virus/malware help!

merdoom

Hello!

To cut a long story short, avast found a virus - win32poly? which was removed a few days ago, then ran spybot which found nothing interesting, but comp is very slow, intenet connections keep dropping,and shutdown hangs sometimes.

I am now being diverted when i try and use google search to popeo auction and britania search and everything seems to be getting worse.

Today I have run malwarebytes which found -
registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a057a204-bacc-4d26-b2fc-48f8ccab3ed4} (Trojan.BHO) -> Quarantined and deleted successfully

After reboot i ran a full malwarebytes scan which found nothing else but problems are still happening, i can only access my bookmarked sites now so i can get on here still (thank goodness).
Any other ideas? i have hijackthis downloaded but not really sure where to go now.

Thanks in advance!

pcombo

Try housecall scan there normaly quite good. Or panda even.

merdoom

thanks for that but housecall found nothing, think i tried pandascan but will give it another go!

aliEnRIK

Hijack ~
Click DO A SCAN AND SAVE A LOGFILE (Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)


(if you COPY and PASTE a url into the address bar will that work?)

closed

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx

merdoom

hello!
Panda only found nothing else, and yes i can type the url or paste and it works its just if i try and search problems arise!

here is hijack log, thanks again in advance!

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 19:54:09, on 21/12/2009
Platform: Windows XP SP3, v.5857 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
\WINDOWS.0\System32\smss.exe
\WINDOWS.0\system32\winlogon.exe
\WINDOWS.0\system32\services.exe
\WINDOWS.0\system32\lsass.exe
\WINDOWS.0\system32\Ati2evxx.exe
\WINDOWS.0\system32\svchost.exe
\WINDOWS.0\System32\svchost.exe
\WINDOWS.0\system32\svchost.exe
\WINDOWS.0\system32\Ati2evxx.exe
c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
c:\Program Files\Alwil Software\Avast4\ashServ.exe
\WINDOWS.0\system32\spoolsv.exe
\Program Files\Virgin Broadband Wireless\AffinegyService.exe
\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
\Program Files\Java\jre6\bin\jqs.exe
\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
\Program Files\WinPcap\rpcapd.exe
\Program Files\SPAMfighter\sfus.exe
\WINDOWS.0\system32\svchost.exe
\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
c:\Program Files\Alwil Software\Avast4\ashWebSv.exe
\WINDOWS.0\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
\Program Files\Microsoft IntelliPoint\ipoint.exe
\Program Files\Java\jre6\bin\jusched.exe
\Program Files\SPAMfighter\SFAgent.exe
\Program Files\Search Guard Plus\SearchGuardPlus.exe
\WINDOWS.0\system32\ctfmon.exe
\Program Files\Spybot - Search & Destroy\TeaTimer.exe
\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Mrv8000x.exe
\Program Files\DeskPins\DeskPins.exe
\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
\WINDOWS.0\system32\wuauclt.exe
\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
\WINDOWS.0\System32\svchost.exe
\Program Files\Outlook Express\msimn.exe
\Program Files\Messenger\msmsgs.exe
\Program Files\Internet Explorer\iexplore.exe
\WINDOWS.0\explorer.exe
\Program Files\Internet Explorer\iexplore.exe
\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - \Program Files\Swag_Bucks\tbSwa1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - \Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - \Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - \Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - \Program Files\Swag_Bucks\tbSwa1.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - \Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - \Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - \Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - \Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - \Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - \Program Files\Swag_Bucks\tbSwa1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - \Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] c:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] \Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "D:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SGPUpdater] \Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [FBSearch] \Program Files\Search Guard Plus\SearchGuardPlus.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] \WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [igndlm.exe] \Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SpybotSD TeaTimer] \Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] \WINDOWS.0\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] \WINDOWS.0\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: DeskPins.lnk = \Program Files\DeskPins\DeskPins.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = \Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: WA-T2(3).lnk = C:\Mrv8000x.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS.0\system32\GPhotos.scr/200
O8 - Extra context menu item: Customize Menu - [URL]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - [URL]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - [URL]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - [URL]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - \PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - \Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - \Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - \WINDOWS.0\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - \WINDOWS.0\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - \WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - \WINDOWS.0\system32\browseui.dll
O23 - Service: AffinegyService - Affinegy, Inc. - \Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - \WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - \WINDOWS.0\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - \Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - \Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate1c9a618d4a6f14a) (gupdate1c9a618d4a6f14a) - Google Inc. - \Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - \Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - \Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - \Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - \Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - \Program Files\WinPcap\rpcapd.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - \Program Files\SPAMfighter\sfus.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - \Program Files\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 13687 bytes

aliEnRIK

Download HostsXpert
http://www.softpedia.com/get/Security/Security-Related/Hoster.shtml
and then follow the below steps.

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program

aliEnRIK

UNINSTALL ~
ASK toolbar
Swagg bucks toolbar (Thats a new one to me ~ nice one )

TICK these in hijack and click to FIX them ~
\Program Files\Search Guard Plus\SearchGuardPlus.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - \Program Files\Swag_Bucks\tbSwa1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - (no file)
O3 - Toolbar: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - \Program Files\Swag_Bucks\tbSwa1.dll
O4 - HKLM\..\Run: [SGPUpdater] \Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [FBSearch] \Program Files\Search Guard Plus\SearchGuardPlus.exe
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL="file:///"]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL="file:///"]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL="file:///"]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL="file:///"]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL="file:///"]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL="file:///"]file://D:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - \WINDOWS.0\system32\browseui.dll
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - \Program Files\Windows Media Player\WMPNetwk.exe (file missing)

Can you then please open malwarebytes, goto LOGS and post the WHOLE of the last log (Even though it didnt find anything)

theboylard

Not very helpful, but a suggestion for the future:

Toolbars - never found a really useful one yet, just say no!
Please read prompts whenever you are installing software, just because the software comes with a "free toolbar" doesn't mean that you have to install it!

Something that is useful though, use Firefox instead.

Not being mean or nasty, just some well meaning advice.

merdoom

thanks theboylard, i know i should check more carefully, and I use firefox on my netbook so not sure why i don't on this one - ill keep it in mind!
Alienrick - have followed all steps so far, this is the mwb fil from earlier but do i need to run a new one? thank you for all your help!!

Malwarebytes' Anti-Malware 1.42
Database version: 3402
Windows 5.1.2600 Service Pack 3, v.5857
Internet Explorer 7.0.5730.13
21/12/2009 18:24:41
mbam-log-2009-12-21 (18-24-41).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 209795
Time elapsed: 39 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

aliEnRIK

Have you run hostsxpert yet? if not thats your priority

Then run some cleaners as your computers a bit of a mess

Download CCLEANER
http://www.ccleaner.com/download/builds/downloading-slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)


reboot

Download GLARY UTILITIES
http://www.glaryutilities.com/download/gusetup_slim.exe
Run the ONE CLICK scan
Goto MODULES / SYSTEM TOOLS / WINDOWS STANDARD TOOLS / then run SYSTEM FILE CHECKER

then reboot and ~
Please run COMBOFIX

Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)

If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download