i dont know how it even began but macafee detected a trojan downloader and it gave me the pop up that it had been successfully deleted, after i find myself looking at my desktop where there was an icon that said windows system defender and there was a little red wall in my quick launch saying i was infected and i needed to activate my subscription, i knew of course that it was a rogue. since this has happened before mbam.exe was renamed mypuppy.exe by myself, i opened malwarebytes and i started running a scan but after a few seconds it closes down and i try 2 reboot it and it doesnt let me, showing a message that says : Window cannot access the specified device, path or file. you may not have the appropriate permission to access the item.
i tried deleting mbam.exe and downloading it again and it doesnt help, this "virus" also blocks my Macafee and does not let me even open it.
i've also read a post on this forum about looking in device manager but the driver specified in that post is not there.
and lastly i've tried to boot up my PC in safe mode only to be greeted by a blue screen.
I checked the location of the Windows System Defender and it is under /application data/33457 as i open it there are 2 .ddl
mozcrt19.dll and sqlite3.dll
and there is an icon that looks like a legit security center icon but this one is named WS7
any help? i cant terminate the process because task manager appears to be blocked also.
please.
thank you,

hijackthis wont work at all, i've tried everything you guys have asked to do prior to this but it doesnt work,
that is the only thing that works the Process Explorer.
in which WS734.exe 2444 is Windows System Defender.
Thank you in advance.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

1. rkill.exe
2. rkill.com
3. rkill.scr
4. rkill.pif

Once you've gotten one of them to run then try to immediately run the following.


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   • Tools->Options->Main tab
   • Set to "Always ask me where to Save the files".
2. During the download, rename Combofix to Combo-Fix as follows:
   
   
   
   
   
   
3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
   
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   
   
   -----------------------------------------------------------
7. Double click on combo-Fix.exe & follow the prompts.
8. When finished, it will produce a report for you.
9. Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

If you still cannot get this to run, try booting into Safe Mode, and run it there.

To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode."

If this doesn't work either, try the same method (above method), but name Combofix.exe to iexplore.exe instead, or winlogon.exe..
This because It also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so this whitelist also includes system important processes such as iexplore.exe, explorer.exe, winlogon.exe...

Please post an update on this. Thanks.

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Post reopened at user request.

ty for reopening the post....am trying 2 download combo-fix....

k so i uninistalled macafee and downloaded combofix, man are u sure it wont mess my computer up? i mean whats the worse combofix can do?

There is no guarantees from anyone. Your system is infected and you're here to get it cleaned up. Backup your data just like you should always be doing anyways.
I don't mean to be difficult but I also don't have time to play games. If you don't feel you want to run the tasks as requested then you can certainly seek advice from another support forum or take the computer into a repair shop and have someone fix it.

k dude i just now got to the infected computer and i will run combo-fix, i've created a restore point in case something goes wrong. thank you for your help.

ComboFix 09-10-28.08 - Carlos Clavijo 10/30/2009 11:08.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.233 [GMT -4:00]
Running from: c:\documents and settings\Carlos Clavijo\My Documents\Downloads\ComboFix.exe
AV: Windows System Defender *On-access scanning enabled* (Updated) {7B49FCF6-D1DA-43D7-ABF1-E99AF06AA694}
AV: Windows System Defender *On-access scanning enabled* (Updated) {8EE8C8A7-6B99-47C3-A3D5-5DBC4FA6D32C}
AV: Windows System Defender *On-access scanning enabled* (Updated) {9BDB0824-67DE-47D0-AAEF-94C454A963C6}
AV: Windows System Defender *On-access scanning enabled* (Updated) {F9AE2B98-D74A-4AA0-AA73-D789269F3BF9}
FW: Windows System Defender *enabled* {99C1B71E-E548-4F18-AFB0-31945483F1B0}
FW: Windows System Defender *enabled* {DBAE0487-7FA3-46FD-BC9D-4B48BB83A7B0}
FW: Windows System Defender *enabled* {E8CF2BCC-C580-4EF8-968F-C722C264A8F7}
FW: Windows System Defender *enabled* {F50D39DF-A0DA-4BB7-8AA1-1567A5F91471}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Carlos Clavijo\Start Menu\Programs\Windows System Defender.lnk
c:\documents and settings\Carlos Clavijo\Start Menu\Windows System Defender.lnk
c:\documents and settings\Juan Clavijo\Start Menu\Windows System Defender.lnk
C:\p2hhr.bat
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\atajegigududibot.dll
c:\windows\kb913800.exe
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\run.log
c:\windows\system32\18467.exe
c:\windows\system32\41.exe
c:\windows\system32\cfg.dat
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\net.net
c:\windows\system32\nuar.old
c:\windows\system32\skynet.dat
c:\windows\system32\UACpcftybyuee.log
c:\windows\system32\xa.tmp
c:\windows\wf3.dat
c:\windows\wf4.dat

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ANTIPOL
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-30 15:17 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-29 12:54 . 2009-10-29 12:54 -------- d-----w- c:\documents and settings\Edwin Clavijo\Local Settings\Application Data\{4A60C2C2-D311-4E6A-A767-FFB776D1574A}
2009-10-22 21:59 . 2009-10-22 22:10 -------- d-----w- c:\documents and settings\Carlos Clavijo\Mal
2009-10-22 17:55 . 2009-10-30 00:40 -------- d-sh--w- c:\documents and settings\Carlos Clavijo\Application Data\Windows System Defender
2009-10-22 17:54 . 2009-10-22 17:54 -------- d-----w- c:\documents and settings\Carlos Clavijo\Local Settings\Application Data\{AFC8E63F-3565-4EE8-90E4-072359DF17DE}
2009-10-22 16:54 . 2009-10-22 16:54 0 ----a-r- c:\windows\Pnatah.bin
2009-10-22 16:54 . 2009-10-30 14:21 120 ----a-w- c:\windows\Kdijobedit.dat
2009-10-22 16:54 . 2009-10-22 16:54 -------- d-----w- c:\documents and settings\Juan Clavijo\Local Settings\Application Data\{6704B82B-913E-4B45-9D26-55CA7CDC37BD}
2009-10-22 16:51 . 2009-10-30 15:26 -------- d-sh--w- c:\documents and settings\All Users\Application Data\33457
2009-10-22 16:51 . 2009-10-22 16:51 102188 ----a-w- c:\windows\system32\25c91324.exe
2009-10-22 16:49 . 2009-10-22 16:52 -------- d-sh--w- c:\documents and settings\Juan Clavijo\Application Data\Windows System Defender
2009-10-22 16:49 . 2009-10-22 16:49 -------- d-sh--w- c:\documents and settings\All Users\Application Data\WSDDSys
2009-10-22 16:47 . 2009-10-30 14:20 0 ----a-r- c:\windows\win32k.sys
2009-10-19 17:49 . 2009-10-19 17:49 -------- d-----w- C:\Dell
2009-10-14 22:46 . 2009-10-29 16:03 -------- d-----w- c:\documents and settings\Juan Clavijo\Tracing
2009-10-08 21:32 . 2009-10-29 12:54 -------- d-----w- c:\documents and settings\Edwin Clavijo\Tracing
2009-10-06 00:26 . 2009-10-27 21:59 -------- d-----w- c:\documents and settings\Carlos Clavijo\Tracing
2009-10-03 17:56 . 2009-10-06 00:00 -------- d-----w- c:\documents and settings\Juan Clavijo\Application Data\BitDefender
2009-10-03 02:49 . 2009-10-06 00:00 -------- d-----w- c:\documents and settings\Edwin Clavijo\Application Data\BitDefender
2009-10-02 18:08 . 2009-10-05 23:59 81984 ----a-w- c:\windows\system32\bdod.bin
2009-10-02 17:09 . 2009-10-02 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-10-02 16:55 . 2009-10-22 16:48 -------- d--h--w- c:\windows\PIF
2009-10-02 12:37 . 2009-10-02 12:37 -------- d-----w- c:\documents and settings\Juan Clavijo\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 00:43 . 2006-08-07 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-29 23:46 . 2009-09-07 19:19 63 ----a-w- c:\documents and settings\Juan Clavijo\jagex_runescape_preferences2.dat
2009-10-29 23:38 . 2008-07-16 16:10 38 -c--a-w- c:\documents and settings\Juan Clavijo\jagex_runescape_preferences.dat
2009-10-29 21:20 . 2008-11-15 21:09 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-29 21:20 . 2006-01-20 07:34 -------- d-----w- c:\program files\Real
2009-10-29 21:17 . 2007-08-24 02:27 93568 -c--a-w- c:\documents and settings\Juan Clavijo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-28 01:59 . 2009-08-18 00:53 38 ----a-w- c:\documents and settings\Carlos Clavijo\jagex_runescape_preferences.dat
2009-10-28 01:56 . 2009-09-02 17:10 63 ----a-w- c:\documents and settings\Carlos Clavijo\jagex_runescape_preferences2.dat
2009-10-26 21:13 . 2007-09-13 00:25 -------- d-----w- c:\documents and settings\Carlos Clavijo\Application Data\U3
2009-10-22 18:30 . 2009-08-31 00:31 -------- d-----w- c:\documents and settings\Carlos Clavijo\Application Data\Malwarebytes
2009-10-22 18:30 . 2009-08-31 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-06 00:26 . 2006-01-29 22:23 93568 -c--a-w- c:\documents and settings\Carlos Clavijo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-05 01:35 . 2008-09-06 16:54 -------- d-----w- c:\documents and settings\Juan Clavijo\Application Data\U3
2009-10-05 00:29 . 2006-01-29 23:48 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-05 00:29 . 2008-12-31 21:16 88 --sh--r- c:\windows\system32\574E1E9CA9.sys
2009-10-02 16:57 . 2006-01-20 07:25 -------- d-----w- c:\program files\Java
2009-10-02 16:26 . 2006-01-20 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-02 16:15 . 2006-02-06 01:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-01 15:41 . 2009-07-21 00:20 38 ----a-w- c:\documents and settings\Edwin Clavijo\jagex_runescape_preferences.dat
2009-10-01 15:09 . 2009-09-04 20:32 45 ----a-w- c:\documents and settings\Edwin Clavijo\jagex_runescape_preferences2.dat
2009-09-26 19:58 . 2006-06-02 18:57 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-09-26 15:46 . 2008-10-24 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-24 03:20 . 2008-08-24 01:13 -------- d-----w- c:\documents and settings\Carlos Clavijo\Application Data\LimeWire
2009-09-23 03:19 . 2009-09-22 20:43 51232 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-23 03:19 . 2009-09-22 20:43 4896 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-23 03:19 . 2009-09-22 20:43 1676 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-23 03:19 . 2009-09-22 20:43 1532 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-23 02:30 . 2009-09-19 21:14 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-09-23 02:30 . 2009-09-19 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-09-18 21:26 . 2005-08-17 02:58 -------- d-----w- c:\program files\RGB
2009-09-17 22:35 . 2007-09-25 04:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-16 14:22 . 2006-10-09 20:55 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2006-10-09 20:55 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2006-10-09 20:55 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2006-10-09 20:55 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2006-10-09 20:55 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-15 19:57 . 2009-09-15 19:57 -------- d-----w- c:\program files\MSBuild
2009-09-15 19:56 . 2009-09-15 19:56 -------- d-----w- c:\program files\Reference Assemblies
2009-09-11 14:18 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2005-08-16 10:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2005-08-16 10:40 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2005-08-16 10:40 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-08-16 10:40 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 10:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-08-16 10:40 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2005-08-16 10:18 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2005-08-16 10:40 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-07-02 22:02 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2008-07-02 22:02 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-08-16 10:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2005-08-16 10:18 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 04:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-09-23 11:51 . 2009-10-22 16:51 1926144 ----a-w- c:\program files\mozilla firefox\components\17d1ccd1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-27 148888]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Windows System Defender"="c:\documents and settings\All Users\Application Data\33457\WS734.exe" [2009-10-22 2192896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AdwarePrj.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agent.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AlphaAV]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AlphaAV.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Anti-Virus Professional.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntispywarXP2009.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusPlus]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusPlus.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusPro_2010.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusXP]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusXP.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antivirusxppro2009.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntiVirus_Pro.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\av360.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVCare.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\brastk.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cl.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\csc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dop.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\frmwrk32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gav.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbn976rl.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\homeav2010.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\init32.exe ]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MalwareRemoval.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ozn695m5.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pav.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsAuxs.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsGui.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsSvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsTray.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PC_Antispyware2010.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pdfndr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PerAvir.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\personalguard]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\personalguard.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\protector.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qh.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Quick Heal.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QuickHealCleaner.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rwg]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rwg.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SafetyKeeper.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Save.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SaveArmor.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SaveDefense.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SaveKeep.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Secure Veteran.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\secureveteran.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Security Center.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SecurityFighter.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\securitysoldier.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smart.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartprotector.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smrtdefp.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SoftSafeness.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spywarexpguard.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tapinstall.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrustWarrior.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tsc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\W3asbas.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winav.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\windll32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\windows Police Pro.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xpdeluxe.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xp_antispyware.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\~1.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\~2.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ivbdlg.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Carlos Clavijo\\Application Data\\PowerChallenge\\PowerFootball\\PowerFootball.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\Common Files\\AOL\\1138670774\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1138670774\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpsvc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\33457\\WS734.exe"=

S3 iatmunin;iatmunin;\??\c:\docume~1\CARLOS~1\LOCALS~1\Temp\iatmunin.sys --> c:\docume~1\CARLOS~1\LOCALS~1\Temp\iatmunin.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-30 c:\windows\Tasks\User_Feed_Synchronization-{437E7B3F-61B8-46BE-93D5-C2D7BFE1386A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = www.google.com
mSearch Bar = hxxp://www.starbarsearch.com/?useie5=1&q=
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Carlos Clavijo\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Carlos Clavijo\Application Data\Mozilla\Firefox\Profiles\pav7qdqy.default\
FF - component: c:\program files\Mozilla Firefox\components\17d1ccd1.dll
FF - HiddenExtension: XULRunner: {6704B82B-913E-4B45-9D26-55CA7CDC37BD} - c:\documents and settings\Juan Clavijo\Local Settings\Application Data\{6704B82B-913E-4B45-9D26-55CA7CDC37BD}
FF - HiddenExtension: XULRunner: {AFC8E63F-3565-4EE8-90E4-072359DF17DE} - c:\documents and settings\Carlos Clavijo\Local Settings\Application Data\{AFC8E63F-3565-4EE8-90E4-072359DF17DE}
FF - HiddenExtension: XULRunner: {4A60C2C2-D311-4E6A-A767-FFB776D1574A} - c:\documents and settings\Edwin Clavijo\Local Settings\Application Data\{4A60C2C2-D311-4E6A-A767-FFB776D1574A}\

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('...ri.enabled', 'allAccess');
.
- - - - ORPHANS REMOVED - - - -

BHO-{a9c272db-742b-c2b0-208a-e0a8e45de0bd} - c:\windows\atajegigududibot.dll
Toolbar-{7B9EBB4C-C1A0-4492-B707-E9047C8864B5} - c:\windows\system32\d778.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mypuppy.exe.exe
HKLM-Run-lsdefrag - c:\docume~1\JUANCL~1\LOCALS~1\Temp\ewnmrxsaoc.tmp
HKLM-Run-Squyaxacumirux - c:\windows\atajegigududibot.dll
SharedTaskScheduler-{48629621-5945-43bd-980e-d120ff2bbb3d} - (no file)
SharedTaskScheduler-{790d45aa-e180-4812-b012-d6194e60376e} - (no file)
SharedTaskScheduler-{8475f44c-84b7-4762-8e4d-3b87ac682409} - (no file)
SharedTaskScheduler-{6420ac46-25e4-49d1-b86c-f9e4085e23c9} - c:\windows\system32\metuhase.dll
SharedTaskScheduler-{fba4280e-642a-4c40-beab-2ecb734dfe02} - c:\windows\system32\jogejase.dll
SharedTaskScheduler-{f468f67a-984b-468c-a91c-0e0e8a9c4ad9} - (no file)
SSODL-yujaloyik-{48629621-5945-43bd-980e-d120ff2bbb3d} - (no file)
SSODL-voditawez-{790d45aa-e180-4812-b012-d6194e60376e} - (no file)
SSODL-hikasuden-{8475f44c-84b7-4762-8e4d-3b87ac682409} - (no file)
SSODL-bezejipin-{6420ac46-25e4-49d1-b86c-f9e4085e23c9} - c:\windows\system32\metuhase.dll
SSODL-velupoyos-{fba4280e-642a-4c40-beab-2ecb734dfe02} - c:\windows\system32\jogejase.dll
SSODL-fabelojup-{f468f67a-984b-468c-a91c-0e0e8a9c4ad9} - (no file)
AddRemove-{1758E12F-3860-4cfa-88F8-3F362BAE126F} - c:\program files\HP\Digital Imaging\{1758E12F-3860-4cfa-88F8-3F362BAE126F}\setup\hpzscr01.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 11:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,6f,22,a3,67,20,f4,4d,84,af,b5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,6f,22,a3,67,20,f4,4d,84,af,b5,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(712)
c:\windows\ivbdlg.dll

- - - - - - - > 'explorer.exe'(1928)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\mshtml.dll
c:\windows\ivbdlg.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscript.exe
.
**************************************************************************
.
Completion time: 2009-10-30 11:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-30 15:29

Pre-Run: 131,341,484,032 bytes free
Post-Run: 132,171,788,288 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - A1C5F0D63E1E877F635D0B3F765918DB

:p is the smily face, that was there on itself.
and i am sure you already know but WINDOWS SYSTEM DEFENDER is the Rogue.
THANK YOU.

Okay, MBAM should now be able to scan.

Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Update
• When the update is complete, select the Scanner tab
• Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

Malwarebytes' Anti-Malware 1.41
Database version: 3070
Windows 5.1.2600 Service Pack 3

10/31/2009 12:37:30 PM
mbam-log-2009-10-31 (12-37-30).txt

Scan type: Quick Scan
Objects scanned: 120253
Time elapsed: 7 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 3
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system defender (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: ivbdlg.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=222&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=222&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=222&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=222&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=222&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\WSDDSys (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carlos Clavijo\Application Data\Windows System Defender (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Juan Clavijo\Application Data\Windows System Defender (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\ivbdlg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\33457\WS734.exe (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WSDDSys\wsd.cfg (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carlos Clavijo\Application Data\Windows System Defender\cookies.sqlite (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Juan Clavijo\Application Data\Windows System Defender\cookies.sqlite (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Juan Clavijo\Application Data\Windows System Defender\Instructions.ini (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carlos Clavijo\Start Menu\Windows System Defender.lnk (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carlos Clavijo\Start Menu\Programs\Windows System Defender.lnk (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carlos Clavijo\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows System Defender.lnk (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Juan Clavijo\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows System Defender.lnk (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

Okay please reboot and run another Quick Scan and post back the new log.

k sorry for taking so long 2 answer man, i realize ur busy. and am sorry i am running a scan now and i will post the log

Malwarebytes' Anti-Malware 1.41
Database version: 3070
Windows 5.1.2600 Service Pack 3

11/1/2009 8:41:59 PM
mbam-log-2009-11-01 (20-41-58).txt

Scan type: Quick Scan
Objects scanned: 121514
Time elapsed: 18 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Well that log is clean, but you forgot to update before scanning too. Current rules are 3081 not 070

How is the computer running now?
Are there still any signs of an infection?

i've been trying to access this page and before i get here i am getting random offers and ad's and at the bottom of the screen it says skip add....is this associated with a virus? or would it be Vundo?

Malwarebytes' Anti-Malware 1.41
Database version: 3081
Windows 5.1.2600 Service Pack 3

11/1/2009 9:06:10 PM
mbam-log-2009-11-01 (21-06-10).txt

Scan type: Quick Scan
Objects scanned: 121711
Time elapsed: 12 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

and like i said except for the random ads there is no problem.

Remove all but the most recent Restore Point on Windows XP

You should Create a New Restore Point to prevent possible reinfection from an old one.
Some of the malware you picked up could have been saved in System Restore.
Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point.
Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
• If the shortcut is missing you can also click on START > RUN > and type in %SystemRoot%\system32\restore\rstrui.exe and click OK
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
• Give the new Restore Point a name, then click "Create".
• The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

• Then use the Disk Cleanup to remove all but the most recently created Restore Point.
• Go to Start > Run and type: Cleanmgr.exe
• Select the drive where Windows is installed and click "Ok". Disk Cleanup will scan your files for several minutes, then open.
• Click the "More Options" tab, then click the "Clean up" button under System Restore.
• Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
• Click Yes, then click Ok.
• Click Yes again when prompted with "Are you sure you want to perform these actions?"
• Disk Cleanup will remove the files and close automatically.
• On the Disk Cleanup tab, if the System Restore: Obsolete Data Stores entry is available remove them also.
• These are files that were created before Windows was reformatted or reinstalled. They are obsolete and you can delete them.

Additional information
Microsoft KB article: How to turn off and turn on System Restore in Windows XP
Bert Kinney's site: All about Windows System Restore

Then download a new copy of Combofix and run it and post back the log.

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe

Please post an update on this.

Well since I've not heard back I assume you feel your system is okay now. I'll be closing your post soon so please post an update if you still need help.

dude i just wanna say thank you for giving me the tools on how to clean my system. i will try to run a combofix again but the only thing that i found weird is that wen i tried to run combo-fix it recognized Windows System Defender still as an antivirus, so i dont know if i am completely clean or not. i will run one when i get to the "infected" computer and let you know. thanks once again

Because it probably needs to have the WMI entries removed. Please post the Combofix log and we'll finish up.

Please post an update.

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.