Total security and personal guard

I suddenly got total security 2009 and personal guard 2009. When you start up you have like 5 seconds before the virus kicks in, quickly went to taskmanager and ended their process. But I know the virus isnt gone. Ran MBAM found 42 infections the first time and it told me to restart so I did, but the virus started up again.

First log: http://pastebin.com/m3668e1

So I ran it a second time and heres the second times logs.

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

9/19/2009 1:58:08 PM
mbam-log-2009-09-19 (13-58-08).txt

Scan type: Quick Scan
Objects scanned: 84065
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wcenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

I already have avenger, combofix and MBAM. Tell me watcha need me to do so I can get rid of this crap. The virus just keeps coming back after MBAM deletes it.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Belahzur wrote:

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Everytime I restart total security comes back after numeros attempts with quickscan and full scan on MBAM. I dont know of this is a symptom of Total security but I am getting pop up ads on my web browser even though there clearly shouldnt be. Any help would be greatly appreciated...

Latest MBAM quick scan: http://pastebin.com/m68c01aba (Today)

Latest Full scan: http://pastebin.com/m151ab484 ( 4 days ago)

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\windows\system32\rapidade.dll
  c:\windows\system32\nazoduhi.dll
  c:\windows\system32\bamagedo.dll
  c:\windows\system32\kunozisi.dll
  c:\windows\system32\jarugimo.dll
  C:\windows\system32\bozehuka.dll.tmp
  c:\windows\system32\dezaliji.dll.tmp
  c:\windows\system32\pizayato.dll.tmp
  c:\windows\system32\vigiyehu.dll.tmp
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\rapidade.dll
c:\windows\system32\rapidade.dll NOT unregistered.
c:\windows\system32\rapidade.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\nazoduhi.dll
c:\windows\system32\nazoduhi.dll NOT unregistered.
c:\windows\system32\nazoduhi.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\bamagedo.dll
c:\windows\system32\bamagedo.dll NOT unregistered.
c:\windows\system32\bamagedo.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\kunozisi.dll
c:\windows\system32\kunozisi.dll NOT unregistered.
c:\windows\system32\kunozisi.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\jarugimo.dll
c:\windows\system32\jarugimo.dll NOT unregistered.
c:\windows\system32\jarugimo.dll moved successfully.
C:\windows\system32\bozehuka.dll.tmp moved successfully.
c:\windows\system32\dezaliji.dll.tmp moved successfully.
c:\windows\system32\pizayato.dll.tmp moved successfully.
c:\windows\system32\vigiyehu.dll.tmp moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09242009_194957

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Fine for now. Thanks!