do i still have problems....i had zlob

[txrroro]

dont know if i still have zlob...........first time posting here, please let me know if i posted incorrectly...........thankyou

Malwarebytes' Anti-Malware 1.28

Database version: 1229

Windows 5.1.2600 Service Pack 2

10/5/2008 8:24:51 AM

mbam-log-2008-10-05 (08-24-51).txt

Scan type: Full Scan (C:\|D:\|F:\|G:\|)

Objects scanned: 214792

Time elapsed: 1 hour(s), 22 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\InstallShield Installation Information\{D14E3D40-2004-11D3-BFBF-00A0248F3321}\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

F:\Program Files\TurboTax\Deluxe 2006\DlInst\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

ANALYSIS: 2008-10-05 13:23:24

PROTECTIONS: 0

MALWARE: 7

SUSPECTS: 1

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\moni\Application Data\Mozilla\Firefox\Profiles\xln6lrz6.default\cookies.txt[.gostats.com/]

00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\moni\Application Data\Mozilla\Firefox\Profiles\xln6lrz6.default\cookies.txt[.gostats.com/]

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No G:\Users\roro\AppData\Roaming\Microsoft\Windows\Cookies\Low\roro@media.adrevolver[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\moni\Application Data\Mozilla\Firefox\Profiles\xln6lrz6.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\moni\Application Data\Mozilla\Firefox\Profiles\xln6lrz6.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\moni\Application Data\Mozilla\Firefox\Profiles\xln6lrz6.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\moni\Application Data\Mozilla\Firefox\Profiles\xln6lrz6.default\cookies.txt[.ads.pointroll.com/]

00207338 Cookie/Target TrackingCookie No 0 Yes No G:\Users\roro\AppData\Roaming\Microsoft\Windows\Cookies\Low\roro@target[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\moni\Application Data\Mozilla\Firefox\Profiles\xln6lrz6.default\cookies.txt[.atwola.com/]

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No G:\Users\roro\AppData\Roaming\Microsoft\Windows\Cookies\Low\roro@ads.addynamix[1].txt

01048936 Generic Malware Virus/Trojan No 0 Yes Yes F:\programfiles\GameSpy Arcade\Services\_common\PortraitLoader.dll

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

No F:\programfiles\GameSpy Arcade\gslan.dll

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:23:56 PM, on 10/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab

O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.extremefax.com/ActiveX/RCAXSetup.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O24 - Desktop Component 1: Desktop Uninstall - C:\WINDOWS\warnhp.html

--

End of file - 2466 bytes

Edited October 6, 2008 by JeanInMontana
remove code

[JeanInMontana]

Hello txrroro and welcome to Malwarebytes. Please move HJT to your main drive usually C:\ in it's own folder as it is now. Update MBAM and do a quick scan, make sure MBAM is also on C:\ . Post that log and a new HJT log from C:\.

[JeanInMontana]

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.