Need help with possible virtumonde virus/trojan

Why dont you drag CF to the trash and download a fresh copy.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop
 
latest combofix log

Sorry for the delay, didn't see your reply on page 3...here is the latest combofix log...



ComboFix 10-07-06.05 - Owner 07/07/2010 15:50:00.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.163 [GMT -4:00]
Running from: c:\documents and settings\Owner.YOUR-E7D118DC12\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.YOUR-E7D118DC12\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\drivers\mgvpbuw.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\mgvpbuw.sys

.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2010-07-06 22:03 . 2010-07-06 22:03 -------- d-----w- c:\program files\trend micro
2010-07-06 22:03 . 2010-07-06 22:03 -------- d-----w- C:\rsit
2010-07-06 03:05 . 2010-07-06 03:13 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\QuickScan
2010-07-06 02:57 . 2010-07-06 02:57 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\K-Meleon
2010-07-06 02:56 . 2010-07-06 02:57 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\K-Meleon
2010-07-06 02:56 . 2010-07-06 02:56 -------- d-----w- c:\program files\K-Meleon
2010-07-05 18:36 . 2010-07-05 18:36 -------- d-----w- c:\program files\ERUNT
2010-07-03 18:08 . 2010-07-03 18:36 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\tor
2010-07-03 17:35 . 2010-07-03 18:09 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Vidalia
2010-07-02 19:47 . 2010-07-02 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-07-02 18:53 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-02 18:52 . 2010-07-02 18:52 -------- d-----w- c:\program files\Panda Security
2010-07-02 18:38 . 2010-07-02 18:38 -------- d-----w- c:\program files\ESET
2010-07-02 17:59 . 2010-07-02 17:59 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Auslogics
2010-07-02 17:57 . 2010-07-02 17:57 -------- d-----w- c:\program files\Auslogics
2010-07-02 17:27 . 2010-07-02 17:27 -------- d-----w- c:\program files\CCleaner
2010-07-02 17:26 . 2010-07-02 17:26 -------- d-----w- c:\program files\ToniArts
2010-07-02 04:11 . 2010-07-02 04:11 791393 ----a-w- C:\erunt-setup(2).exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 14:25 . 2009-05-11 01:56 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-07-07 02:58 . 2009-12-25 17:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-03 15:54 . 2009-09-05 03:02 1 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-03 12:36 . 2010-05-19 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-02 19:48 . 2010-07-02 19:48 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-02 17:26 . 2006-11-23 00:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 17:18 . 2010-07-02 17:18 63488 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-02 17:18 . 2009-12-25 17:27 117760 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-04 20:13 . 2009-02-17 17:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 21:33 . 2010-05-30 21:33 127 ----a-w- c:\documents and settings\Boss\Local Settings\Application Data\fusioncache.dat
2010-05-26 02:24 . 2010-05-22 02:30 117760 ----a-w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-25 00:38 . 2010-05-25 00:38 -------- d-----w- c:\program files\Photo Story 3 for Windows
2010-05-23 13:18 . 2010-05-19 23:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 02:30 . 2010-05-22 02:30 63488 ----a-w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-22 02:30 . 2010-05-22 02:30 52224 ----a-w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-22 02:29 . 2010-05-22 02:29 -------- d-----w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com
2010-05-22 01:06 . 2010-05-22 01:06 -------- d-----w- c:\documents and settings\Boss\Application Data\Malwarebytes
2010-05-21 00:20 . 2007-01-20 19:26 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Apple Computer
2010-05-21 00:17 . 2007-07-03 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-18 15:23 . 2010-05-18 15:23 -------- d-----w- c:\documents and settings\Boss\Application Data\Skinux
2010-05-18 15:23 . 2010-05-18 15:22 -------- d-----w- c:\documents and settings\Boss\Application Data\ArcSoft
2010-05-18 00:29 . 2006-12-29 22:27 40416 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-17 02:52 . 2010-05-17 02:52 63488 ----a-w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-17 02:52 . 2010-05-17 02:52 52224 ----a-w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-17 02:52 . 2010-05-17 02:52 117760 ----a-w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-17 02:52 . 2010-05-17 02:52 -------- d-----w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com
2010-05-14 21:57 . 2010-05-05 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-14 21:47 . 2010-05-14 21:53 343906 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-05-14 21:33 . 2010-04-03 11:30 439816 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Real\Update\setup3.10\setup.exe
2010-05-14 01:38 . 2010-05-14 01:38 -------- d-----w- c:\documents and settings\Donna\Application Data\Malwarebytes
2010-05-14 00:16 . 2010-05-14 00:16 -------- d-----w- c:\documents and settings\Donna\Application Data\Apple Computer
2010-05-14 00:16 . 2010-05-14 00:12 40416 ----a-w- c:\documents and settings\Donna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-14 00:13 . 2006-11-23 00:19 -------- d-----w- c:\program files\Google
2010-05-14 00:13 . 2010-05-14 00:12 -------- d-----w- c:\documents and settings\Donna\Application Data\ArcSoft
2010-05-14 00:13 . 2010-05-14 00:13 -------- d-----w- c:\documents and settings\Donna\Application Data\Skinux
2010-05-05 22:04 . 2010-01-10 01:22 0 ----a-w- c:\windows\Ysizesux.bin
2010-05-02 05:56 . 2006-06-17 09:23 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 12:06 . 2010-01-10 01:22 120 ----a-w- c:\windows\Qnaxejadazay.dat
2010-04-29 19:39 . 2009-12-24 15:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-12-24 15:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 15:23 . 2007-02-23 15:57 2816 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\wklnhst.dat
2010-04-20 05:51 . 2006-06-17 09:23 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 19:11 . 2008-11-04 17:32 36124 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-16 15:20 . 2006-06-17 09:23 668672 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:20 . 2006-06-17 09:23 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-15 04:28 . 2006-06-19 04:25 40416 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-07-07_03.16.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-07 14:25 . 2010-07-07 14:25 16384 c:\windows\Temp\Perflib_Perfdata_65c.dat
+ 2010-07-07 13:16 . 2010-07-07 13:16 249856 c:\windows\ERDNT\AutoBackup\7-7-2010\Users\00000002\UsrClass.dat
+ 2010-07-07 13:16 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-7-2010\ERDNT.EXE
+ 2010-07-07 13:16 . 2010-07-07 13:16 9551872 c:\windows\ERDNT\AutoBackup\7-7-2010\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-02 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]

c:\documents and settings\Boss\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk.disabled [2010-7-2 783]

c:\documents and settings\Owner.YOUR-E7D118DC12\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=c:\windows\pss\Install Pending Files.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 19:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 03:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-23 05:13 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-23 05:17 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 05:17 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
2002-10-14 20:09 57344 ------w- c:\program files\Lexmark X74-X75\lxbbbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2006-11-07 19:49 1121280 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
2005-12-10 02:44 139264 ----a-w- c:\program files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 02:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanaSafeConnect]
2007-10-18 23:23 1731096 ----a-r- c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-02 00:22 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-05 23:30 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/2/2010 2:53 PM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/23/2009 9:43 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 9:43 AM 67656]
R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe [10/18/2007 7:23 PM 547352]
R2 sbupdate;SentryBay Update Service;c:\program files\SentryBay\sbupdate.exe [3/8/2009 5:30 PM 41272]
R3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectDriver.sys [10/18/2007 7:24 PM 160280]
R3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectFilter.sys [10/18/2007 7:24 PM 30232]
R3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys [10/18/2007 7:24 PM 27312]
S2 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe [10/18/2007 7:23 PM 5218328]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 9:43 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hughhewitt.townhall.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Mozilla\Firefox\Profiles\2rtg5gsv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://hotair.com/
FF - component: c:\program files\SentryBay\PhishLock\ffext\components\plext.dll
FF - component: c:\program files\SentryBay\Secure Browse\toolbar\ffext\components\registrationkey.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 15:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-07 16:02:47
ComboFix-quarantined-files.txt 2010-07-07 20:02
ComboFix2.txt 2010-07-07 03:20

Pre-Run: 76,622,987,264 bytes free
Post-Run: 76,602,650,624 bytes free

- - End Of File - - A4B8BEAE3F49FF561C3E372821B3AB04
 
Looking good :bigthumb:

c:\windows\Qnaxejadazay.dat <--You can delete this manually


How are things running now ?
 
Not sure...getting a virus alert

Things were running well, and I just got this popup from Windows Security Alert, and this popup:

Also getting popups about virus infections, do I want to scan, and getting a porn popup.

Some programs will not execute (MS Paint, trying to send you a screen shot)...

Was able to delete the file that you wanted deleted, though.
 
serious problems

Can't seem to run ANY .exe files. Also, a new icon in taskbar about antivirus software alert. (A green shield, with a white checkmark in it...I know it is bogus)
 

Please download and run the following tool to help allow other programs to run.
(Thanks to Grinler of BleepingComputer.com)
  • There are 4 different versions. If one of them won't run then download and try to run the other one.
  • Vista and Win7 users need to right click and choose Run as Admin
  • You only need to get one of them to run, not all of them.
  • You will know one ran when a box opens up with a report



You have Malwarebytes installed, open it, check for updates and run the quick scan and post the log please
 
no luck

Downloaded the first 3 and tried to run, but program was terminated, followed by a message saying that the file was infected with a virus...

The fourth program just produced an error 404 on the link.
 
Thats the infection telling you the file is infected, its not.

Try running Malwarebytes in Safemode
 
I do not see an option for MBAM safemode.

Do you mean restart windows in safe mode and run it? I am worried that I may not be able to restart FF, as every .exe file I try to open is terminated by the infection.

Please specify.

Thanks
 
Yes, restart windows in Safemode and run MBAM

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode
 
MBAM complete

MBAM found 9 infections...

Here is the log...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4284

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

7/7/2010 7:32:48 PM
mbam-log-2010-07-07 (19-32-48).txt

Scan type: Quick scan
Objects scanned: 153472
Time elapsed: 10 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rwgrfojd (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\urscmrdno\ecfktcdtssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Local Settings\temp\6B.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Local Settings\temp\gxuDmWmzvV.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Local Settings\temp\VxPoEqQKZG.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Local Settings\Temporary Internet Files\Content.IE5\0O9XKPSV\setup[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Local Settings\Temporary Internet Files\Content.IE5\CDERGXQ7\setup[2].exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Local Settings\Temporary Internet Files\Content.IE5\URU9QLGP\setup[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\sortct.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
 
no luck

ken454,

Thanks for all of your help...I think you can close this thread, as I am in the process of reinstalling WinXP.

Last night, after I ran MBAM, it asked to reboot, and when I did, WinXP would reach the logo screen, and then reboot itself, stating that it noticed a problem, possibly a hardware issue, and was shutting down.

After several hours of trying to get winXP to start, I gave up, and decided just to salvage the data, and reinstall.

Again, thanks for all you great help. I'm sticking with my linux box from now on...ha!
 
Well, sometimes a re install is a good option, lets hope this fixes it and its not a hardware issue.

I will keep this thread open for you for a few days, post back and let me know how it went.

If you need help with the format and reinstall let me know and I can link you to a great windows support site that can guide you through it

Ken :)
 
appreciate it

Although I have done many reinstalls before, please send me the link you refer to...I'm always looking for new tips, help, etc.

Thanks again...
 
Back
Top