Well this all started with me getting on my computer and it was stating google installer error and viewpoing mng error.. and it has started to get worse..

I have currently installed on my computer Malwarebytes anti maleware, Ad adware, and Bitdefender for virus scanning..

this isnt the first time this has happend but this time is worse then the previous.. so im enlisting help..

Malwarebytes wouldnt load so i deleted it and reinstalled it, had to rename it ddddddd it then worked after renaming it and i updated from their screen..

trojan.agent.... c:/windows/system32aqcinit.dll mispelled prob i can read my own writting..


Rootkit.trace HKEY_LOCAL_Machine/software/uac

upon restart before I came here just now blue screen came up stating bootcleaner was running and deleting system32.dlls then it dings after all processes load.

a msg box pops up stating outlook express wants to compact messages to save space of course i say cancel..


I had hijacktis on my computer and I deleted it guessing that you guys will tell me to delte it and reinstall it again..

so I can google it or i can wait and see what one of you guys has to say..

I also have ccleaner as well sorry forgot about that one..

hi

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

I tried to disable bitdefender before running but I couldnt get it to turn off man I was disabeling it from scanning while it was starting to run dont know if that would effect it..

also I had spybot loading up upon reboot.. I exited that when i saw it was trying to load... so here is the log we might have to redo I dont know..

post it, not attach it please

ComboFix 09-05-26.05 - Owner 05/27/2009 20:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.560 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\System\Uninstall
c:\windows\Install.txt
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\drivers\core.cache(2).dsk
c:\windows\system32\drivers\core.cache(3).dsk
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\drivers\UACfmaanbubiusjbff.sys
c:\windows\system32\Install.txt
c:\windows\system32\mywfhit.ini
c:\windows\system32\mywfhit.ini.tmp
c:\windows\system32\UACbedvnwayrjdtrmw.dll
c:\windows\system32\UACchgwmkdrmrcmnia.log
c:\windows\system32\UACfadlvutcbgmnoag.log
c:\windows\system32\UACfsnddnraurqjxdt.log
c:\windows\system32\UACktdxrpvhudethyo.dat
c:\windows\system32\UACojcaiutasqikuso.dll
c:\windows\system32\UACqordqcungqnyimw.dll
c:\windows\system32\UACwalpiyrpividgaf.dll
c:\windows\system32\UACwqfrgffivtrunna.dll
H:\Autorun.inf
H:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_AFINDING
-------\Legacy_MACIDWE
-------\Legacy_NOBICYT
-------\Legacy_PANDRV
-------\Legacy_PERFS
-------\Legacy_ROUTING
-------\Legacy_SEICTRL
-------\Legacy_SOBICYT
-------\Legacy_TDXDOWKC
-------\Legacy_WSERVING


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-27 21:27 . 2009-05-27 21:28 -------- d-----w c:\program files\Spybot
2009-05-27 21:27 . 2009-05-27 21:28 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-27 20:49 . 2009-05-27 21:15 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-27 20:21 . 2009-05-27 23:57 -------- d-----w c:\program files\awsome
2009-05-27 18:20 . 2009-02-20 18:09 78336 ----a-w c:\windows\system32\ieencode.dll
2009-05-27 18:20 . 2009-02-20 18:09 78336 ----a-w c:\windows\system32\dllcache\ieencode.dll
2009-05-26 20:22 . 2009-05-26 20:22 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-26 01:59 . 2009-05-27 23:53 -------- d-----w c:\program files\dd
2009-05-26 01:55 . 2009-05-26 01:58 -------- d-----w c:\program files\d
2009-05-26 01:35 . 2009-05-25 20:45 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-25 20:46 . 2009-05-25 20:45 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-25 20:40 . 2009-05-25 20:40 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-25 20:40 . 2009-03-12 08:17 2902048 -c--a-w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-25 20:39 . 2009-05-25 20:39 -------- d-----w c:\program files\Lavasoft
2009-05-25 20:39 . 2009-05-25 20:39 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-25 19:37 . 2009-05-25 19:37 -------- d-----w c:\documents and settings\All Users\Application Data\SITEguard
2009-05-25 19:36 . 2009-05-25 19:36 -------- d-----w c:\program files\Common Files\iS3
2009-05-20 20:14 . 2009-05-20 20:28 -------- d-----w C:\Quake

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 00:16 . 2009-02-02 22:17 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-27 23:53 . 2008-08-22 20:30 3371383 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 20:47 . 2006-06-19 04:25 36656 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-26 20:46 . 2007-02-25 05:41 -------- d-----w c:\program files\Viewpoint
2009-05-26 20:41 . 2006-08-19 07:51 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-26 20:39 . 2008-12-27 19:32 -------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-05-26 20:39 . 2006-08-19 08:02 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-05-26 20:22 . 2007-03-09 20:04 -------- d-----w c:\documents and settings\Owner\Application Data\Viewpoint
2009-05-26 17:20 . 2008-08-22 20:30 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2008-08-22 20:30 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-26 02:03 . 2008-08-22 20:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 21:06 . 2008-08-20 22:34 -------- d-----w c:\program files\Google
2009-05-25 21:05 . 2006-09-30 00:58 -------- d-----w c:\program files\LimeWire
2009-05-21 21:59 . 2007-03-30 01:39 -------- d-----w c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-05-18 03:20 . 2008-03-16 16:58 -------- d-----w c:\documents and settings\Owner\Application Data\mIRC
2009-05-16 17:59 . 2008-01-02 16:46 41924 ---ha-w c:\windows\system32\mlfcache.dat
2009-05-14 00:49 . 2008-08-21 21:09 -------- d-----w c:\documents and settings\Owner\Application Data\dvdcss
2009-05-10 19:02 . 2008-11-10 21:32 -------- d-----w c:\program files\PokerStars
2009-04-29 17:29 . 2008-12-27 19:44 -------- d-----w c:\documents and settings\Owner\Application Data\Roxio
2009-04-26 04:57 . 2008-12-27 19:40 256 ----a-w c:\windows\system32\pool.bin
2009-04-26 04:52 . 2009-02-26 21:17 256 ----a-w c:\documents and settings\Owner\pool.bin
2009-04-14 00:27 . 2008-08-13 20:25 334912 ----a-w c:\documents and settings\Owner\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2009-04-14 00:27 . 2008-08-13 20:24 171072 ----a-w c:\documents and settings\Owner\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2009-04-13 23:35 . 2009-02-14 02:31 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-13 23:34 . 2009-02-14 02:31 189784 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-13 23:34 . 2008-08-13 20:24 57344 ----a-w c:\documents and settings\Owner\Application Data\id Software\quakelive\home\pb\pbag.dll
2009-04-13 23:34 . 2008-08-13 20:24 479232 ----a-w c:\documents and settings\Owner\Application Data\id Software\quakelive\home\pb\pbsv.dll
2009-04-13 23:34 . 2008-08-13 20:24 874660 ----a-w c:\documents and settings\Owner\Application Data\id Software\quakelive\home\pb\pbcl.dll
2009-04-13 23:34 . 2008-08-13 20:24 2669632 ----a-w c:\documents and settings\Owner\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2009-04-01 22:37 . 2006-08-19 07:56 -------- d-----w c:\program files\Java
2009-04-01 22:36 . 2009-04-01 22:36 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-01 22:27 . 2008-10-23 20:45 -------- d-----w c:\program files\MAXBrowse
2009-04-01 22:19 . 2009-04-01 22:19 -------- d-----w c:\program files\CCleaner
2009-04-01 01:49 . 2008-10-02 23:35 -------- d-----w c:\program files\Common
2009-03-26 21:04 . 2009-02-14 02:31 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-26 20:53 . 2008-08-13 20:22 22328 ----a-w c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-03-26 20:53 . 2008-08-13 20:22 22328 ----a-w c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-03-26 20:53 . 2009-02-14 02:31 2246144 ----a-w c:\windows\system32\pbsvc.exe
2009-03-25 18:44 . 2006-08-08 17:56 3650 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-03-15 21:19 . 2008-08-13 20:24 441408 ----a-w c:\documents and settings\Owner\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2009-03-09 09:19 . 2009-02-22 15:57 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-09 09:03 . 2006-08-19 08:06 121984 ----a-w c:\windows\system32\drivers\Rtnicxp.sys
2009-03-08 18:22 . 2009-03-08 18:22 1241088 ----a-w c:\windows\system32\SETF2.tmp
2009-03-08 18:22 . 2009-03-08 18:22 1241088 ----a-w c:\windows\system32\SET129.tmp
2009-03-08 18:21 . 2009-03-08 18:21 2771706 ----a-w c:\windows\inf\SETEE.tmp
2009-03-08 18:21 . 2009-03-08 18:21 2771706 ----a-w c:\windows\inf\SETC1.tmp
2009-03-08 18:21 . 2009-03-08 18:21 13460 ----a-w c:\windows\inf\IEM\0409\SETEF.tmp
2009-03-08 18:21 . 2009-03-08 18:21 13460 ------w c:\windows\inf\IEM\0409\SETC2.tmp
2009-03-08 18:21 . 2009-03-08 18:21 10240 ----a-w c:\windows\system32\SET118.tmp
2009-03-08 18:21 . 2009-03-08 18:21 10240 ------w c:\windows\system32\SETE1.tmp
2009-03-08 18:09 . 2009-03-08 18:09 391536 ----a-w c:\windows\system32\SETEF.tmp
2009-03-08 18:09 . 2009-03-08 18:09 391536 ----a-w c:\windows\system32\SET126.tmp
2009-03-08 08:41 . 2009-03-08 08:41 5937152 ----a-w c:\windows\system32\SET13B.tmp
2009-03-08 08:41 . 2009-03-08 08:41 5937152 ----a-w c:\windows\system32\SET105.tmp
2009-03-08 08:39 . 2009-03-08 08:39 11063808 ----a-w c:\windows\system32\SETF1.tmp
2009-03-08 08:39 . 2009-03-08 08:39 11063808 ----a-w c:\windows\system32\SET128.tmp
2009-03-08 08:35 . 2009-03-08 08:35 385024 ----a-w c:\windows\system32\SETE5.tmp
2009-03-08 08:35 . 2009-03-08 08:35 385024 ----a-w c:\windows\system32\SET11C.tmp
2009-03-08 08:33 . 2009-03-08 08:33 18944 ----a-w c:\windows\system32\SETE2.tmp
2009-03-08 08:33 . 2009-03-08 08:33 18944 ----a-w c:\windows\system32\SET119.tmp
2009-03-08 08:33 . 2009-03-08 08:33 25600 ----a-w c:\windows\system32\SETFE.tmp
2009-03-08 08:33 . 2009-03-08 08:33 25600 ----a-w c:\windows\system32\SET134.tmp
2009-03-08 08:33 . 2009-03-08 08:33 726528 ----a-w c:\windows\system32\SETFD.tmp
2009-03-08 08:33 . 2009-03-08 08:33 726528 ----a-w c:\windows\system32\SET133.tmp
2009-03-08 08:33 . 2009-03-08 08:33 229376 ----a-w c:\windows\system32\SETEB.tmp
2009-03-08 08:33 . 2009-03-08 08:33 229376 ----a-w c:\windows\system32\SET122.tmp
2009-03-08 08:33 . 2009-03-08 08:33 420352 ----a-w c:\windows\system32\SET148.tmp
2009-03-08 08:33 . 2009-03-08 08:33 420352 ----a-w c:\windows\system32\SET112.tmp
2009-03-08 08:33 . 2009-03-08 08:33 125952 ----a-w c:\windows\system32\SETEA.tmp
2009-03-08 08:33 . 2009-03-08 08:33 125952 ----a-w c:\windows\system32\SET121.tmp
2009-03-08 08:31 . 2009-03-08 08:31 183808 ----a-w c:\windows\system32\SETF3.tmp
2009-03-08 08:30 . 2009-03-08 08:30 66560 ----a-w c:\windows\system32\SET145.tmp
2009-03-08 08:30 . 2009-03-08 08:30 66560 ----a-w c:\windows\system32\SET10F.tmp
2009-03-08 08:22 . 2009-03-08 08:22 164352 ----a-w c:\windows\system32\SET12E.tmp
2009-03-08 08:22 . 2009-03-08 08:22 164352 ------w c:\windows\system32\SETF7.tmp
2009-03-08 08:22 . 2009-03-08 08:22 156160 ----a-w c:\windows\system32\SET13F.tmp
2009-03-08 08:22 . 2009-03-08 08:22 156160 ----a-w c:\windows\system32\SET109.tmp
2009-03-08 08:15 . 2009-03-08 08:15 57667 ----a-w c:\windows\system32\SETF8.tmp
2009-03-08 08:15 . 2009-03-08 08:15 57667 ----a-w c:\windows\system32\SET12F.tmp
2009-03-08 08:11 . 2009-03-08 08:11 445952 ----a-w c:\windows\system32\SETEE.tmp
2009-03-08 08:11 . 2009-03-08 08:11 445952 ----a-w c:\windows\system32\SET125.tmp
2009-03-06 14:22 . 2006-06-17 09:23 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 16:18 . 2009-01-16 18:45 73728 ----a-w c:\windows\system32\RtNicProp32.dll
2009-03-03 00:18 . 2006-06-17 09:23 826368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SpybotSD TeaTimer"="c:\program files\Spybot\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2008-09-05 159744]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-28 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-02 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-25 516440]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-18 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1155974661\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1155974661\\EE\\aolsoftware.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\QUAKE\\ezquake-gl.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"c:\\q3\\quake3.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/25/2009 4:46 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 953168]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [9/18/2008 12:09 PM 111112]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [12/27/2008 2:14 PM 22784]
S2 gupdate1c9743e80ffcf14;Google Update Service (gupdate1c9743e80ffcf14);c:\program files\Google\Update\GoogleUpdate.exe [1/11/2009 6:46 PM 133104]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [7/17/2008 1:06 PM 118784]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [12/25/2008 4:12 PM 12032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-05-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:45]

2009-05-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-11 19:28]

2006-09-29 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]

2006-09-29 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Search
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 20:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4056)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\searchindexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\dllhost.exe
c:\program files\Razer\DeathAdder\razertra.exe
c:\program files\Razer\DeathAdder\razerofa.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\windows\TEMP\GoogleUpdate.exe68ba8Update.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-05-28 20:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-28 00:24

Pre-Run: 167,095,894,016 bytes free
Post-Run: 167,047,634,944 bytes free

304 --- E O F --- 2009-05-13 07:02

hi

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

also post a new HJT Log

I ran atf cleaner... then did a malwarebytes scan... after that I tried to use the online virus scanner...


I got a starting java applet failed please go online to use program and it never ran so I dled hijackthis and did a log anyways..



Malwarebytes' Anti-Malware 1.37
Database version: 2191
Windows 5.1.2600 Service Pack 3

5/28/2009 11:09:20 PM
mbam-log-2009-05-28 (23-09-20).txt

Scan type: Quick Scan
Objects scanned: 90712
Time elapsed: 6 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

____________________________________________________________



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:40 PM, on 5/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O24 - Desktop Component 0: (no name) - http://a410.ac-images.myspacecdn.com/image...da207326dc1.jpg

--
End of file - 10821 bytes

hi

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit ok at the prompt for scanning in Safe Mode.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left unneutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

sorry went out of town for the weekend... man that was a long scan a whole day....


Scan
----
Scanned: 941353
Detected: 10
Untreated: 0
Start time: 5/31/2009 4:09:26 PM
Duration: 1 days 04:00:11
Finish time: 6/1/2009 8:09:37 PM


Detected
--------
Status Object
------ ------
deleted: virus Heur.Trojan.Generic (modification) File: c:\program files\bitdefender\bitdefender 2009\ieshow.exe
deleted: Trojan program Trojan.Win32.TDSS.aegg File: C:\Qoobox\Quarantine\C\WINDOWS\system32\UACbedvnwayrjdtrmw.dll.vir
deleted: Trojan program Trojan.Win32.TDSS.adzw File: C:\Qoobox\Quarantine\C\WINDOWS\system32\UACojcaiutasqikuso.dll.vir
deleted: Trojan program Trojan.Win32.TDSS.adzx File: C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqordqcungqnyimw.dll.vir
deleted: Trojan program Trojan.Win32.TDSS.adzz File: C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwalpiyrpividgaf.dll.vir
deleted: Trojan program Trojan.Win32.TDSS.adzx File: C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwqfrgffivtrunna.dll.vir
deleted: Trojan program Trojan.Win32.Agent.chwd File: C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACfmaanbubiusjbff.sys.vir
deleted: adware not-a-virus:AdWare.Win32.SearchIt.t File: H:\i386\Apps\App17981\comps\toolbar\toolbr.exe//WiseSFXDropper//WISE0015.BIN
deleted: adware not-a-virus:AdWare.Win32.SearchIt.t File: H:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP974\A0125144.exe//WiseSFXDropper//WISE0015.BIN
deleted: adware not-a-virus:AdWare.Win32.SearchIt.t File: H:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP974\A0125144.exe//WiseSFXDropper


Events
------
Time Name Status Reason
---- ---- ------ ------
5/31/2009 4:09:38 PM Running module: smss.exe\smss.exe ok scanned


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----












I still got a message dialog box that askes me to free up space on outlook compress drives???

Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html



Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here
  
  
  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
  
• FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  
  
• Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
  
  
• Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

first off I would like to say thank you I was so happy that my computer is back to normal that I had to use it for a couple of hours

secondly I have to congratulate you on your responsiveness and your willing to help people out free of charge I have had a topic open since this topiic was open on bleepingcomputer.com with not a response yet.

Thirdly I have taken all of your considerations and are currently using most i have to go back through and and dl some more items..

last but not least I have bad news for you or mabey not your depending on who answers.

You did such a great job at helping me I was telling people about what was going with my computer I was handed my girlfriends mothers laptop..


Im going to open a new topic since its a different machine but from what malware finds isnt much but some adware and a trojan.vundo....



Ill be posing the log in a new topic..


once again thanks for your help and those who contribute to this board..

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !