8 replies to this topic

[JamieK]

Forgive me, but I'm a computer newbie here. Heres what I have so far...

I run Malwarebytes scan and delete everything that it comes back with. Restart and computer works fine for a short while. Then the pop-ups start again, most directing me to Antivirus 2009.

Can't download Spybot. Box pops up saying my security settings doesn't allow this. BTW, also will not open Hotmail messages. Did not start this till after I acquired the spyware

Here are my logs immediately after running Malwarebytes and deleted affected files.

MBAM scan...

Malwarebytes' Anti-Malware 1.30
Database version: 1455
Windows 5.1.2600 Service Pack 3

12/6/2008 11:28:39 AM
mbam-log-2008-12-06 (11-28-28).txt

Scan type: Quick Scan
Objects scanned: 62451
Time elapsed: 6 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\foyidigimi (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------------------------------------------


Panda Active Scan...

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-12-06 10:31:46
PROTECTIONS: 1
MALWARE: 73
SUSPECTS: 4
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Windows Defender 1.1.4104.0 No No
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@247realmedia[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@mediaplex[1].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@www.myaffiliateprogram[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@statcounter[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@serving-sys[3].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@www.burstbeacon[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@advertising[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@adrevolver[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@ads.pointroll[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@adrevolver[3].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@atwola[1].txt
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_535842273236.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_89776722911.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_874762533151.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_128934327310.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_136505215861.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_874020292801.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_14371778623.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_144848868885.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_148329836752.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_152231666639.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_161903652566.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_189660108725.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_862433146000.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_860608777112.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_840800513171.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_779457377344.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_767633656454.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_762292836773.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_280118583200.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_70399531758.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_683804286359.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_637888247826.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_303056494356.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_314703715848.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_625307573815.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_594073756767.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_341055408807.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_591736317705.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_556162533808.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_353287663239.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_355223715749.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_370803678003.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_395514226880.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_579392535283.bk
00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_492935543127.bk
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\system32\cfexfst.sys
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\system32\udxfytw.sys
03689555 Adware/AccesMembre Adware No 0 Yes No C:\WINDOWS\system32\oduxftw.sys
03957249 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_800399511374.bk
03957249 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_530379396844.bk
03974384 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_647775526466.bk
03974384 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_8010548914.bk
03978104 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_697634702050.bk
03978104 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_328392607444.bk
03979301 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_436603443840.bk
03979301 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_11121780611.bk
03979747 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_226227596976.bk
03979747 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_380089540018.bk
03983235 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_453658514383.bk
03983235 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_379647817646.bk
03990615 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_113715694771.bk
03997175 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_33375297218.bk
04002833 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_605394674751.bk
04003655 Generic Backdoor Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmp0_437759243043.bk.old
04050238 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_86290856820.bk
04050238 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_826921125323.bk
04065243 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_41106063122.bk
04065243 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_737683259459.bk
04065243 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_73128374677.bk
04066887 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_43674933710.bk
04078530 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_397467891942.bk
04078530 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_350727806895.bk
04079098 Adware/AccesMembre Adware No 0 Yes No C:\WINDOWS\system32\fduvfct.sys
04079109 Adware/AccesMembre Adware No 0 Yes No C:\WINDOWS\system32\xdufytw.sys
04084609 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_515828661131.bk
04084609 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_15997339982.bk
04086560 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_621436809986.bk
04086560 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_283504221541.bk
04086560 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_258435853187.bk
04114744 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_659357327962.bk
04114744 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_749610201232.bk
04119272 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_298193490211.bk
04119272 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_233659564768.bk
04119272 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_82512397490.bk
04123578 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_20765835537.bk
04123578 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_286894719977.bk
04126890 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_799774591180.bk
04129413 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_55008391153.bk
04132780 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_561760703762.bk
04132780 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_777441796483.bk
04133783 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_686906341809.bk
04133783 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_345391432521.bk
04133783 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_502531124176.bk
04150854 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_465186877580.bk
04150899 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_735454409576.bk
04150899 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_731074378351.bk
04157305 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_266639482319.bk
04160496 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_76630492908.bk
04160496 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_718993575284.bk
04186262 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_871305740577.bk
04199614 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_190149869478.bk
04199614 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_680888674233.bk
04199644 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_22453857698.bk
04251170 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\system32\tmpxr_564300304958.bk
04251176 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\system32\tmpxr_143548611230.bk
04279215 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_7932293085.bk
04279947 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_558049565916.bk
04279947 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_507042550548.bk
04280817 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_480738641824.bk
04280817 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_600861615418.bk
04281422 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_888846169283.bk
04281422 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_57857032587.bk
04281440 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_19922216147.bk
04281440 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_309698473179.bk
04281474 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_7755611560.bk
04289157 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Temporary Internet Files\Content.IE5\KB3FAOTL\A9installer_770522169011[1].exe
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location "
;===============================================================================
================================================================================
=
===================
No C:\Documents and Settings\mercedes\Local Settings\Temporary Internet Files\Content.IE5\ED1Q7UH4\InstallAVv_770522169011[1].exe
No C:\Program Files\WinRAR\Default.SFX "
No C:\WINDOWS\system32\tmpxr_18990228120.bk "
No C:\WINDOWS\system32\tmpxr_49624638698.bk "
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description "
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================


---------------------------------------------------------------------------------------------------------------

Hijack this scan...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:03 AM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\opt\MBCASE\pm\bin\mcp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagent.exe
C:\PROGRA~1\N-ABLE~1\WINDOW~1\AssetDiscoveryLocal.exe
C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagentwatchdog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\smartagent\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\smartagent\bin\tgsrvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\cmserver.exe
C:\opt\MBCASE\pm\bin\lic_srv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPWin.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\mercedes\My Documents\HijackThis.exe

O1 - Hosts: 12.44.59.46 ppa-extra.ndc.daimlerchrysler.com
O2 - BHO: (no name) - {0EAA09D0-67C1-4FA5-85F3-4C602082F4B8} - C:\WINDOWS\system32\tuvUOHax.dll (file missing)
O2 - BHO: (no name) - {61d332c5-04c9-4571-a44e-bfa175cd2429} - C:\WINDOWS\system32\sagenumi.dll (file missing)
O2 - BHO: (no name) - {75A0D0D7-9B92-4245-9884-CB8C0D3E92FC} - C:\WINDOWS\system32\byXopoLF.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [foyidigimi] Rundll32.exe "C:\WINDOWS\system32\lininofa.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\mercedes\Application Data\Twain\Twain.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {00906302-0F14-442C-B39C-275F61BC25BC} (atSdaCfg Control) - file://D:\autorun\atSdaCfg.CAB
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.33/...ds_2_0_0_75.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - file://D:\autorun\PC-CONFIG-CHECK.CAB
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://supportcenter.mbnetstar.com/support.../weblaunch2.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA2EFE1-7069-4A5E-80C6-2D201E44C34E}: NameServer = 10.100.100.10,192.168.100.2
O20 - AppInit_DLLs: C:\WINDOWS\system32\pularewi.dll
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: konfig - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: license - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: mcp - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: Windows Agent (N-able Technologies Windows Agent) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagent.exe
O23 - Service: AssetDiscovery Local (N-able Technologies Windows Agent Asset Discovery) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\AssetDiscoveryLocal.exe
O23 - Service: Windows Agent Watchdog (N-able Technologies Windows Agent Watchdog) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagentwatchdog.exe
O23 - Service: noxtcyr Corporation inc. (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: roxtctm Co. Ltd. (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe (file missing)
O23 - Service: solewxte Service (solewxte) - Unknown owner - C:\WINDOWS\system32\solewxte.exe (file missing)
O23 - Service: sotpeca Settings storage service (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (smartagent) (sprtsvc_smartagent) - SupportSoft, Inc. - C:\Program Files\smartagent\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SupportSoft Repair Service (smartagent) (tgsrvc_smartagent) - SupportSoft, Inc. - C:\Program Files\smartagent\bin\tgsrvc.exe

--
End of file - 9633 bytes


-----------------------------------------------------------------------------------------------------------

Please help me!!!!!!!!!!!! This is my work computer so I will be back with results Monday.

Jamie

P.S. Please assure me there is a special place in he!! for whoever invented spyware!

[Tigger93]

Hi.

Open open notepad and copy and paste in the following:

MD "%USERPROFILE%"\desktop\malware

xcopy C:\WINDOWS\system32\tmpxr_535842273236.bk "%USERPROFILE%"\desktop\malware /c /q /r /h /y
xcopy C:\WINDOWS\system32\tmp0_437759243043.bk.old "%USERPROFILE%"\desktop\malware /c /q /r /h /y
xcopy C:\WINDOWS\system32\cfexfst.sys "%USERPROFILE%"\desktop\malware /c /q /r /h /y
xcopy C:\WINDOWS\system32\udxfytw.sys "%USERPROFILE%"\desktop\malware /c /q /r /h /y
xcopy C:\WINDOWS\system32\oduxftw.sys "%USERPROFILE%"\desktop\malware /c /q /r /h /y
xcopy C:\WINDOWS\system32\fduvfct.sys "%USERPROFILE%"\desktop\malware /c /q /r /h /y
xcopy C:\WINDOWS\system32\xdufytw.sys "%USERPROFILE%"\desktop\malware /c /q /r /h /y
xcopy "C:\Documents and Settings\mercedes\Local Settings\Temp\Temporary Internet Files\Content.IE5\KB3FAOTL\A9installer_770522169011[1].exe" "%USERPROFILE%"\desktop\malware /c /q /r /h /y

Attrib -s -r -h "%USERPROFILE%"\desktop\malware\*.*

Save it as getmalware.bat to the desktop and double-click on it to run it. It will create a folder called malware on your desktop. Please zip up this folder. Attach that zipped file here in a new topic with a link to this thread. I will get back to you once they have been analyzed.

[JamieK]

Just wanted to make sure the ZIP file came through okay.

http://www.malwarebytes.org/forums/index.p...amp;#entry38865

Jamie

[Tigger93]

We got it, I'll get back to you hopefully tonight/tomorrow once the files have been analyzed, thanks.

[Tigger93]

Please update MalwareBytes, scan and post the log.

[JamieK]

Hmm, so far, so good. No more popups today.

Heres the log...

Malwarebytes' Anti-Malware 1.31
Database version: 1488
Windows 5.1.2600 Service Pack 3

12/11/2008 8:59:36 AM
mbam-log-2008-12-11 (08-59-36).txt

Scan type: Quick Scan
Objects scanned: 64252
Time elapsed: 21 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Tigger93]

Can you post one more HJT log so we can be sure your clean?

[JamieK]

Well, its been several days with no signs of pop-ups (knock on wood). I just want to thank everyone for their help in this. Heres my latest HJT scan...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:59 PM, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ICO.EXE
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\opt\MBCASE\pm\bin\mcp.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagent.exe
C:\PROGRA~1\N-ABLE~1\WINDOW~1\AssetDiscoveryLocal.exe
C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagentwatchdog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\smartagent\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\smartagent\bin\tgsrvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\cmserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\lic_srv.exe
C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe
C:\Program Files\Adp\ws2000\ws2000.exe
C:\Program Files\ADP\websuite TE\BZVT.EXE
C:\Program Files\ADP\webSuite TE\BZVBA.EXE
C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\mercedes\My Documents\HijackThis.exe

O1 - Hosts: 12.44.59.46 ppa-extra.ndc.daimlerchrysler.com
O2 - BHO: (no name) - {0EAA09D0-67C1-4FA5-85F3-4C602082F4B8} - C:\WINDOWS\system32\tuvUOHax.dll (file missing)
O2 - BHO: (no name) - {75A0D0D7-9B92-4245-9884-CB8C0D3E92FC} - C:\WINDOWS\system32\byXopoLF.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\mercedes\Application Data\Twain\Twain.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {00906302-0F14-442C-B39C-275F61BC25BC} (atSdaCfg Control) - file://D:\autorun\atSdaCfg.CAB
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.33/...ds_2_0_0_75.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - file://D:\autorun\PC-CONFIG-CHECK.CAB
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://supportcenter.mbnetstar.com/support.../weblaunch2.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA2EFE1-7069-4A5E-80C6-2D201E44C34E}: NameServer = 10.100.100.10,192.168.100.2
O20 - AppInit_DLLs: ,
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: konfig - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: license - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: mcp - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: Windows Agent (N-able Technologies Windows Agent) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagent.exe
O23 - Service: AssetDiscovery Local (N-able Technologies Windows Agent Asset Discovery) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\AssetDiscoveryLocal.exe
O23 - Service: Windows Agent Watchdog (N-able Technologies Windows Agent Watchdog) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagentwatchdog.exe
O23 - Service: noxtcyr Corporation inc. (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: roxtctm Co. Ltd. (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe (file missing)
O23 - Service: solewxte Service (solewxte) - Unknown owner - C:\WINDOWS\system32\solewxte.exe (file missing)
O23 - Service: sotpeca Settings storage service (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (smartagent) (sprtsvc_smartagent) - SupportSoft, Inc. - C:\Program Files\smartagent\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SupportSoft Repair Service (smartagent) (tgsrvc_smartagent) - SupportSoft, Inc. - C:\Program Files\smartagent\bin\tgsrvc.exe

--
End of file - 9638 bytes

[Tigger93]

Still not clean yet.

Open HijackThis and put a check next to these:
O2 - BHO: (no name) - {0EAA09D0-67C1-4FA5-85F3-4C602082F4B8} - C:\WINDOWS\system32\tuvUOHax.dll (file missing)
O2 - BHO: (no name) - {75A0D0D7-9B92-4245-9884-CB8C0D3E92FC} - C:\WINDOWS\system32\byXopoLF.dll (file missing)

O16 - DPF: {00906302-0F14-442C-B39C-275F61BC25BC} (atSdaCfg Control) - file://D:\autorun\atSdaCfg.CAB
O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - file://D:\autorun\PC-CONFIG-CHECK.CAB

O23 - Service: noxtcyr Corporation inc. (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe (file missing)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: roxtctm Co. Ltd. (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe (file missing)
O23 - Service: solewxte Service (solewxte) - Unknown owner - C:\WINDOWS\system32\solewxte.exe (file missing)
O23 - Service: sotpeca Settings storage service (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe (file missing)

Click Fix Checked and close HJT.

Restart your computer, update MBAM, and run a scan, and post that and a new HJT log please.