010-03-26 09:25 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-03-26 09:07 . 2010-03-26 09:08 205824 --sha-w- c:\documents and settings\Astrid\Local Settings\Application Data\3292048846.dll

2010-03-26 08:54 . 2010-03-26 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2010-03-26 08:54 . 2010-03-26 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-03-26 08:54 . 2010-03-26 08:54 -------- d-----w- c:\program files\McAfee Security Scan

2010-03-26 08:54 . 2010-03-26 08:54 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2010-03-26 08:54 . 2010-03-26 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-03-26 07:52 . 2010-03-26 07:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

2010-03-26 07:52 . 2010-03-26 07:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache

2010-03-26 07:51 . 2010-03-26 07:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-03-25 10:37 . 2010-03-25 10:37 0 ----a-w- c:\windows\nsreg.dat

2010-03-25 10:37 . 2010-03-25 10:37 -------- d-----w- c:\documents and settings\Astrid\Local Settings\Application Data\Mozilla

2010-03-25 03:09 . 2010-03-25 03:09 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache

2010-03-25 01:18 . 2010-04-05 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-03-25 01:18 . 2010-03-27 03:44 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-03-23 00:43 . 2010-03-23 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-03-22 22:01 . 2010-03-22 22:01 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-03-22 22:01 . 2010-03-22 22:01 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-03-21 06:59 . 2010-03-21 06:59 -------- d-----w- c:\documents and settings\Astrid\Application Data\Office Genuine Advantage

2010-03-21 06:29 . 2010-04-05 13:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-03-20 08:07 . 2010-03-20 08:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-03-20 06:37 . 2010-03-20 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-03-18 00:02 . 2010-03-18 00:02 -------- d-----w- C:\Acapela.lic

2010-03-17 22:39 . 2010-03-17 22:40 -------- d-----w- c:\windows\speech

2010-03-17 22:39 . 2010-03-17 22:39 10134 ----a-r- c:\documents and settings\Astrid\Application Data\Microsoft\Installer\{85ED9209-E2FA-4AE4-98ED-AD631B350730}\ARPPRODUCTICON.exe

2010-03-17 22:31 . 2010-03-17 22:31 -------- d-----w- c:\program files\Research Machines

2010-03-17 22:31 . 2010-03-17 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Research Machines

2010-03-17 22:31 . 2010-03-17 22:31 -------- d-----w- c:\program files\directx

2010-03-11 09:41 . 2010-03-11 09:41 -------- d-----w- c:\windows\system32\Adobe

2010-03-11 09:21 . 2010-03-11 09:21 -------- d-----w- c:\program files\Sebran

2010-03-11 09:17 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-09 16:04 . 2010-03-09 16:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2010-03-09 11:00 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-03-09 10:42 . 2009-08-06 08:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-03-09 00:14 . 2008-04-13 18:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll

2010-03-09 00:14 . 2008-04-13 18:41 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll

2010-03-09 00:14 . 2008-04-13 18:41 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll

2010-03-09 00:14 . 2008-04-13 18:41 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll

2010-03-09 00:14 . 2008-04-13 18:41 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll

2010-03-09 00:14 . 2008-04-13 18:41 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll

2010-03-09 00:14 . 2008-04-13 18:41 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll

2010-03-09 00:14 . 2008-04-13 13:06 44928 ------w- c:\windows\system32\drivers\agpcpq.sys

2010-03-09 00:14 . 2008-04-13 13:06 42752 ------w- c:\windows\system32\drivers\alim1541.sys

2010-03-09 00:14 . 2008-04-13 13:06 42368 ------w- c:\windows\system32\drivers\agp440.sys

2010-03-08 07:37 . 2010-03-08 07:37 -------- d-----w- c:\program files\D-Link DSLs

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-05 13:32 . 2009-09-16 01:56 -------- d-----w- c:\program files\Symantec AntiVirus

2010-03-27 03:29 . 2010-02-01 21:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-26 07:31 . 2009-09-14 17:58 329752 ----a-w- c:\windows\system32\drivers\iaStor.sys

2010-03-25 01:32 . 2009-10-12 23:32 -------- d-----w- c:\program files\iTunes

2010-03-22 22:01 . 2009-09-16 01:56 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-03-22 22:01 . 2009-09-16 01:56 -------- d-----w- c:\program files\Symantec

2010-03-22 22:01 . 2010-03-22 22:01 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-03-22 22:01 . 2010-03-22 22:01 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-03-22 22:00 . 2009-09-16 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-03-18 23:00 . 2009-09-16 00:28 71208 ----a-w- c:\documents and settings\Astrid\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-09 16:25 . 2009-09-15 08:47 -------- d-----w- c:\program files\Microsoft Silverlight

2010-03-09 00:20 . 2009-09-14 10:57 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-03-08 07:37 . 2009-11-11 12:41 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-02-11 09:46 . 2010-02-11 09:41 -------- d-----w- c:\program files\PM_Gems_Yellow

2010-01-07 05:07 . 2010-02-01 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 05:07 . 2010-02-01 21:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-30 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-30 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-30 150040]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]

c:\documents and settings\Astrid\Start Menu\Programs\Startup\

laptop logon.vbs [2009-3-17 2306]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 06:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2008-08-08 09:14 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-14 15:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]

2005-05-17 06:42 933888 ------w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2005-03-17 03:45 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2005-03-17 03:25 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-04 14:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]

2005-01-26 07:02 49152 ------w- c:\program files\Brother\Brmfl05a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2003-10-13 23:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-09-15 10:09 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MDM"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27/03/2010 2:38 PM 64288]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [5/02/2010 1:52 AM 1263728]

R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [7/10/2007 7:48 PM 116664]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23/03/2010 8:16 AM 102448]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 10:49 PM 227232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2010-04-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 04:36]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Astrid\Application Data\Mozilla\Firefox\Profiles\qf019qt7.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-05 23:32

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)

c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'explorer.exe'(3764)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\windows\system32\brss01a.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Lenovo\HOTKEY\TPONSCR.exe

c:\windows\System32\WScript.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Completion time: 2010-04-05 23:37:31 - machine was rebooted

ComboFix-quarantined-files.txt 2010-04-05 13:37

Pre-Run: 100,112,551,936 bytes free

Post-Run: 100,081,672,192 bytes free

- - End Of File - - 3B9174142A58FEB53A50004A04D1C9C2

[astridastrid]

hijack this log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:44:54, on 5/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\WINDOWS\System32\WScript.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - Startup: laptop logon.vbs

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1268092599520

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1268092584270

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--

End of file - 5759 bytes

[Maniac]

Step 1:

Please uninstall the following applications:

Adobe Reader 8.1.4

McAfee Security Scan Plus

After finish our work, please download and install the latest version of Adobe Reader from:

http://www.adobe.com

Step 2:

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
  
• From the drop-down menu, choose English and click on Select.
  
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  
• A logfile will pop up. Please save it to a convenient location and post it back when you reply
  Then look for the following Java folders and if found delete them.
  C:\Program Files\Java
  C:\Program Files\Common Files\Java
  C:\Windows\Sun
  C:\Documents and Settings\All Users\Application Data\Java
  C:\Documents and Settings\All Users\Application Data\Sun\Java
  C:\Documents and Settings\username\Application Data\Java
  C:\Documents and Settings\username\Application Data\Sun\Java
  

Step 3:

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  
  • c:\documents and settings\Astrid\Start Menu\Programs\Startup\laptop logon.vbs
    

  [*] Click on the submit button

  [*] Please post the results in your next reply.

[astridastrid]

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Apr 10 16:49:59 2010

------------------------------------

Finished reporting.

Jotti's malware scan - found nothing

http://virusscan.jotti.org/en/scanresult/a...e1eeb726c74b23d

Thanks Borislav! Sorry about the delays in between. Have been elsewhere. What next?

[Maniac]

Don't worry!

Next:

• Launch Malwarebytes' Anti-Malware
  
• Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  
• Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[astridastrid]

Malwarebytes' Anti-Malware 1.44

Database version: 3920

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/04/2010 4:14:54 PM

mbam-log-2010-04-11 (16-14-54).txt

Scan type: Quick Scan

Objects scanned: 128791

Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Maniac]

Your verison of MalwareBytes' Anti-Malware and database version is old. Let's uninstall this version, download the latest version and install it.

Step 1:

• Click on Start and select Control Panel
  
• Open Add/Remove Programs
  
• Uninstall Malwarebytes' Anti-Malware
  
• Restart your computer very important
  
• Download and run mbam-clean.exe from here
  
• It will ask to restart your computer, please allow it to do so very important
  
• After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.
    

Step 2:

• Launch Malwarebytes' Anti-Malware
  
• Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  
• Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[astridastrid]

Sorry about the wrong version. New log below...

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3976

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/04/2010 8:10:29 PM

mbam-log-2010-04-11 (20-10-29).txt

Scan type: Quick scan

Objects scanned: 110083

Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Maniac]

How are things running now?

[astridastrid]

How are things running now?

Good now thanks, is it fixed?! Thanks so much for your help with it all. I'd be lost without you!

[Maniac]

Yes, I think we're ready.

Some final steps:

Step 1:

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 2:

Some malware preventions:

http://miekiemoes.blogspot.com/2008/02/how...nt-malware.html

Safe surfing!

[astridastrid]

Yes, I think we're ready.

Some final steps:

Step 1:

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 2:

Some malware preventions:

http://miekiemoes.blogspot.com/2008/02/how...nt-malware.html

Safe surfing!

Thanks again! My facebook status says "Astrid loves Borislav from Bulgaria" now, no joke!

[Maniac]

You kidding me Please send me your Facebook accout details to find you (via PM please).

Thank you so much!

This thread will be locked soon.

[astridastrid]

Done!