WIN32:MALWARE-GEN keeps infecting files and isnt detected.

basically this how it goes:
i realised i have loads of viruses,
downloaded avast
did some scans and deleted/chested all files.
but! some which i dont remember their name as avast shortens it keep not getting deleted, and many files are directed at/infected my win32:malware-gen. i saw many people have the problem that they cant delete it and this is really depressing…

i saw many many many threads about this, and i followed one which told me to download malwarebytes, and scan. i did and it detected some files that avast has not detected…

it said it could not delete some of them and here is the log (people said to post the log to see whats in it or something):

Objects scanned: 179421 Time elapsed: 17 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\uluyoyulid.dll (Trojan.Hiloti) → Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID{b1d77eea-6c3e-ce81-389f-ec99fc48ec8c} (Trojan.Hiloti) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{B1D77EEA-6C3E-CE81-389F-EC99FC48EC8C} (Trojan.Hiloti) → Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kxureneqehexopa (Trojan.Hiloti) → Value: Kxureneqehexopa → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) → Value: host-domain-lookup.com → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) → Value: www.host-domain-lookup.com → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) → Value: mysearchnow.com → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) → Value: www.mysearchnow.com → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2B5BEEEC4E692BCD (Trojan.SpyEyes) → Value: 2B5BEEEC4E692BCD → Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.

Folders Infected:
c:\winntse.bin (Trojan.SpyEyes) → Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\uluyoyulid.dll (Trojan.Hiloti) → Delete on reboot.
c:\documents and settings\re’em\local settings\temporary internet files\content.ie5\n068ymcz\bg_altcup_brightvale[1].gif (Extension.Mismatch) → Quarantined and deleted successfully.
c:\documents and settings\re’em\local settings\temporary internet files\content.ie5\n068ymcz\bg_altcup_darigan[1].gif (Extension.Mismatch) → Quarantined and deleted successfully.
c:\documents and settings\re’em\local settings\temporary internet files\content.ie5\n068ymcz\bg_dd_underwaterblur[1].gif (Extension.Mismatch) → Quarantined and deleted successfully.
c:\documents and settings\re’em\local settings\temporary internet files\content.ie5\n068ymcz\bg_greyday[1].gif (Extension.Mismatch) → Quarantined and deleted successfully.
c:\winntse.bin\config.bin (Trojan.SpyEyes) → Quarantined and deleted successfully.

i have experienced some problems similar to keylogging … and when i click on links on wikipedia it sometimes redirects me to other random websites… PLEASE HELP ME THIS IS GETTING UNBEARABLE…

and i dont want a keylogger to get all my personal details…

there have also been files that were suspected to be infected by physical drive or something/MRB.
and the windows debugger has been popping up continuously for the last few days, i dont know whats going on…

ALL help appreciated.
thanks in advance.

Hi lets see what remains

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrscan.gif

Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrsavelog.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

THEN

Download OTS to your Desktop and double-click on it to run it

[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

[*]Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.

essexboy, whatt will i do without your help, you are an angel! im doing what you wrote in a second, log will come in a few minutes.

thanks for the quick reply

I am all agog ;D

finished both things you said, how should i attach the second log? as the second log as you probably know is really, really, really long …

meanwhile here is the first one :

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software Run date: 2011-04-21 20:58:02 ----------------------------- 20:58:02.765 OS Version: Windows 5.1.2600 Service Pack 3 20:58:02.765 Number of processors: 2 586 0xF06 20:58:02.765 ComputerName: REEM1 UserName: Re'em 20:58:03.187 Initialize success 20:59:13.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0 20:59:13.390 Disk 0 Vendor: WDC_WD3200AAKS-00SBA0 12.01B01 Size: 305244MB BusType: 3 20:59:13.390 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD3200AAKS-00SBA0___________________12.01B01#5&1726dd96&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found 20:59:13.406 Device \Driver\atapi -> DriverStartIo 86cd727f 20:59:15.406 Disk 0 MBR read successfully 20:59:15.406 Disk 0 MBR scan 20:59:15.406 Disk 0 TDL4@MBR code has been found 20:59:15.406 Disk 0 MBR hidden 20:59:15.406 Disk 0 MBR [TDL4] **ROOTKIT** 20:59:15.406 Disk 0 trace - called modules: 20:59:15.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86cd7439]< \Device\Harddisk0\DR0[0x86ce7030] 20:59:15.421 3 CLASSPNP.SYS[f74f0fd7] -> nt!IofCallDriver -> \Device\0000007a[0x86d21f18] 20:59:15.421 5 ACPI.sys[f7367620] -> nt!IofCallDriver -> [0x86d83940] 20:59:15.421 \Driver\atapi[0x86da4f38] -> IRP_MJ_CREATE -> 0x86cd7439 20:59:15.437 Scan finished successfully

OK me sees your problem. Just attach the log using addtional options on the bottom left

Re-Run aswMBR

Click Scan

On completion of the scan

Click the FixButton

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrtdl4.gif

Save the log as before and post in your next reply

im doing what you told me thanks again

the second long log you told me to attack is too big to be posted what should i do?

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software Run date: 2011-04-21 21:43:55 ----------------------------- 21:43:55.968 OS Version: Windows 5.1.2600 Service Pack 3 21:43:55.968 Number of processors: 2 586 0xF06 21:43:55.968 ComputerName: REEM1 UserName: Re'em 21:43:56.156 Initialize success 21:43:58.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0 21:43:58.453 Disk 0 Vendor: WDC_WD3200AAKS-00SBA0 12.01B01 Size: 305244MB BusType: 3 21:43:58.453 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD3200AAKS-00SBA0___________________12.01B01#5&1726dd96&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found 21:43:58.453 Device \Driver\atapi -> DriverStartIo 86cd727f 21:44:00.453 Disk 0 MBR read successfully 21:44:00.453 Disk 0 MBR scan 21:44:00.453 Disk 0 TDL4@MBR code has been found 21:44:00.453 Disk 0 MBR hidden 21:44:00.468 Disk 0 MBR [TDL4] **ROOTKIT** 21:44:00.468 Disk 0 trace - called modules: 21:44:00.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86cd7439]< \Device\Harddisk0\DR0[0x86ce7030] 21:44:00.484 3 CLASSPNP.SYS[f74f0fd7] -> nt!IofCallDriver -> \Device\0000007a[0x86d21f18] 21:44:00.484 5 ACPI.sys[f7367620] -> nt!IofCallDriver -> [0x86d83940] 21:44:00.484 \Driver\atapi[0x86da4f38] -> IRP_MJ_CREATE -> 0x86cd7439 21:44:00.484 Scan finished successfully 21:44:11.593 Disk 0 fixing MBR 21:44:21.593 Disk 0 MBR restored successfully 21:44:21.609 Infection fixed successfully - please reboot ASAP

ok, im going to reboot now, hopefully you would have seen this by the time i have done this.
thanks again!

Yep I see it - but I got logged out whilst replying ;D

upload OTS to Mediafire and post the sharing link.

And check that the redirects have gone once you have rebooted ;D

the redirects seem to have disappeared, i might have to wait a bit to be sure.

THANKS!

this is the URL to share they gave:
http://www.mediafire.com/?8i92ddx5lkhykus

You have a lot of McAfee drivers still running on your system - I will find the McAfee uninstall tool for you ;D

A few more bits to go - this run may take a few minutes as you have lots of temporary files

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (gupdate) Google Update Service (gupdate) [Auto | Stopped] -> 
[Driver Services - Safe List]
YY -> (nod32drv) nod32drv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\nod32drv.sys
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {CD292324-974F-4224-D074-CACA427AA030} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{CD292324-974F-4224-D074-CACA427AA030}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1292428093-1965331169-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1292428093-1965331169-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{CD292324-974F-4224-D074-CACA427AA030}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_USERS\S-1-5-21-1292428093-1965331169-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1292428093-1965331169-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Odaxi" -> [rundll32.exe  "C:\WINDOWS\mstcsr.dll",Startup]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{e6163db4-ae7e-11dd-b4ff-001a4d4056fd}\Shell\AutoRun\\"" -> [Auto&Play]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6163db4-ae7e-11dd-b4ff-001a4d4056fd}\Shell\AutoRun\command -> 
YN -> \{e6163db4-ae7e-11dd-b4ff-001a4d4056fd}\Shell\AutoRun\command\\"" -> [C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL /RECYCLER/giwddggw.exe navg]
YN -> \{e6163db5-ae7e-11dd-b4ff-001a4d4056fd}\Shell\AutoRun\\"" -> [Auto&Play]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6163db5-ae7e-11dd-b4ff-001a4d4056fd}\Shell\AutoRun\command -> 
YN -> \{e6163db5-ae7e-11dd-b4ff-001a4d4056fd}\Shell\AutoRun\command\\"" -> [C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL /RECYCLER/fqmnuvdp.exe navg]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YY -> nod32kui hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Eset\nod32kui.exe
[Files/Folders - Modified Within 30 Days]
NY ->  MBR.dat -> C:\Documents and Settings\Re'em\Desktop\MBR.dat
NY ->  Fmaxuvetidaci.bin -> C:\WINDOWS\Fmaxuvetidaci.bin
NY ->  Rfulutejefifino.dat -> C:\WINDOWS\Rfulutejefifino.dat
[Files - No Company Name]
NY ->  Rfulutejefifino.dat -> C:\WINDOWS\Rfulutejefifino.dat
NY ->  Fmaxuvetidaci.bin -> C:\WINDOWS\Fmaxuvetidaci.bin
[File - Lop Check]
NY ->  A2DE197F90658DDB.job -> C:\WINDOWS\Tasks\A2DE197F90658DDB.job
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

McAfee removal tool http://service.mcafee.com/FAQDocument.aspx?id=TS100507

ok, thanks. are the many temporary files harmful? can i remove them in any way and will it do anything?(does it slow internet speed?)

ill do what u said, thanks. (and post log)

Nope the temporay files are - to be polite - just junk, and OTS will clean them away for you ;D

im in the process of deleting mcaaffee (or however it’s spelt…)

but when i rebooted (for the 3rd time now) this message appared after i restarted (also 3rd time):
RUNDLL
erroe loading c:/windows/mstcsr.dll
the specific module could not be found

whats this? is this related to anything i did? is this something i should worry about?

also avast just detected c:/…/sessionstore-23.js …anything to worry about?

OK lets remove it manually

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Processes - Safe List]
YY -> mcmscsvc.exe -> C:\Program Files\McAfee\MSC\mcmscsvc.exe
YY -> mcnasvc.exe -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
YY -> mcagent.exe -> c:\Program Files\McAfee.com\Agent\mcagent.exe
YY -> mpfsrv.exe -> C:\Program Files\McAfee\MPF\MpfSrv.exe
YY -> mcproxy.exe -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
YY -> msksrver.exe -> C:\Program Files\McAfee\MSK\msksrver.exe
YY -> mcshield.exe -> C:\Program Files\McAfee\VirusScan\Mcshield.exe
YY -> mwlsvc.exe -> C:\Program Files\McAfee\MWL\MwlSvc.exe
[Win32 Services - Safe List]
YY -> (McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
YY -> (mcmscsvc) McAfee Services [Auto | Running] -> C:\Program Files\McAfee\MSC\mcmscsvc.exe
YY -> (McSysmon) McAfee SystemGuards [Disabled | Stopped] -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe
YY -> (McNASvc) McAfee Network Agent [Auto | Running] -> c:\program files\common files\mcafee\mna\mcnasvc.exe
YY -> (MpfService) McAfee Personal Firewall Service [Auto | Running] -> C:\Program Files\McAfee\MPF\MPFSrv.exe
YY -> (McProxy) McAfee Proxy Service [Auto | Running] -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
YY -> (MSK80Service) McAfee SpamKiller Service [Auto | Running] -> C:\Program Files\McAfee\MSK\MskSrver.exe
YY -> (McODS) McAfee Scanner [On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe
YY -> (McShield) McAfee Real-time Scanner [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe
YY -> (NOD32krn) NOD32 Kernel Service [Auto | Running] -> C:\Program Files\Eset\nod32krn.exe
YY -> (MWLSvc) McAfee Wireless Network Security Service [On_Demand | Running] -> C:\Program Files\McAfee\MWL\MwlSvc.exe
[Driver Services - Safe List]
YY -> (mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\mfehidk.sys
YY -> (mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mfeavfk.sys
YY -> (mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mfesmfk.sys
YY -> (mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mfebopk.sys
YY -> (mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mferkdk.sys
YY -> (MPFP) MPFP [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\Mpfp.sys
YY -> (AMON) AMON [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\amon.sys
YY -> (nod32drv) nod32drv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\nod32drv.sys
YY -> (WscNetDr) MWL Filter Miniport [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\WscNetDr.sys
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1292428093-1965331169-839522115-1003\] > -> 
YY -> HKEY_USERS\S-1-5-21-1292428093-1965331169-839522115-1003\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar]
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
YY -> HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files\McAfee\SiteAdvisor [C:\PROGRAM FILES\MCAFEE\SITEADVISOR]
< FireFox Extensions [Program Folders] > -> 
YY -> XULRunner -> C:\DOCUMENTS AND SETTINGS\RE'EM\LOCAL SETTINGS\APPLICATION DATA\{C8D2290D-7416-4595-8C9A-A512C2DA81C1}
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> c:\Program Files\McAfee\MSK\mskapbho.dll [McAfee Phishing Filter]
YY -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy]
YY -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "mcagent_exe" -> C:\Program Files\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey]
YY -> "MWLExe" -> C:\Program Files\Mcafee\MWL\MWLGui.exe [C:\Program Files\Mcafee\MWL\MWLGui.exe /Start]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YY -> "C:\Program Files\McAfee\MWL\MwlSvc.exe" -> C:\Program Files\McAfee\MWL\MwlSvc.exe [C:\Program Files\McAfee\MWL\MwlSvc.exe:*:Enabled:McAfee Wireless Network Security]
YN -> "C:\Program Files\Pando Networks\Media Booster\PMB.exe" -> C:\Program Files\Pando Networks\Media Booster\PMB.exe [C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YY -> nod32kui hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Eset\nod32kui.exe
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

All Processes Killed [Win32 Services - Safe List] Service gupdate stopped successfully! [Driver Services - Safe List] Error: Unable to stop service nod32drv! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nod32drv deleted successfully. C:\WINDOWS\system32\drivers\nod32drv.sys moved successfully. [Registry - Safe List] Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD292324-974F-4224-D074-CACA427AA030}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{CD292324-974F-4224-D074-CACA427AA030} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\ not found. Registry value HKEY_USERS\S-1-5-21-1292428093-1965331169-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CD292324-974F-4224-D074-CACA427AA030} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\ not found. Registry value HKEY_USERS\S-1-5-21-1292428093-1965331169-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Odaxi deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6163db4-ae7e-11dd-b4ff-001a4d4056fd}\Shell\AutoRun\\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6163db4-ae7e-11dd-b4ff-001a4d4056fd}\Shell\AutoRun\command\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6163db4-ae7e-11dd-b4ff-001a4d4056fd}\Shell\AutoRun\command not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6163db5-ae7e-11dd-b4ff-001a4d4056fd}\Shell\AutoRun\\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6163db5-ae7e-11dd-b4ff-001a4d4056fd}\Shell\AutoRun\command\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6163db5-ae7e-11dd-b4ff-001a4d4056fd}\Shell\AutoRun\command not found. [Registry - Additional Scans - Safe List] Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nod32kui hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found. File not found. C:\Program Files\Eset\nod32kui.exe moved successfully. [Files/Folders - Modified Within 30 Days] C:\Documents and Settings\Re'em\Desktop\MBR.dat moved successfully. C:\WINDOWS\Fmaxuvetidaci.bin moved successfully. C:\WINDOWS\Rfulutejefifino.dat moved successfully. [Files - No Company Name] File C:\WINDOWS\Rfulutejefifino.dat not found! File C:\WINDOWS\Fmaxuvetidaci.bin not found! [File - Lop Check] C:\WINDOWS\Tasks\A2DE197F90658DDB.job moved successfully. [Custom Items] ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Re'em\My Documents\Downloads\cmd.bat deleted successfully. C:\Documents and Settings\Re'em\My Documents\Downloads\cmd.txt deleted successfully. [Empty Temp Folders]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2921821 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 118788276 bytes
->Flash cache emptied: 3209 bytes

User: Re’em
->Temp folder emptied: 214787318 bytes
->Temporary Internet Files folder emptied: 280585230 bytes
->Java cache emptied: 81638344 bytes
->FireFox cache emptied: 122497902 bytes
->Google Chrome cache emptied: 117806646 bytes
->Opera cache emptied: 74352374 bytes
->Flash cache emptied: 2048569 bytes

User: Reem

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 3590161 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 234222909 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 97941108 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 6061264822 bytes

Total Files Cleaned = 7,070.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Re’em
->Flash cache emptied: 0 bytes

User: Reem

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.42.0 fix logfile created on 04212011_230310

Files\Folders moved on Reboot…
File move failed. C:\WINDOWS\temp_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot…

no popup box, but it rebooted then the notepad popped up.

now ill do the second on you told me.

log from the second one:

[Processes - Safe List]
No active process named mcmscsvc.exe was found!
File C:\Program Files\McAfee\MSC\mcmscsvc.exe not found.
No active process named mcnasvc.exe was found!
File c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe not found.
No active process named mcagent.exe was found!
File c:\Program Files\McAfee.com\Agent\mcagent.exe not found.
No active process named mpfsrv.exe was found!
File C:\Program Files\McAfee\MPF\MpfSrv.exe not found.
No active process named mcproxy.exe was found!
File c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe not found.
No active process named msksrver.exe was found!
File C:\Program Files\McAfee\MSK\msksrver.exe not found.
No active process named mcshield.exe was found!
File C:\Program Files\McAfee\VirusScan\Mcshield.exe not found.
No active process named mwlsvc.exe was found!
File C:\Program Files\McAfee\MWL\MwlSvc.exe not found.
[Win32 Services - Safe List]
Error: No service named McAfee SiteAdvisor Service was found to stop!
Service\Driver key McAfee SiteAdvisor Service not found.
File C:\Program Files\McAfee\SiteAdvisor\McSACore.exe not found.
Error: No service named mcmscsvc was found to stop!
Service\Driver key mcmscsvc not found.
File C:\Program Files\McAfee\MSC\mcmscsvc.exe not found.
Error: No service named McSysmon was found to stop!
Service\Driver key McSysmon not found.
File C:\Program Files\McAfee\VirusScan\mcsysmon.exe not found.
Error: No service named McNASvc was found to stop!
Service\Driver key McNASvc not found.
File c:\program files\common files\mcafee\mna\mcnasvc.exe not found.
Error: No service named MpfService was found to stop!
Service\Driver key MpfService not found.
File C:\Program Files\McAfee\MPF\MPFSrv.exe not found.
Error: No service named McProxy was found to stop!
Service\Driver key McProxy not found.
File c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe not found.
Error: No service named MSK80Service was found to stop!
Service\Driver key MSK80Service not found.
File C:\Program Files\McAfee\MSK\MskSrver.exe not found.
Error: No service named McODS was found to stop!
Service\Driver key McODS not found.
File C:\Program Files\McAfee\VirusScan\mcods.exe not found.
Error: No service named McShield was found to stop!
Service\Driver key McShield not found.
File C:\Program Files\McAfee\VirusScan\Mcshield.exe not found.
Error: Unable to stop service NOD32krn!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NOD32krn deleted successfully.
C:\Program Files\Eset\nod32krn.exe moved successfully.
Error: No service named MWLSvc was found to stop!
Service\Driver key MWLSvc not found.
File C:\Program Files\McAfee\MWL\MwlSvc.exe not found.
[Driver Services - Safe List]
Error: No service named mfehidk was found to stop!
Service\Driver key mfehidk not found.
File C:\WINDOWS\system32\drivers\mfehidk.sys not found.
Error: No service named mfeavfk was found to stop!
Service\Driver key mfeavfk not found.
File C:\WINDOWS\system32\drivers\mfeavfk.sys not found.
Error: No service named mfesmfk was found to stop!
Service\Driver key mfesmfk not found.
File C:\WINDOWS\system32\drivers\mfesmfk.sys not found.
Error: No service named mfebopk was found to stop!
Service\Driver key mfebopk not found.
File C:\WINDOWS\system32\drivers\mfebopk.sys not found.
Error: No service named mferkdk was found to stop!
Service\Driver key mferkdk not found.
File C:\WINDOWS\system32\drivers\mferkdk.sys not found.
Error: No service named MPFP was found to stop!
Service\Driver key MPFP not found.
File C:\WINDOWS\system32\drivers\Mpfp.sys not found.
Error: Unable to stop service AMON!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMON deleted successfully.
C:\WINDOWS\system32\drivers\amon.sys moved successfully.
Error: No service named nod32drv was found to stop!
Service\Driver key nod32drv not found.
File C:\WINDOWS\system32\drivers\nod32drv.sys not found.
Error: No service named WscNetDr was found to stop!
Service\Driver key WscNetDr not found.
File C:\WINDOWS\system32\drivers\WscNetDr.sys not found.
[Registry - Safe List]
Registry key HKEY_USERS\S-1-5-21-1292428093-1965331169-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URLSearchHooks not found.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{B7082FAA-CB62-4872-9106-E42DD88EDE45} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{B7082FAA-CB62-4872-9106-E42DD88EDE45}\ not found.
File C:\Program Files\McAfee\SiteAdvisor not found.
C:\DOCUMENTS AND SETTINGS\RE’EM\LOCAL SETTINGS\APPLICATION DATA{C8D2290D-7416-4595-8C9A-A512C2DA81C1}\chrome\content folder moved successfully.
C:\DOCUMENTS AND SETTINGS\RE’EM\LOCAL SETTINGS\APPLICATION DATA{C8D2290D-7416-4595-8C9A-A512C2DA81C1}\chrome folder moved successfully.
C:\DOCUMENTS AND SETTINGS\RE’EM\LOCAL SETTINGS\APPLICATION DATA{C8D2290D-7416-4595-8C9A-A512C2DA81C1} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
File c:\Program Files\McAfee\MSK\mskapbho.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
File C:\Program Files\McAfee\VirusScan\scriptsn.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcagent_exe not found.
File C:\Program Files\McAfee.com\Agent\mcagent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MWLExe not found.
File C:\Program Files\Mcafee\MWL\MWLGui.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\McAfee\MWL\MwlSvc.exe deleted successfully.
File C:\Program Files\McAfee\MWL\MwlSvc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Pando Networks\Media Booster\PMB.exe deleted successfully.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nod32kui hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
File C:\Program Files\Eset\nod32kui.exe not found.
< End of fix log >
OTS by OldTimer - Version 3.1.42.0 fix logfile created on 04212011_231827

This is the second scan.

this time when i tried to open OTS avast said that it might be harmful, and that its from oldtimer.keekstogo.com/ots.exe
nothing i should worry about, right? (i opened it normally, not in sandbox)

also, as i see you know what youa re doing and are more than amazing with these things, will the things u gave me have removed any possible keylogger?

thanks again ;D ;D ;D

Open it normally, avast can see the functions it carries out and it right to question it, but it is from a known source and programmer.

Total Files Cleaned = 7,070.00 mb
Lots of junk gone now ;D

What are your current problems ?