lilmzbabygrl

Well.... I tried what you told me and then the computer restarted all on it's own... and continued to do so... I couldnt even start it in Safe Mode.... so I just reinstalled the operating system. Thanks for trying to help, I guess that Antivirus GT crap was a little more aggressive than we thought.

Hi. Thanks for your reply. For whatever reason, I cannot close my Avast Antivirus, and Combofix got stuck. Now what do I do?

I have Avast Antivirus, so I have no clue how this made it onto my computer.... I've tried everything I know to get rid of this madness to no avail . Here are my logs... Any help you can give would be great! MBAM Log: Malwarebytes' Anti-Malware 1.42 Database version: 3452 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/21/2010 6:00:28 PM mbam-log-2010-08-21 (18-00-28).txt Scan type: Quick Scan Objects scanned: 250913 Time elapsed: 29 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Shortdilla.MR1750.000\My Documents\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. DDS Log: DDS (Ver_10-03-17.01) - NTFSx86 Run by Shortdilla at 18:12:59.18 on Sat 08/21/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.516 [GMT -4:00] AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS.1\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS.1\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS.1\System32\wltrysvc.exe C:\WINDOWS.1\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS.1\system32\spoolsv.exe svchost.exe C:\WINDOWS.1\system32\bmwebcfg.exe C:\WINDOWS.1\system32\dldtcoms.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS.1\Explorer.EXE C:\WINDOWS.1\AGRSMMSG.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS.1\system32\bcmntray.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS.1\system32\igfxpers.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Dell V305\dldtmon.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Dell V305\dldtMsdMon.exe C:\Program Files\AVGT\antivirusGT.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS.1\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Shortdilla.MR1750.000\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [AVGT] c:\program files\avgt\antivirusGT.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [broadcom Wireless Manager UI] c:\windows.1\system32\bcmntray mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [soundMAX] "c:\program files\analog devices\soundmax\smax4.exe" /tray mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe mRun: [igfxtray] c:\windows.1\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows.1\system32\hkcmd.exe mRun: [igfxpers] c:\windows.1\system32\igfxpers.exe mRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [dldtmon.exe] "c:\program files\dell v305\dldtmon.exe" mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe" mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui StartupFolder: c:\docume~1\shortd~1.000\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe StartupFolder: c:\docume~1\alluse~1.1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe StartupFolder: c:\docume~1\alluse~1.1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: bmnet.dll Trusted Zone: nexon.net\combatarms DPF: Microsoft XML Parser for Java - file://c:\windows.1\java\classes\xmldso.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237325560109 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237326235875 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.1\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\shortd~1.000\applic~1\mozilla\firefox\profiles\80rbkfaf.default\ FF - plugin: c:\documents and settings\all users.windows.1\application data\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\windows.1\system32\c2mp\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows.1\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows.1\system32\drivers\aswSP.sys [2009-7-19 165456] R2 aswFsBlk;aswFsBlk;c:\windows.1\system32\drivers\aswFsBlk.sys [2009-7-19 17744] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-29 40384] R2 dldt_device;dldt_device;c:\windows.1\system32\dldtcoms.exe -service --> c:\windows.1\system32\dldtcoms.exe -service [?] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-29 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-29 40384] S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows.1\system32\spool\drivers\w32x86\3\dldtserv.exe [2010-6-29 98984] S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\connection software\RcAppSvc.exe [2008-7-10 111896] =============== Created Last 30 ================ 2010-08-21 22:12:12 0 ----a-w- c:\documents and settings\shortdilla.mr1750.000\defogger_reenable 2010-08-21 21:22:57 0 d-----w- c:\docume~1\shortd~1.000\applic~1\GetRightToGo 2010-08-21 19:04:33 0 d-----w- c:\program files\AVGT 2010-07-29 15:24:04 38848 ----a-w- c:\windows.1\avastSS.scr 2010-07-29 15:23:25 0 d-----w- c:\docume~1\alluse~1.1\applic~1\Alwil Software 2010-07-28 21:00:22 226728 ----a-r- c:\windows.1\system32\cpnprt2.cid 2010-07-28 21:00:17 0 d-----w- c:\windows.1\Cache 2010-07-28 21:00:16 0 d-----w- c:\program files\Coupons ==================== Find3M ==================== 2010-07-09 19:04:40 41872 ----a-w- c:\windows.1\system32\xfcodec.dll 2010-06-30 12:31:35 149504 ----a-w- c:\windows.1\system32\schannel.dll 2010-06-24 12:22:03 916480 ----a-w- c:\windows.1\system32\wininet.dll 2010-06-23 13:44:04 1851904 ----a-w- c:\windows.1\system32\win32k.sys 2010-06-17 14:03:00 80384 ----a-w- c:\windows.1\system32\iccvid.dll 2010-06-14 07:41:45 1172480 ----a-w- c:\windows.1\system32\msxml3.dll ============= FINISH: 18:13:25.34 =============== ark.zip Attach.zip