Tuesday,

Can you please ensure Word Wrap is off and try posting the log again? It looks to have deleted some junk but, I'm having real trouble reading it

From the Menu Bar in Notepad, click on Edit > Word Wrap. The check mark will disappear, indicating the feature is turned off.

Malwarebytes' Anti-Malware 1.41
Database version: 3001
Windows 6.0.6001 Service Pack 1
10/20/2009 7:49:25 PM
mbam-log-2009-10-20 (19-49-25).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 259826
Time elapsed: 2 hour(s), 24 minute(s), 15 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
C:\Windows\msa.exe (Trojan.Agent) -> Failed to unload process.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\tuesday\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\4J6KB46P\A-Install-fc9e_2001-41[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\tuesday\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\92QXGPMZ\A-Install-137082_2001-41[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\tuesday\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\92QXGPMZ\A-Install-27ab1_2001-41[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\tuesday\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\92QXGPMZ\A-Install-83cd30b_2001-41[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Windows\msa.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\tuesday\AppData\Local\Temp\b.exe (Trojan.Downloader) -> Delete on reboot.

Sorry for that. Thanks, Chris!

No probs Tuesday. Please follow up with this:

Next, lets download ComboFix.exe. This will give me a better view to the files running, those that are hidden, and also those in the registry..Please download from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
Combofix -> Anti-malware Tools -> Downloads


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

Hi Chris! Attached is the combofix log. Thanks!

Tuesday,

There are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Please note that as long as you are using any form of P2P networking to download files you can anticipate infestations of malware to occur.

P2P file sharing used to be fairly safe. This is no longer true; continue to use P2P sharing at your own risk!

Keep in mind that this practice may be the source of your current malware infestation.

References... citing the risk factors, of using P2P programs:
Malware: Help prevent the Infection
IM And P2P Malware Threats Nearly Triple
How to Prevent the Online Invasion of Spyware and Adware

I strongly recommend that you uninstall:


LimeWire

You can do so using the Control Panel >> Add or Remove Programs function. However, that choice is up to you.

As long as you have the P2P program(s) installed, per PCHF Policy, I can offer you no further assistance.

If you choose to remove these programs, when finished: Please generate a new ComboFix log for review