new and have a Trojan

[christad83]

Hi ya people

ok well I have a Trojan.TDSS , Trojan FakeAlert, Trojan.DNSChanger, Trojan Agent.

my MWB report says

Malwarebytes' Anti-Malware 1.31

Database version: 1550

Windows 5.1.2600 Service Pack 2

27/12/2008 21:44:15

mbam-log-2008-12-27 (21-44-12).txt

Scan type: Quick Scan

Objects scanned: 51045

Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 1

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> No action taken.

Registry Keys Infected:

HKEY_CLASSES_ROOT\videosoft (Trojan.DNSChanger) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

C:\resycled (Trojan.DNSChanger) -> No action taken.

Files Infected:

C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> No action taken.

C:\WINDOWS\system32\msqpdxkrqhrroy.dll (Trojan.TDSS) -> No action taken.

C:\Documents and Settings\Christa\Local Settings\Temp\tmp59.tmp (Trojan.FakeAlert) -> No action taken.

C:\resycled\boot.com (Trojan.DNSChanger) -> No action taken.

C:\WINDOWS\system32\drivers\msqpdxwiduynpq.sys (Trojan.Agent) -> No action taken.

C:\WINDOWS\Temp\tempo-1E3.tmp (Trojan.DNSChanger) -> No action taken.

I downloaded th GMER that is listed in the other post, it found the HIDDEN msqpdxwiduynpq.sys and I deactivated the file and deleted then had to restart, It is stopping me from loading any Adobe software, I did initially WIPE comp and not totally due to C: drive partition not clearing ALL data eg normally I would have to install any software like FireFox but it would already be on system. it is really annoying me now lol I have wiped computer 5 times in 2 weeks !!

hopefully some one out there can help me :0(

[christad83]

2008-12-28 12:38:00 gmer.sys System [4]: LoadDriver system32\DRIVERS\ipnat.sys

2008-12-28 12:38:00 gmer.sys System [4]: LoadDriver system32\DRIVERS\wanarp.sys

2008-12-28 12:38:08 gmer.sys System [4]: CreateProcess C:\WINDOWS\system32\smss.exe

2008-12-28 12:38:08 gmer.sys smss.exe [636]: CreateProcess C:\WINDOWS\system32\autochk.exe

2008-12-28 12:38:08 gmer.sys autochk.exe [668]: LoadDriver \Registry\Machine\System\CurrentControlSet\Services\Fastfat

2008-12-28 12:38:09 gmer.sys smss.exe [636]: CreateProcess C:\WINDOWS\system32\csrss.exe

2008-12-28 12:38:09 gmer.sys csrss.exe [700]: LoadDriver \SystemRoot\System32\drivers\dxg.sys

2008-12-28 12:38:10 gmer.sys csrss.exe [700]: LoadDriver \SystemRoot\System32\ialmrnt5.dll

2008-12-28 12:38:10 gmer.sys csrss.exe [700]: LoadDriver \SystemRoot\System32\ialmdnt5.dll

2008-12-28 12:38:10 gmer.sys csrss.exe [700]: LoadDriver \SystemRoot\System32\vga.dll

2008-12-28 12:38:10 gmer.sys csrss.exe [700]: LoadDriver \SystemRoot\System32\ialmrnt5.dll

2008-12-28 12:38:10 gmer.sys csrss.exe [700]: LoadDriver \SystemRoot\System32\ialmdev5.DLL

2008-12-28 12:38:11 gmer.sys csrss.exe [700]: LoadDriver \SystemRoot\System32\ialmdd5.DLL

2008-12-28 12:38:11 gmer.sys smss.exe [636]: CreateProcess C:\WINDOWS\system32\winlogon.exe

2008-12-28 12:38:11 gmer.sys winlogon.exe [724]: CreateProcess C:\Program Files\AVG\AVG8\avgrsx.exe

2008-12-28 12:38:12 gmer.sys winlogon.exe [724]: CreateProcess C:\WINDOWS\system32\services.exe

2008-12-28 12:38:12 gmer.sys winlogon.exe [724]: CreateProcess C:\WINDOWS\system32\lsass.exe

2008-12-28 12:38:12 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\system32\svchost.exe

2008-12-28 12:38:13 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\system32\svchost.exe

2008-12-28 12:38:13 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\system32\svchost.exe

2008-12-28 12:38:13 gmer.sys services.exe [820]: LoadDriver system32\DRIVERS\ndisuio.sys

2008-12-28 12:38:13 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\system32\svchost.exe

2008-12-28 12:38:13 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\system32\svchost.exe

2008-12-28 12:38:13 gmer.sys winlogon.exe [724]: CreateProcess C:\WINDOWS\system32\logonui.exe

2008-12-28 12:38:14 gmer.sys winlogon.exe [724]: CreateProcess C:\WINDOWS\system32\userinit.exe

2008-12-28 12:38:14 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\system32\spoolsv.exe

2008-12-28 12:38:14 gmer.sys userinit.exe [1632]: CreateProcess C:\WINDOWS\explorer.exe

2008-12-28 12:38:15 gmer.sys svchost.exe [1096]: LoadDriver system32\DRIVERS\rdbss.sys

2008-12-28 12:38:15 gmer.sys svchost.exe [1096]: LoadDriver system32\DRIVERS\mrxsmb.sys

2008-12-28 12:38:17 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\verclsid.exe

2008-12-28 12:38:17 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\verclsid.exe

2008-12-28 12:38:18 gmer.sys explorer.exe [1680]: CreateProcess C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

2008-12-28 12:38:18 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\ctfmon.exe

2008-12-28 12:38:18 gmer.sys explorer.exe [1680]: CreateProcess C:\Program Files\Windows Live\Messenger\msnmsgr.exe

2008-12-28 12:38:20 gmer.sys explorer.exe [1680]: LoadDriver \Registry\Machine\System\CurrentControlSet\Services\Cdfs

2008-12-28 12:38:29 gmer.sys services.exe [820]: LoadDriver system32\DRIVERS\mrxdav.sys

2008-12-28 12:38:29 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\system32\msdtc.exe

2008-12-28 12:38:29 gmer.sys services.exe [820]: CreateProcess C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

2008-12-28 12:38:29 gmer.sys services.exe [820]: CreateProcess C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

2008-12-28 12:38:29 gmer.sys services.exe [820]: LoadDriver \SystemRoot\System32\Drivers\avgtdix.sys

2008-12-28 12:38:29 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\ehome\ehrecvr.exe

2008-12-28 12:38:29 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\ehome\ehSched.exe

2008-12-28 12:38:29 gmer.sys services.exe [820]: LoadDriver System32\Drivers\HTTP.sys

2008-12-28 12:38:29 gmer.sys svchost.exe [984]: CreateProcess C:\WINDOWS\ehome\ehRec.exe

2008-12-28 12:38:30 gmer.sys services.exe [820]: CreateProcess C:\Program Files\Java\jre6\bin\jqs.exe

2008-12-28 12:38:30 gmer.sys services.exe [820]: LoadDriver system32\DRIVERS\mdmxsdk.sys

2008-12-28 12:38:30 gmer.sys services.exe [820]: LoadDriver \??\C:\WINDOWS\system32\drivers\mqac.sys

2008-12-28 12:38:30 gmer.sys svchost.exe [1096]: LoadDriver system32\DRIVERS\srv.sys

2008-12-28 12:38:30 gmer.sys services.exe [820]: LoadDriver \??\C:\WINDOWS\system32\drivers\RMCast.sys

2008-12-28 12:38:33 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\system32\svchost.exe

2008-12-28 12:38:34 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\system32\mqsvc.exe

2008-12-28 12:38:34 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\verclsid.exe

2008-12-28 12:38:34 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\verclsid.exe

2008-12-28 12:38:34 gmer.sys avgwdsvc.exe [1004]: CreateProcess C:\Program Files\AVG\AVG8\avgrsx.exe

2008-12-28 12:38:35 gmer.sys services.exe [820]: CreateProcess C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

2008-12-28 12:38:35 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\ehome\mcrdsvc.exe

2008-12-28 12:38:35 gmer.sys svchost.exe [1096]: LoadDriver system32\DRIVERS\ipnat.sys

2008-12-28 12:38:39 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\system32\mqtgsvc.exe

2008-12-28 12:38:40 gmer.sys services.exe [820]: CreateProcess C:\PROGRA~1\AVG\AVG8\avgemc.exe

2008-12-28 12:38:46 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\system32\imapi.exe

2008-12-28 12:38:47 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\system32\alg.exe

2008-12-28 12:38:50 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\system32\dllhost.exe

2008-12-28 12:38:59 gmer.sys explorer.exe [1680]: CreateProcess C:\Program Files\Mozilla Firefox\firefox.exe

2008-12-28 12:39:04 gmer.sys explorer.exe [1680]: CreateProcess C:\Program Files\Adobe\Photoshop Elements 7.0\Photoshop Elements 7.0.exe

2008-12-28 12:39:09 gmer.sys explorer.exe [1680]: CreateProcess C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

2008-12-28 12:39:19 gmer.sys services.exe [820]: CreateProcess C:\Program Files\Windows Live\Messenger\usnsvc.exe

2008-12-28 12:39:22 gmer.sys svchost.exe [1096]: CreateProcess C:\WINDOWS\system32\wuauclt.exe

2008-12-28 12:39:27 gmer.sys services.exe [820]: LoadDriver \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-12-28 12:39:34 gmer.sys svchost.exe [984]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe

2008-12-28 12:39:42 gmer.sys avgwdsvc.exe [1004]: CreateProcess C:\PROGRA~1\AVG\AVG8\avgupd.exe

2008-12-28 12:39:52 gmer.sys avgupd.exe [1708]: CreateProcess C:\Program Files\AVG\AVG8\fixcfg.exe

2008-12-28 12:39:53 gmer.sys services.exe [820]: CreateProcess C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

2008-12-28 12:39:59 gmer.sys winlogon.exe [724]: CreateProcess C:\WINDOWS\system32\taskmgr.exe

2008-12-28 12:40:12 gmer.sys services.exe [820]: CreateProcess C:\WINDOWS\system32\svchost.exe

2008-12-28 12:41:58 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\verclsid.exe

2008-12-28 12:41:59 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\verclsid.exe

2008-12-28 12:42:26 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\wupdmgr.exe

2008-12-28 12:42:27 gmer.sys svchost.exe [984]: CreateProcess C:\Program Files\Internet Explorer\iexplore.exe

2008-12-28 12:42:29 gmer.sys svchost.exe [984]: CreateProcess C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

2008-12-28 12:42:35 gmer.sys svchost.exe [1096]: CreateProcess C:\WINDOWS\system32\wbem\wmiadap.exe

2008-12-28 12:42:37 gmer.sys svchost.exe [984]: CreateProcess C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

2008-12-28 12:42:40 gmer.sys svchost.exe [984]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe

2008-12-28 12:43:00 gmer.sys avgwdsvc.exe [1004]: CreateProcess C:\Program Files\AVG\AVG8\avgcmgr.exe

2008-12-28 12:43:04 gmer.sys svchost.exe [984]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe

2008-12-28 12:45:40 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\verclsid.exe

2008-12-28 12:45:40 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\verclsid.exe

2008-12-28 12:45:40 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\verclsid.exe

2008-12-28 12:45:41 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\verclsid.exe

2008-12-28 12:46:29 gmer.sys svchost.exe [984]: CreateProcess C:\WINDOWS\system32\igfxsrvc.exe

2008-12-28 12:46:32 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\rundll32.exe

2008-12-28 12:46:47 gmer.sys winlogon.exe [724]: CreateProcess C:\WINDOWS\system32\taskmgr.exe

2008-12-28 12:46:58 gmer.sys rundll32.exe [3360]: CreateProcess C:\WINDOWS\system32\msiexec.exe

2008-12-28 12:47:13 gmer.sys rundll32.exe [3360]: CreateProcess C:\WINDOWS\system32\msiexec.exe

2008-12-28 12:47:27 gmer.sys rundll32.exe [3360]: CreateProcess C:\WINDOWS\system32\msiexec.exe

2008-12-28 12:48:01 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\verclsid.exe

2008-12-28 12:48:01 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\verclsid.exe

2008-12-28 12:48:02 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\verclsid.exe

2008-12-28 12:48:13 gmer.sys explorer.exe [1680]: CreateProcess C:\Program Files\Adobe\Photoshop Elements 7.0\Photoshop Elements 7.0.exe

2008-12-28 12:48:28 gmer.sys services.exe [820]: CreateProcess C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

2008-12-28 12:48:32 gmer.sys svchost.exe [984]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe

2008-12-28 12:48:48 gmer.sys mbam.exe [3620]: CreateProcess C:\WINDOWS\system32\notepad.exe

2008-12-28 12:51:43 gmer.sys explorer.exe [1680]: CreateProcess C:\Documents and Settings\Christa\My Documents\gmer.exe

2008-12-28 12:55:54 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\verclsid.exe

2008-12-28 12:55:58 gmer.sys explorer.exe [1680]: CreateProcess C:\WINDOWS\system32\notepad.exe

[exile360]

Greetings and welcome to the forum.

To get you fixed up please follow the instructions here:

http://www.malwarebytes.org/forums/index.php?showtopic=2936

and post your logs in a new topic here:

http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are

instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

I hope I was helpful. Good luck and safe surfing.