I cant Shake this virus

[MrDiehl332005]

Ok so i had a bad virus a little while back and finally got rid of it. Computer seems to be working ok now Except when im on IE8 the page will close without me doing it and then starts playing music. I run the virus scanner and this is what it gives me

"";"C:\Documents and Settings\user\Cookies\Y8DL38ZC.txt:\pro-market.net.bbf67f2d";"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\Y8DL38ZC.txt";"Found Tracking cookie.Pro-market";"Healed"
"";"C:\Documents and Settings\user\Cookies\Y33JCWOM.txt:\pointroll.com.f2d5a6f6";"Found Tracking cookie.Pointroll";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\Y33JCWOM.txt:\pointroll.com.72c0abc9";"Found Tracking cookie.Pointroll";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\Y33JCWOM.txt";"Found Tracking cookie.Pointroll";"Healed"
"";"C:\Documents and Settings\user\Cookies\T5HGSH1G.txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\T5HGSH1G.txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\T5HGSH1G.txt:\casalemedia.com.350339d4";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\T5HGSH1G.txt:\casalemedia.com.2d37ad26";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\T5HGSH1G.txt:\casalemedia.com.1e1e0e23";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\T5HGSH1G.txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\T5HGSH1G.txt";"Found Tracking cookie.Casalemedia";"Healed"
"";"C:\Documents and Settings\user\Cookies\T23EFTUB.txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\T23EFTUB.txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\T23EFTUB.txt";"Found Tracking cookie.Mediaplex";"Healed"
"";"C:\Documents and Settings\user\Cookies\LCK5GA0L.txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\LCK5GA0L.txt";"Found Tracking cookie.Revsci";"Healed"
"";"C:\Documents and Settings\user\Cookies\KL4LXXV8.txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\KL4LXXV8.txt:\adbrite.com.37283d89";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\KL4LXXV8.txt";"Found Tracking cookie.Adbrite";"Healed"
"";"C:\Documents and Settings\user\Cookies\976L4IUB.txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Object is inaccessible."
"";"C:\Documents and Settings\user\Cookies\976L4IUB.txt:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Object is inaccessible."
"";"C:\Documents and Settings\user\Cookies\976L4IUB.txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Object is inaccessible."
"";"C:\Documents and Settings\user\Cookies\976L4IUB.txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Object is inaccessible."
"";"C:\Documents and Settings\user\Cookies\976L4IUB.txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Object is inaccessible."
"";"C:\Documents and Settings\user\Cookies\976L4IUB.txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Object is inaccessible."
"";"C:\Documents and Settings\user\Cookies\976L4IUB.txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Object is inaccessible."
"";"C:\Documents and Settings\user\Cookies\976L4IUB.txt";"Found Tracking cookie.Yieldmanager";"Object is inaccessible."
"";"C:\Documents and Settings\user\Cookies\7Z0LTYPP.txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\7Z0LTYPP.txt";"Found Tracking cookie.Fastclick";"Healed"
"";"C:\Documents and Settings\user\Cookies\6ZD5G75D.txt:\ru4.com.5a5e0633";"Found Tracking cookie.Ru4";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\6ZD5G75D.txt:\ru4.com.559e3746";"Found Tracking cookie.Ru4";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\6ZD5G75D.txt";"Found Tracking cookie.Ru4";"Healed"
"";"C:\Documents and Settings\user\Cookies\6B4AM42A.txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\6B4AM42A.txt:\advertising.com.82fea56";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\6B4AM42A.txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\6B4AM42A.txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\6B4AM42A.txt";"Found Tracking cookie.Advertising";"Healed"
"";"C:\Documents and Settings\user\Cookies\3C6YQS86.txt:\burstnet.com.c4fe2ebb";"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\3C6YQS86.txt";"Found Tracking cookie.Burstnet";"Healed"
"";"C:\Documents and Settings\user\Cookies\38AO2095.txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\38AO2095.txt";"Found Tracking cookie.Tribalfusion";"Healed"
"";"C:\Documents and Settings\user\Cookies\33RWJ56P.txt:\realmedia.com.ef906bac";"Found Tracking cookie.Realmedia";"Object is inaccessible."
"";"C:\Documents and Settings\user\Cookies\33RWJ56P.txt:\realmedia.com.9f8c11dd";"Found Tracking cookie.Realmedia";"Object is inaccessible."
"";"C:\Documents and Settings\user\Cookies\33RWJ56P.txt:\realmedia.com.855b46d";"Found Tracking cookie.Realmedia";"Object is inaccessible."
"";"C:\Documents and Settings\user\Cookies\33RWJ56P.txt:\realmedia.com.6b2e2a72";"Found Tracking cookie.Realmedia";"Object is inaccessible."
"";"C:\Documents and Settings\user\Cookies\33RWJ56P.txt";"Found Tracking cookie.Realmedia";"Object is inaccessible."
"";"C:\Documents and Settings\user\Cookies\110M62UO.txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\110M62UO.txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\user\Cookies\110M62UO.txt";"Found Tracking cookie.Atdmt";"Healed"



SO i delete it all and restart my PC then it all comes back and i dont know why. Any IDEAS?

 

[johnb35]

I take it you are using Superantispyware? That program will always find cookies and cookies will come back right after you start browsing again and if you go back to the same old sites then thats why they come back. Please do the following to scan for malware.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[MrDiehl332005]

Ya i ran Malwarebytes' Anti-Malware and it doesnt come up with anything? So other ideas ???

 

[johnb35]

It would help to provide the logs I ask for. You said you used malwarebytes already but I also asked for a hijackthis log.



Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

 

[MrDiehl332005]

Combo FIX

ComboFix 11-11-11.06 - user 11/11/2011 14:14:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.411 [GMT -8:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\Application Data\PriceGong
c:\documents and settings\user\Application Data\PriceGong\Data\1.txt
c:\documents and settings\user\Application Data\PriceGong\Data\1707.txt
c:\documents and settings\user\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\user\Application Data\PriceGong\Data\3911.txt
c:\documents and settings\user\Application Data\PriceGong\Data\4436.txt
c:\documents and settings\user\Application Data\PriceGong\Data\450.txt
c:\documents and settings\user\Application Data\PriceGong\Data\4873.txt
c:\documents and settings\user\Application Data\PriceGong\Data\6784.txt
c:\documents and settings\user\Application Data\PriceGong\Data\a.txt
c:\documents and settings\user\Application Data\PriceGong\Data\b.txt
c:\documents and settings\user\Application Data\PriceGong\Data\c.txt
c:\documents and settings\user\Application Data\PriceGong\Data\d.txt
c:\documents and settings\user\Application Data\PriceGong\Data\e.txt
c:\documents and settings\user\Application Data\PriceGong\Data\f.txt
c:\documents and settings\user\Application Data\PriceGong\Data\g.txt
c:\documents and settings\user\Application Data\PriceGong\Data\h.txt
c:\documents and settings\user\Application Data\PriceGong\Data\i.txt
c:\documents and settings\user\Application Data\PriceGong\Data\j.txt
c:\documents and settings\user\Application Data\PriceGong\Data\k.txt
c:\documents and settings\user\Application Data\PriceGong\Data\l.txt
c:\documents and settings\user\Application Data\PriceGong\Data\m.txt
c:\documents and settings\user\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\user\Application Data\PriceGong\Data\n.txt
c:\documents and settings\user\Application Data\PriceGong\Data\o.txt
c:\documents and settings\user\Application Data\PriceGong\Data\p.txt
c:\documents and settings\user\Application Data\PriceGong\Data\q.txt
c:\documents and settings\user\Application Data\PriceGong\Data\r.txt
c:\documents and settings\user\Application Data\PriceGong\Data\s.txt
c:\documents and settings\user\Application Data\PriceGong\Data\t.txt
c:\documents and settings\user\Application Data\PriceGong\Data\u.txt
c:\documents and settings\user\Application Data\PriceGong\Data\v.txt
c:\documents and settings\user\Application Data\PriceGong\Data\w.txt
c:\documents and settings\user\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\user\Application Data\PriceGong\Data\x.txt
c:\documents and settings\user\Application Data\PriceGong\Data\y.txt
c:\documents and settings\user\Application Data\PriceGong\Data\z.txt
c:\documents and settings\user\Start Menu\Programs\System Restore
c:\documents and settings\user\Start Menu\Programs\System Restore\System Restore.lnk
c:\documents and settings\user\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 21:42 . 2011-11-11 21:42 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BC04DEE-5DC9-48E1-A182-FD1B8BF10806}\MpKsl57b2b03e.sys
2011-11-11 03:24 . 2011-11-11 03:24 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BC04DEE-5DC9-48E1-A182-FD1B8BF10806}\MpKsla908f3bc.sys
2011-11-11 03:23 . 2011-11-11 21:42 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BC04DEE-5DC9-48E1-A182-FD1B8BF10806}\offreg.dll
2011-11-11 03:23 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BC04DEE-5DC9-48E1-A182-FD1B8BF10806}\mpengine.dll
2011-11-06 01:17 . 2011-11-06 01:17 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-10-28 23:49 . 2011-11-07 19:45 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-26 02:00 . 2011-10-26 02:00 -------- d-----w- C:\$AVG
2011-10-26 01:35 . 2011-10-26 01:35 -------- d-----w- c:\documents and settings\user\Application Data\AVG2012
2011-10-26 01:28 . 2011-11-11 17:09 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-26 01:28 . 2011-11-06 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-10-26 01:27 . 2011-10-26 01:27 -------- d-----w- c:\program files\AVG
2011-10-26 01:21 . 2011-10-26 01:21 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-26 01:20 . 2011-11-11 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-25 10:01 . 2011-10-25 23:26 -------- d-----w- c:\windows\SxsCaPendDel
2011-10-23 21:28 . 2011-10-23 21:52 -------- d-----w- c:\documents and settings\user\Application Data\Yahoo!
2011-10-23 21:28 . 2011-10-23 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-10-23 21:27 . 2011-10-23 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-10-23 21:25 . 2011-10-23 21:28 -------- d-----w- c:\program files\Yahoo!
2011-10-21 20:11 . 2011-10-21 20:11 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-10-21 20:11 . 2011-10-21 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-21 20:11 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-21 20:11 . 2011-10-21 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-21 17:51 . 2011-10-21 18:10 -------- d-----w- C:\$WIN_NT$.~BT
2011-10-21 17:43 . 2011-10-21 17:44 -------- d-----w- c:\documents and settings\Administrator
2011-10-21 17:12 . 2011-10-21 17:12 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 21:28 . 2011-08-25 20:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2010-09-15 20:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 14:23 . 2011-07-11 08:13 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-07 03:48 . 2010-12-16 21:46 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-04 14:21 . 2011-07-11 08:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2008-04-13 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2008-04-13 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 13:30 . 2011-09-13 13:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20 . 2008-04-13 23:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-24 22:04 . 2011-08-24 22:04 15939 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-08-22 23:48 . 2008-04-13 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-04-13 23:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-04-13 23:00 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-13 23:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"NGTray"="c:\program files\Symantec\Ghost\ngtray.exe" [2008-04-23 218504]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]


When i click on the HiJackthis link it opened in IE Browser that shows the shit load of this ÐÏࡱá>þÿ 
þÿÿÿ

€ÿ€ÿ€ÿ€ÿ€ÿ€ÿ€ ÿ € ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿýÿÿÿeL  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€ýÿÿÿRoot Entryÿÿÿÿÿÿÿÿ„ ÀFÐ*Ä׈ÌÊ
\=AðD/B¾AdA 
"ÿÿÿÿ þ¨SummaryInformation(
ÿÿÿÿÿÿÿÿ@Hÿ?äCìAäE¬D1H
ÿÿÿÿ x
þÿÿÿ  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFþÿÿÿþÿÿÿþÿÿÿþÿÿÿKLMNOPQRSTUþÿÿÿWXYZ[\]^_`abcdefþÿÿÿhijkþÿÿÿmnopþÿÿÿþÿÿÿþÿÿÿþÿÿÿuvwxyzþÿÿÿ|}~€’ùßÉÄ of|‹¡Z?°0Y9ù†¿Ý¬qR{öøÞ«:[¶6DU™ÿœ(¦ ªbîûùsÉô•ÝQ)1WÄRé+£ÓR7àiYë;•¦2'ÕÅ ù(™äó¡å÷¿ìãvköa—·Ã)9°ZÓåHd勵NÕd cM\–¾J7!YC܃>*UÕ¾K¶Œ’‹VNÓdÊ.F·PøŒ8õ(;ýüåH^¿V}
†®à ÞEgž]°,OÜU%95 ž/°Õ«ÅŸO O»‡5û]²ª §§x@R³€ÎôÒ7ï¿(¤šÎ
>èžþPÚ$?é$A¦ÌäÛëÝÉñº„¼´™æK).ö7.vú{ÅÔ¸2ÔX§ôüᵡÖFH£ê‹
o;Œ MO»E¢7¶É5m‹h¢Õ>ÍgƒðÔ!<3Ö hõ?6zCÓäßy{rÇQú…|é”HͧÑk÷…'–=˜ÚÅŽ¯®ò>‘S°4)Å2¼O‘wÓº€´¾åQì¾ôù+@Í{'žâ ±ïxOèù°+ЛT‰U¨ºÁÙWÔ+J’´ŒíØþkHÀ»âçSûtÿ•áüÊë¾Ò+ó’s‡Ë«dF½’KëRPpnüs¹/<_àµ^Š¾Ü<¡g˜0ü9n„R‹O'ïOVL‰7ž1}0}{:EséäöîŸF³?¦)Uñ§Ï?€ûþ#Ÿr ,ç>•…t’`5¶Ã=]êyG¢çÉ2%s$9ÍN€Ç¸Ü$ÆÎÉö\‘uv—‹6—3«N’ÃÈõ)$* ™Y˜?…7HݨAÝZHï?5©–wü“*[ù¯Ë½m’ßïù7_‹¸ðͬ £€¼5ÝÜ6=‹À¯ãÊÑ'n@5!Aáù$d¹µŽ 森Σw$1=e}9M Paï ©5Kí÷>ìÑq¨ ³§sÇYM€ø>U\-m†ƒ9m\ÞܬiJÈX‹Å Ë´ÏU%µûÜVø_¿*%žÈ¡KÚ¨î´q b«RzôhçÁ m;÷îdzBÕ‚½?dbç”ÃÑðÉLˆctáî‡U毿$§oYg`Ýð—o÷apž@ Ñ_lâÓæ¹JÝe` â•+cd•øá×·4;ÂWúšæ^Åï
ä‡üËž•Ó±^4å} MÔ[QèÌ÷$÷ä ^¹{j»ß‡Çw~Å~×ð[šß¡ÿ.“FwHø®Àÿ"(pbuC¡*|—?¬¤2 ”Øع“¡¤†Ý¼dúÀ$.ìb>Pÿ1ƱáÓŸ ÷"°Œ‘Ú'DÇÜ›ts·ùØiRþßéä…s¹‘Ï!¤Ž›£³_¢<“£!¼ä},C— ¦“0›q>ÓÒÆœ–ÞWŒÑ¥6õÇiƒð*(ŽÊA¡jÕ°bî?PÂ9{ PH¬U¢Ðv° à>ÍÇÎ9OÙ̃/IÅ”V^Ší¢&çß_Q_íÄœ³4=¤-gvøR¤Ëj
]%·Â™ZÅŸF4Ù"ýC¤CúL2~®PíwÙ3Óûg*.ym™í‘ü2ãÔ ê:~%íîåKŠ¹%5yžÚX]8›RÜÕÆzÞ¥pÈ{<
_^t:¹Ø"]R¾ äl×+A ?€$0ræê¶k\kD ¦ò/}¯SVx”Æëþò^äVÙ®D z.{qv ’¢p ržK>$H³«(



And i just ran it so i will let you know how it is in a bit

 

[johnb35]

Please repost the full combofix log as you cut out most of it.

 

[blue957400]

Funny....all you need to do is go to Kasperskys website and download TDSS killer. I work as tech support and 9 times out of 10 this takes care of it. If not feel free to post back so we can further assist you. =]

 

[blue957400]

Here is the link:

http://support.kaspersky.com/faq/?qid=208283363

 

[MrDiehl332005]

This is the whole file log right here.. My computer still does the same thing when in IE it closes the window when ever it wants and then when IE is open it will start playing random music or ads.......

ComboFix 11-11-11.06 - user 11/11/2011 14:14:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.411 [GMT -8:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\Application Data\PriceGong
c:\documents and settings\user\Application Data\PriceGong\Data\1.txt
c:\documents and settings\user\Application Data\PriceGong\Data\1707.txt
c:\documents and settings\user\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\user\Application Data\PriceGong\Data\3911.txt
c:\documents and settings\user\Application Data\PriceGong\Data\4436.txt
c:\documents and settings\user\Application Data\PriceGong\Data\450.txt
c:\documents and settings\user\Application Data\PriceGong\Data\4873.txt
c:\documents and settings\user\Application Data\PriceGong\Data\6784.txt
c:\documents and settings\user\Application Data\PriceGong\Data\a.txt
c:\documents and settings\user\Application Data\PriceGong\Data\b.txt
c:\documents and settings\user\Application Data\PriceGong\Data\c.txt
c:\documents and settings\user\Application Data\PriceGong\Data\d.txt
c:\documents and settings\user\Application Data\PriceGong\Data\e.txt
c:\documents and settings\user\Application Data\PriceGong\Data\f.txt
c:\documents and settings\user\Application Data\PriceGong\Data\g.txt
c:\documents and settings\user\Application Data\PriceGong\Data\h.txt
c:\documents and settings\user\Application Data\PriceGong\Data\i.txt
c:\documents and settings\user\Application Data\PriceGong\Data\j.txt
c:\documents and settings\user\Application Data\PriceGong\Data\k.txt
c:\documents and settings\user\Application Data\PriceGong\Data\l.txt
c:\documents and settings\user\Application Data\PriceGong\Data\m.txt
c:\documents and settings\user\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\user\Application Data\PriceGong\Data\n.txt
c:\documents and settings\user\Application Data\PriceGong\Data\o.txt
c:\documents and settings\user\Application Data\PriceGong\Data\p.txt
c:\documents and settings\user\Application Data\PriceGong\Data\q.txt
c:\documents and settings\user\Application Data\PriceGong\Data\r.txt
c:\documents and settings\user\Application Data\PriceGong\Data\s.txt
c:\documents and settings\user\Application Data\PriceGong\Data\t.txt
c:\documents and settings\user\Application Data\PriceGong\Data\u.txt
c:\documents and settings\user\Application Data\PriceGong\Data\v.txt
c:\documents and settings\user\Application Data\PriceGong\Data\w.txt
c:\documents and settings\user\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\user\Application Data\PriceGong\Data\x.txt
c:\documents and settings\user\Application Data\PriceGong\Data\y.txt
c:\documents and settings\user\Application Data\PriceGong\Data\z.txt
c:\documents and settings\user\Start Menu\Programs\System Restore
c:\documents and settings\user\Start Menu\Programs\System Restore\System Restore.lnk
c:\documents and settings\user\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 21:42 . 2011-11-11 21:42 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BC04DEE-5DC9-48E1-A182-FD1B8BF10806}\MpKsl57b2b03e.sys
2011-11-11 03:24 . 2011-11-11 03:24 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BC04DEE-5DC9-48E1-A182-FD1B8BF10806}\MpKsla908f3bc.sys
2011-11-11 03:23 . 2011-11-11 21:42 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BC04DEE-5DC9-48E1-A182-FD1B8BF10806}\offreg.dll
2011-11-11 03:23 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BC04DEE-5DC9-48E1-A182-FD1B8BF10806}\mpengine.dll
2011-11-06 01:17 . 2011-11-06 01:17 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-10-28 23:49 . 2011-11-07 19:45 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-26 02:00 . 2011-10-26 02:00 -------- d-----w- C:\$AVG
2011-10-26 01:35 . 2011-10-26 01:35 -------- d-----w- c:\documents and settings\user\Application Data\AVG2012
2011-10-26 01:28 . 2011-11-11 17:09 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-26 01:28 . 2011-11-06 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-10-26 01:27 . 2011-10-26 01:27 -------- d-----w- c:\program files\AVG
2011-10-26 01:21 . 2011-10-26 01:21 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-26 01:20 . 2011-11-11 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-25 10:01 . 2011-10-25 23:26 -------- d-----w- c:\windows\SxsCaPendDel
2011-10-23 21:28 . 2011-10-23 21:52 -------- d-----w- c:\documents and settings\user\Application Data\Yahoo!
2011-10-23 21:28 . 2011-10-23 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-10-23 21:27 . 2011-10-23 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-10-23 21:25 . 2011-10-23 21:28 -------- d-----w- c:\program files\Yahoo!
2011-10-21 20:11 . 2011-10-21 20:11 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-10-21 20:11 . 2011-10-21 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-21 20:11 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-21 20:11 . 2011-10-21 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-21 17:51 . 2011-10-21 18:10 -------- d-----w- C:\$WIN_NT$.~BT
2011-10-21 17:43 . 2011-10-21 17:44 -------- d-----w- c:\documents and settings\Administrator
2011-10-21 17:12 . 2011-10-21 17:12 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 21:28 . 2011-08-25 20:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2010-09-15 20:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 14:23 . 2011-07-11 08:13 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-07 03:48 . 2010-12-16 21:46 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-04 14:21 . 2011-07-11 08:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2008-04-13 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2008-04-13 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 13:30 . 2011-09-13 13:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20 . 2008-04-13 23:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-24 22:04 . 2011-08-24 22:04 15939 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-08-22 23:48 . 2008-04-13 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-04-13 23:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-04-13 23:00 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-13 23:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"NGTray"="c:\program files\Symantec\Ghost\ngtray.exe" [2008-04-23 218504]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [N/A]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 12:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 5:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 12:13 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 12:14 AM 295248]
R1 MpKsl57b2b03e;MpKsl57b2b03e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BC04DEE-5DC9-48E1-A182-FD1B8BF10806}\MpKsl57b2b03e.sys [11/11/2011 1:42 PM 28752]
R1 MpKsla908f3bc;MpKsla908f3bc;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BC04DEE-5DC9-48E1-A182-FD1B8BF10806}\MpKsla908f3bc.sys [11/10/2011 7:24 PM 28752]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe [8/24/2011 2:04 PM 49152]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/21/2011 12:11 PM 366152]
R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [4/22/2008 5:35 PM 673160]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 12:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 12:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 12:14 AM 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/21/2011 12:11 PM 22216]
S0 cerc6;cerc6; [x]
S1 MpKsl0475cfc4;MpKsl0475cfc4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A1C058A-4D71-4C59-9C63-32CE7A07BB56}\MpKsl0475cfc4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A1C058A-4D71-4C59-9C63-32CE7A07BB56}\MpKsl0475cfc4.sys [?]
S1 MpKsl4f28ceb2;MpKsl4f28ceb2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CE7845B-DD2C-4B58-B9A3-1CE5E64D6271}\MpKsl4f28ceb2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CE7845B-DD2C-4B58-B9A3-1CE5E64D6271}\MpKsl4f28ceb2.sys [?]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [8/24/2011 2:04 PM 140416]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL57B2B03E
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-11-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:[email protected]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-11 14:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe [25228] 0x847163B0
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-11-11 15:13:10
ComboFix-quarantined-files.txt 2011-11-11 23:12
.
Pre-Run: 60,029,407,232 bytes free
Post-Run: 60,327,718,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"
.
- - End Of File - - 973065597A181753B4367E70DEB0801F

 

[johnb35]

You have a few things to do now. Please do in order.

1.

You have AVG and Microsoft Security Essentials installed at the same time. Please choose which program you want to keep and uninstall the other one. You can't have 2 antivirus programs installed at the same time, there will be issues. If you uninstall AVG then please use their removal tool afterwards to finish cleaning it off your system.

http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_1796.exe

2.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.

3.

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces

4.

Combofix automatically created a logfile I need you to post as well. Please naviage to C:\Qoobox and in that folder will be a file named "Add-remove programs.txt" Please open that file and copy and paste the contents back here.

 

[MrDiehl332005]

So i deleted Microsoft Essentials and tried to run the TDSSkiller i download it to my desktop and try to run it and nothing happenes. I tried to restart and do it with the same result. I have my AVG disabled so it wouldnt get in the way.. any ideas? i even tried the link blue posted for me

 

[johnb35]

Have you tried it in safe mode? It should run with no issues in regular mode.

 

[blue957400]

When you say nothing happens does that mean that nothing comes up to the screen or it does not run and you can see the program? I've seen this at work and usually the Kaspersky Virus removal tool will remove some of it so that you can then try and run TDSSKiller. Or you can try and download the older modified version, should you or Johnb35 be able to find it. So far here at work the only solution would be combofix or reformat but you've already tried combofix and this doesn't appear to have worked. I'll be looking to this thread to see if you guys find a solution. One other thing, download and run Hitmanpro. If you find that it finds a Master Boot Sector infection or a consrv.dll infection then a reformat will be neccessary. Removing or replacing either of these two (conrsv.dll or MBR) will result in a blue screen and a system restore will be necessary.

 

[johnb35]

Download MBRCheck to your desktop.

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  
  Done! Press ENTER to exit...
  
  
• Or you will see more information like below if a problem is found:
  
  Found non-standard or infected MBR.
  Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  
  
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message.

 

[MrDiehl332005]

Blue i double click it and the mouse icon goes to the loading symbol but nothing happenes .....


John i ran MBRcheck an this is what i get

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7B0C000 \WINDOWS\system32\KDCOM.DLL
0xF7A1C000 \WINDOWS\system32\BOOTVID.dll
0xF75BD000 ACPI.sys
0xF7B0E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75AC000 pci.sys
0xF760C000 isapnp.sys
0xF7BD4000 pciide.sys
0xF788C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF761C000 MountMgr.sys
0xF758D000 ftdisk.sys
0xF7B10000 dmload.sys
0xF7567000 dmio.sys
0xF7894000 PartMgr.sys
0xF762C000 VolSnap.sys
0xF754F000 atapi.sys
0xF763C000 disk.sys
0xF764C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF752F000 fltMgr.sys
0xF751D000 sr.sys
0xF7506000 KSecDD.sys
0xF74F3000 WudfPf.sys
0xF7466000 Ntfs.sys
0xF7439000 NDIS.sys
0xF741F000 Mup.sys
0xF789C000 avgrkx86.sys
0xF7A20000 AVGIDSEH.Sys
0xF782C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF68F2000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF68DE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF68BD000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF7924000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6899000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF792C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6859000 \SystemRoot\system32\drivers\smwdm.sys
0xF6835000 \SystemRoot\system32\drivers\portcls.sys
0xF783C000 \SystemRoot\system32\drivers\drmk.sys
0xF6812000 \SystemRoot\system32\drivers\ks.sys
0xF675F000 \SystemRoot\system32\drivers\senfilt.sys
0xF7934000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF674B000 \SystemRoot\system32\DRIVERS\parport.sys
0xF784C000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7B00000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF785C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF786C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF787C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF793C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7C51000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF766C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B04000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6734000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF767C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF768C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7944000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6723000 \SystemRoot\system32\DRIVERS\psched.sys
0xF769C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF794C000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7954000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF66F3000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76AC000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF795C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7964000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B3E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6695000 \SystemRoot\system32\DRIVERS\update.sys
0xF73D6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF770C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF775C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B44000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78DC000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xA79B5000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF7BA2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D08000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BA4000 \SystemRoot\System32\Drivers\Beep.SYS
0xA80B8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA80B0000 \SystemRoot\System32\drivers\vga.sys
0xF7BA6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BA8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA80A8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA80A0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA991C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA5EC1000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA5E68000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA5E21000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xA5DFB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA7513000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA5DD3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA5D9D000 \SystemRoot\System32\drivers\afd.sys
0xA7503000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA5D01000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA5C91000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA74F3000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8070000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA83A1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA6E3D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA4095000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF7AD8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAA6D3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF774C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA0E8A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xA5B1D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA170F000 \SystemRoot\System32\drivers\Dxapi.sys
0xA8078000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C75000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBF15A000 \SystemRoot\System32\ATMFD.DLL
0xF7AF0000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xA1629000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA1625000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA0574000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA05F1000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA04CC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF79F4000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA03E0000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA0398000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xA008B000 \SystemRoot\system32\drivers\wdmaud.sys
0xA0128000 \SystemRoot\system32\drivers\sysaudio.sys
0xA0E66000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
0x9EFCF000 \SystemRoot\System32\Drivers\HTTP.sys
0x9EAF4000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x9CDAD000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
608 C:\WINDOWS\system32\smss.exe
868 csrss.exe
892 C:\WINDOWS\system32\winlogon.exe
940 C:\WINDOWS\system32\services.exe
952 C:\WINDOWS\system32\lsass.exe
1128 C:\WINDOWS\system32\svchost.exe
1200 svchost.exe
1296 C:\WINDOWS\system32\svchost.exe
1336 C:\WINDOWS\system32\svchost.exe
1392 svchost.exe
1512 svchost.exe
1744 C:\WINDOWS\system32\spoolsv.exe
1868 svchost.exe
1900 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1932 C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
1956 C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
2020 C:\Program Files\Java\jre6\bin\jqs.exe
176 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
312 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
328 C:\Program Files\Symantec\Ghost\ngctw32.exe
392 C:\WINDOWS\system32\IoctlSvc.exe
452 C:\WINDOWS\system32\svchost.exe
556 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1096 C:\WINDOWS\system32\searchindexer.exe
2516 alg.exe
3588 C:\WINDOWS\explorer.exe
3868 C:\Program Files\Analog Devices\Core\smax4pnp.exe
3892 C:\WINDOWS\system32\hkcmd.exe
3900 C:\WINDOWS\system32\igfxpers.exe
3912 C:\Program Files\Symantec\Ghost\ngtray.exe
3924 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
4028 C:\Program Files\iTunes\iTunesHelper.exe
208 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
436 C:\Program Files\Common Files\Java\Java Update\jusched.exe
484 C:\WINDOWS\system32\ctfmon.exe
2844 C:\Program Files\iPod\bin\iPodService.exe
5120 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
5252 C:\Program Files\AVG\AVG2012\avgnsx.exe
5904 C:\Program Files\AVG\AVG2012\avgtray.exe
6008 C:\Program Files\Internet Explorer\iexplore.exe
3732 C:\Program Files\AVG\AVG2012\avgui.exe
5380 C:\WINDOWS\system32\searchprotocolhost.exe
2556 searchfilterhost.exe
2424 C:\WINDOWS\system32\searchprotocolhost.exe
2760 C:\Documents and Settings\user\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HDS728080PLA380, Rev: PF2OA63A

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 

[MrDiehl332005]

Ok i tried to everything and safe mode and still didnt allow me to.. I think im going to just reformat but i dont remember how to anymore. Someone told me i cant do it because of i cant get into a command prompt without loading windows.. So basicly i just need to know how to reformat all the way thanks unless you guys have more ideas

 

[blue957400]

Sucks to hear that you do indeed have the infection I have seen on one too many Pc's. One last thing you may want to try is running Kaspersky removal tool 2011. It is free on kasperskys website. If this fails then all you need to do is get your windows Xp install/recovery disc. Put it in the disc drive. And then go into the BIOS and change the boot order so that it boots from the Cd first or tap f10, f11, or f12 (depends on your motherboard) to go into the boot device order and make the first boot the device your disc drive first. And then run the Windows Setup. MAKE SURE YOU DO A FULL FORMAT. After that everything else should be self explanatory. Here is a good link in case you have problems/questions. Or you can just post here and we can help you.

http://lifehacker.com/157578/geek-t...ard-drive-and-install-windows-xp-from-scratch

 

[johnb35]

We have found the culprit.

Run MBRCheck again
Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Please push the 'Y' key and then press Enter
When program ask you Enter your choice: enter 2 and press the Enter key
Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel)
Enter 0 and press the Enter key.
The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
The program will prompt for confirmation. Type 'YES' and hit Enter.
Left click on the title bar (where program name and path is written).
From menu chose Edit -> Select All
Hit the Enter key on your keyboard to copy selected text.
Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
Important! Restart your PC for the fix to take effect.
Post the contents of the MBRCheck results log in your next reply

 

[MrDiehl332005]

Well guys i reformated .. i couldnt take the wife and kids crying about bratz.com and facebook not working...thanks for all the help