Malware infection and following the guide.

[warnolo]

Hi. I think i have some infection on my computer and i'm following the guide.

Here is my log after the first scan with MBAM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versión de la Base de Datos: 911122201

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22/12/2011 1:24:59
mbam-log-2011-12-22 (01-24-59).txt

Tipos de Análisis: Análisis Rápido
Objetos examinados: 183832
Tiempo transcurrido: 3 minuto(s), 6 segundo(s)

Procesos en Memoria Infectados: 0
Módulos de Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Archivos Infectados: 1

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos de Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Archivos Infectados:
c:\Users\Usuario\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\dxdiag.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


Sorry for the language, i'm spanish

[Pondus]

attch the rest of the logs...read the guide

lower left corner > additional options > attach

[warnolo]

Ok, now getting to the next step.

Edit: wrong format, now is the right one.

Also, after getting into the disk manager what should i do?

Edit 2: sorry, too stupid to read.

[warnolo]

Now the log of the aswMBR

Getting to the last step.

[warnolo]

Ok, last step.

so after this everything should work well?

[warnolo]

Damn it, i'm still infected.

Should i repeat all the process?

[Pondus]

Damn it, i'm still infected.

Should i repeat all the process?

now you go to sleep....then come back tomorrow when essexboy have looked at the log...
Then the removal begins   

he is usually in here around 08:00pm - 11:59pm UK time

[warnolo]

ok, i'll try to sleep, i'm nervious and not knowing what is going to be.

[warnolo]

Also the infected file that gives me problems looks like is called dxdiag.exe and i can't disable it.

Well, anyway, i'll go to sleep.

[warnolo]

Here i am again, panicing like crazy and i can't really relax.

I changed all my important passwords on another computer and now i'm just waiting.

I could just format the disk and leave it like comming from the factory, but still i'm waiting an awnser about this. Now i just need any tip to relax because I'm still too nervious to do anything.

[Asyn]

Now i just need any tip to relax because I'm still too nervious to do anything.

Don't panic..!
And wait for essexboy...

[warnolo]

worst think is that now i see viruses anywere everywere and now i don't even dare to use my email account even in this computer.

I would be happy if just anyone could tell me "Nah, is just a bothering thing but nothing serious, so don't be scared about a machine taking your whole life from the net" but well, i don't want to lie to myself.

Also, sorry if i talk too much, i just need to express myself or i would feel worse.

[Asyn]

Also, sorry if i talk too much, i just need to express myself or i would feel worse.

NP at all, still you have to be patient.

[essexboy]

Hi on completion could you let me know what problems you are experiencing

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
  IE - HKU\S-1-5-21-1389257832-4104621990-2468260417-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
  O3 - HKU\S-1-5-21-1389257832-4104621990-2468260417-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O3 - HKU\S-1-5-21-1389257832-4104621990-2468260417-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
  O3 - HKU\S-1-5-21-1389257832-4104621990-2468260417-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  O4 - Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()
  
  :Files
  ipconfig /flushdns /c
  xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
  xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
  xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
  xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[warnolo]

I posted it on Unicode because it says that some characters would be lost in ansi, but i still have the log open.

Also i have to run the problem mode (don't really know how is called in english) because now my screen gets black except the cursor.

So is something serious?