doogals213

may have spoken a little too soon. everything looked good. left the computer on for a few hours and left it alone after putting AVG back on. Came back to a warning of 4 or 5 trojans i believe. tried to remove with AVG and it didnt do anything. did a quick scan on MBAM and it came back with nothing so i did a full scan on MBAM and it found 5 items a believe which i removed. heres the log: Malwarebytes' Anti-Malware 1.40 Database version: 2773 Windows 5.1.2600 Service Pack 3 9/10/2009 5:30:09 PM mbam-log-2009-09-10 (17-30-09).txt Scan type: Full Scan (C:\|) Objects scanned: 191237 Time elapsed: 1 hour(s), 8 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\cleanup.exe.vir (Trojan.Banker) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\msxml71.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{8BC79291-E322-403F-8E40-1FBD3FCA0EBD}\RP1\A0000025.exe (Trojan.Banker) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{8BC79291-E322-403F-8E40-1FBD3FCA0EBD}\RP1\A0000062.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Avenger\fufagp\ucchsysguard.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

OK! it looks like everything is running as it should. Not having any false notifications, redirects of web searches, warnings, etc. Also I was able to install a brand new MBAM and have it update (have not run it yet). I'd say it looks like things are good! Anything else I should do to make sure everything is clean? Thanks for everything!

Security Check report: Results of screen317's Security Check version 0.98.9 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! WMIC entry does not exist for antivirus; attempting automatic update. `````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 Java 6 Update 15 Java 6 Update 7 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 7.0 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log``````````` ill use this machine today and post how its running

F-Secure report: Scanning Report Thursday, September 10, 2009 11:19:27 - 11:36:46 Computer name: YOUR-30D2354FBC Scanning type: Quick scan Target: System 11 malware found TrackingCookie.2o7 (spyware) * System (Disinfected) TrackingCookie.Advertising (spyware) * System (Disinfected) TrackingCookie.Atdmt (spyware) * System (Disinfected) TrackingCookie.Revsci (spyware) * System (Disinfected) TrackingCookie.Zanox (spyware) * System (Disinfected) TrackingCookie.Adbrite (spyware) * System (Disinfected) TrackingCookie.Webtrends (spyware) * System (Disinfected) TrackingCookie.Mediaplex (spyware) * System (Disinfected) TrackingCookie.Statcounter (spyware) * System (Disinfected) TrackingCookie.Atwola (spyware) * System (Disinfected) TrackingCookie.Yieldmanager (spyware) * System (Disinfected) Statistics Scanned: * Files: 3535 * System: 3535 * Not scanned: 0 Actions: * Disinfected: 11 * Renamed: 0 * Deleted: 0 * Not cleaned: 0 * Submitted: 0 Options Scanning engines: Copyright

ok had a little success there. not all the items you listed for me to wipe showed up on the rootrepeal scan this time but i restarted, grabbed a new combofix and it ran! here is the log: ComboFix 09-09-08.05 - M285 09/08/2009 20:28.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.581 [GMT -5:00] Running from: c:\documents and settings\M285\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\cleanup.exe c:\documents and settings\All Users\Application Data\robaterase.inf c:\documents and settings\All Users\Application Data\upufew.lib c:\documents and settings\All Users\Documents\iwoxik.ban c:\documents and settings\All Users\Documents\sepif._dl c:\documents and settings\All Users\Documents\welypy.inf c:\documents and settings\M285\Cookies\eqarijo.pif c:\documents and settings\M285\Cookies\kefu.sys c:\documents and settings\M285\Local Settings\Application Data\jyrusog.sys c:\documents and settings\M285\Local Settings\Temporary Internet Files\wigewen.sys C:\drivers c:\drivers\Audio\INFCACHE.1 C:\LHT114.tmp C:\LHT184.tmp C:\LHT77.tmp C:\LHT82C.tmp C:\LHT9D.tmp c:\windows\run.log c:\windows\system32\drivers\UACqjoehyikxa.sys c:\windows\system32\msXMl71.dll c:\windows\system32\UACbmqyanykyf.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACjixexwpnil.dat c:\windows\system32\UACkkvirwbwrl.dll c:\windows\system32\UACpkmkvvmpfv.dll c:\windows\system32\UACtqljtrkuuv.db . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_UACd.sys -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 ))))))))))))))))))))))))))))))) . 2009-09-08 22:21 . 2009-09-08 22:21 -------- d-----w- C:\RootRepeal 2009-09-04 05:12 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-04 05:12 . 2009-09-04 05:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-04 05:12 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-28 18:37 . 2009-08-28 18:37 574 ----a-w- C:\cleanup.bat 2009-08-28 18:37 . 2009-08-28 18:37 135168 ----a-w- C:\zip.exe 2009-08-25 03:29 . 2009-08-25 03:29 -------- d--h--w- c:\windows\PIF 2009-08-15 00:05 . 2009-09-04 05:10 -------- d-----w- c:\program files\fixit 2009-08-14 17:01 . 2009-08-14 23:57 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-12 13:15 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-09 01:36 . 2008-09-03 00:21 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2009-09-09 01:36 . 2008-08-07 00:16 56680 ----a-w- c:\windows\system32\rpcnet.dll 2009-09-08 22:14 . 2008-05-31 00:01 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2009-08-14 23:57 . 2008-12-08 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-14 23:54 . 2008-10-14 04:28 -------- d-----w- c:\program files\Lavasoft 2009-08-14 23:54 . 2008-10-14 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-13 09:09 . 2008-08-28 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-12 15:31 . 2008-09-08 23:13 -------- d-----w- c:\program files\Java 2009-08-10 19:42 . 2008-08-07 00:15 56680 ----a-w- c:\windows\system32\rpcnet.exe 2009-08-07 21:31 . 2008-09-08 23:15 -------- d-----w- c:\documents and settings\M285\Application Data\LimeWire 2009-08-05 09:01 . 2008-05-30 23:38 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-25 10:23 . 2008-12-01 16:25 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2008-05-30 23:34 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 04:43 . 2006-06-22 21:07 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 03:35 . 2008-05-31 05:37 69616 ----a-w- c:\documents and settings\M285\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-22 10:38 . 2009-06-22 10:38 93 ----a-w- c:\windows\system32\SKYNET.dat 2009-06-19 15:05 . 2009-06-19 15:20 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-06-19 15:05 . 2009-06-19 15:05 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-06-16 14:36 . 2006-06-22 21:06 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2006-06-22 21:06 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 12:31 . 2008-05-30 23:39 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2006-06-22 21:06 76288 ----a-w- c:\windows\system32\telnet.exe . ((((((((((((((((((((((((((((( SnapShot@2009-07-23_04.23.22 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-12 00:41 . 2009-07-12 00:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll + 2009-09-09 01:36 . 2009-09-09 01:36 16384 c:\windows\temp\Perflib_Perfdata_2cc.dat + 2008-07-14 11:09 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe + 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe + 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe + 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll + 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll - 2006-06-23 04:21 . 2009-07-23 03:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-06-23 04:21 . 2009-09-09 00:55 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-06-23 04:21 . 2009-07-23 03:09 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2006-06-23 04:21 . 2009-09-09 00:55 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2006-06-23 04:21 . 2009-09-09 00:55 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2006-06-23 04:21 . 2009-07-23 03:09 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-05-30 23:34 . 2008-04-14 00:11 84992 c:\windows\system32\avifil32.dll + 2008-05-30 23:34 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll + 2008-08-28 21:45 . 2009-08-13 09:09 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-08-28 21:45 . 2009-07-15 09:03 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-08-28 21:45 . 2009-07-15 09:03 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2008-08-28 21:45 . 2009-08-13 09:09 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2008-08-28 21:45 . 2009-08-13 09:09 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2008-08-28 21:45 . 2009-07-15 09:03 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2008-05-30 23:40 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll - 2008-05-30 23:40 . 2008-04-14 00:12 132096 c:\windows\system32\wkssvc.dll + 2009-08-12 15:31 . 2009-07-25 10:23 149280 c:\windows\system32\javaws.exe + 2009-08-12 15:31 . 2009-07-25 10:23 145184 c:\windows\system32\javaw.exe + 2009-08-12 15:31 . 2009-07-25 10:23 145184 c:\windows\system32\java.exe + 2009-07-14 04:43 . 2009-07-14 04:43 286208 c:\windows\system32\dllcache\wmpdxm.dll + 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll + 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll + 2009-09-09 01:22 . 2009-09-09 01:22 288768 c:\windows\Installer\14c62.msi + 2009-07-29 09:00 . 2009-07-29 09:00 195584 c:\windows\Installer\1322860.msi + 2009-07-29 09:00 . 2009-07-29 09:00 248832 c:\windows\Installer\132285b.msi - 2008-08-28 21:45 . 2009-07-15 09:03 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2008-08-28 21:45 . 2009-08-13 09:09 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2008-08-28 21:45 . 2009-08-13 09:09 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2008-08-28 21:45 . 2009-07-15 09:03 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2008-08-28 21:45 . 2009-08-13 09:09 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2008-08-28 21:45 . 2009-07-15 09:03 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-08-28 21:45 . 2009-08-13 09:08 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-08-28 21:45 . 2009-07-15 09:03 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-08-28 21:45 . 2009-07-15 09:03 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2008-08-28 21:45 . 2009-08-13 09:09 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2008-08-28 21:45 . 2009-08-13 09:08 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2008-08-28 21:45 . 2009-07-15 09:03 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2008-08-28 21:45 . 2009-08-13 09:08 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2008-08-28 21:45 . 2009-07-15 09:03 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2009-04-10 01:18 . 2009-04-10 01:18 102400 c:\windows\Installer\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}\iTunesIco.exe + 2009-04-10 01:18 . 2009-08-02 04:09 102400 c:\windows\Installer\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}\iTunesIco.exe + 2008-05-30 23:38 . 2009-06-10 14:19 2066432 c:\windows\system32\mstscax.dll + 2009-06-10 14:19 . 2009-06-10 14:19 2066432 c:\windows\system32\dllcache\mstscax.dll + 2009-07-27 09:32 . 2009-07-27 09:32 5028352 c:\windows\Installer\292a1c2.msp + 2008-08-28 21:45 . 2009-08-13 09:08 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-08-28 21:45 . 2009-07-15 09:03 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-08-28 21:45 . 2009-07-15 09:03 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-08-28 21:45 . 2009-08-13 09:08 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2006-06-22 21:07 . 2009-07-14 04:43 10841088 c:\windows\system32\wmp.dll + 2008-09-03 06:48 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe + 2009-07-14 04:43 . 2009-07-14 04:43 10841088 c:\windows\system32\dllcache\wmp.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] "AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112] "Google Update"="c:\documents and settings\M285\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-30 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384] "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872] "Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-26 68296] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-12-27 413696] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2006-01-20 544768] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-3-14 622653] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] 2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] 2002-08-29 17:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] 2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"= "c:\\Documents and Settings\\M285\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\M285\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/19/2009 10:05 AM 64160] R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [5/30/2008 6:45 PM 17280] R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [5/30/2008 6:45 PM 9600] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [10/1/2008 1:03 PM 33752] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3070359877-1230761192-3499511337-1006Core.job - c:\documents and settings\M285\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-30 21:18] 2009-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3070359877-1230761192-3499511337-1006UA.job - c:\documents and settings\M285\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-30 21:18] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe SafeBoot-Lavasoft Ad-Aware Service . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\M285\Application Data\Mozilla\Firefox\Profiles\7w07fg07.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\M285\Application Data\Move Networks\plugins\npqmp071500000347.dll FF - plugin: c:\documents and settings\M285\Application Data\Mozilla\Firefox\Profiles\7w07fg07.default\extensions\WebLaunch@Xenocode.com\plugins\npMozillaXenocodeWebLaunch.dll FF - plugin: c:\documents and settings\M285\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\M285\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-08 20:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3070359877-1230761192-3499511337-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) @SACL= . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(900) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2316) c:\windows\system32\SynTPFcs.dll c:\program files\Common Files\microsoft shared\ink\tipband.dll c:\program files\windows journal\nbmaptip.dll c:\windows\IME\SPGRMR.DLL c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe c:\windows\system32\wisptis.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\tabbtnu.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\rpcnet.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe c:\program files\iPod\bin\iPodService.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Completion time: 2009-09-09 20:41 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-09 01:41 Pre-Run: 4,526,972,928 bytes free Post-Run: 4,817,162,240 bytes free 294 --- E O F --- 2009-08-28 01:04

**id like to note that when i opened root repeal it came up with an error about accessing the boot sector or something like that and changing the status. didnt want to mess with it without being told to ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/08 17:39 Program Version: Version 1.3.5.0 Windows Version: Windows XP Tablet PC Edition SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\WINDOWS\system32\UACbmqyanykyf.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\uacinit.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACjixexwpnil.dat Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACkkvirwbwrl.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACpkmkvvmpfv.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACtqljtrkuuv.db Status: Invisible to the Windows API! Path: c:\windows\temp\rgi2.tmp Status: Allocation size mismatch (API: 24576, Raw: 0) Path: C:\WINDOWS\Temp\UAC1999.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\UACa6f4.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\UACd570.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\drivers\UACqjoehyikxa.sys Status: Invisible to the Windows API! Path: C:\Documents and Settings\M285\Local Settings\temp\UAC130a.tmp Status: Invisible to the Windows API! Path: c:\documents and settings\m285\local settings\temp\~df1a5f.tmp Status: Allocation size mismatch (API: 65536, Raw: 16384) Path: c:\documents and settings\m285\local settings\temp\~df412e.tmp Status: Allocation size mismatch (API: 16384, Raw: 0) Path: c:\documents and settings\m285\local settings\temp\~dfa111.tmp Status: Allocation size mismatch (API: 16384, Raw: 0) Path: c:\documents and settings\m285\local settings\temp\~dfdad4.tmp Status: Allocation size mismatch (API: 131072, Raw: 16384) Path: c:\documents and settings\m285\local settings\temp\~dff47.tmp Status: Allocation size mismatch (API: 16384, Raw: 0)

sorry I'm still unable to run MBAM

DDS (Ver_09-07-30.01) - NTFSx86 Run by M285 at 20:35:15.14 on Wed 09/02/2009 Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.591 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\rpcnet.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AIM\aim.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\M285\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com BHO: BHO: {10b3a0d2-3960-4d38-8158-d828a30f8db1} - c:\windows\system32\iehelper.dll BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [Power2GoExpress] NA uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl uRun: [Google Update] "c:\documents and settings\m285\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [system tool] c:\program files\fufagp\ucchsysguard.exe mRun: [TabletWizard] c:\windows\help\SplshWrp.exe mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume mRun: [snippet] "c:\program files\microsoft experience pack\snipping tool\SnippingTool.exe" /i mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [sMSERIAL] sm56hlpr.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [system tool] c:\program files\fufagp\ucchsysguard.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll Notify: TabBtnWL - TabBtnWL.dll Notify: tpgwlnotify - tpgwlnot.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\m285\applic~1\mozilla\firefox\profiles\7w07fg07.default\ FF - plugin: c:\documents and settings\m285\application data\move networks\plugins\npqmp071500000347.dll FF - plugin: c:\documents and settings\m285\application data\mozilla\firefox\profiles\7w07fg07.default\extensions\weblaunch@xenocode.com\plugins\npMozillaXenocodeWebLaunch.dll FF - plugin: c:\documents and settings\m285\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\m285\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-19 64160] R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [2008-5-30 17280] R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [2008-5-30 9600] S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-1 33752] =============== Created Last 30 ================ 2009-08-28 13:37 135,168 a------- C:\zip.exe 2009-08-28 13:37 19,286 a------- C:\cleanup.exe 2009-08-28 13:37 574 a------- C:\cleanup.bat 2009-08-26 22:33 389,120 a------- c:\windows\system32\CF29462.exe 2009-08-24 22:29 <DIR> --d-h--- c:\windows\PIF 2009-08-14 19:05 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-14 19:05 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-08-14 19:05 <DIR> --d----- c:\program files\fixit 2009-08-14 12:01 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-08-14 00:53 208,900 a------- c:\windows\system32\msxml71.dll 2009-08-12 08:16 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx 2009-08-12 08:15 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-08-05 04:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll ==================== Find3M ==================== 2009-09-02 19:24 17,408 a------- c:\windows\system32\rpcnetp.exe 2009-09-02 19:24 56,680 a------- c:\windows\system32\rpcnet.dll 2009-09-02 19:24 17,408 a------- c:\windows\system32\rpcnetp.dll 2009-08-10 14:42 56,680 a------- c:\windows\system32\rpcnet.exe 2009-08-08 12:10 216,064 a------- c:\windows\PEV.exe 2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll 2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-06-19 10:05 15,688 a------- c:\windows\system32\lsdelete.exe 2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-12 07:31 80,896 a------- c:\windows\system32\tlntsess.exe 2009-06-12 07:31 76,288 a------- c:\windows\system32\telnet.exe 2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll 2009-06-10 09:13 84,992 a------- c:\windows\system32\avifil32.dll 2009-06-10 01:14 132,096 a------- c:\windows\system32\wkssvc.dll 2008-10-13 23:30 160 a------- c:\documents and settings\m285\xrt_log.dat 2008-12-07 23:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120720081208\index.dat ============= FINISH: 20:36:59.48 ===============

unfortunately still having the same results

still having the same issue with combofix. i can download it but when i double click it doesnt do anything other than show up in the processes list.

found avenger.txt Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\zsqehjxf" not found! Deletion of driver "zsqehjxf" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\drivers\hxkanw.sys" not found! Deletion of file "c:\windows\system32\drivers\hxkanw.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\iehelper.dll" not found! Deletion of file "c:\windows\system32\iehelper.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\syssvc.exe" not found! Deletion of file "c:\windows\syssvc.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\windows\system32\xa.tmp" not found! Deletion of file "C:\windows\system32\xa.tmp" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\cohuroho.reg" not found! Deletion of file "c:\windows\cohuroho.reg" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\yxofipu.inf" not found! Deletion of file "c:\windows\yxofipu.inf" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\docume~1\alluse~1\applic~1\zyxage.vbs" not found! Deletion of file "c:\docume~1\alluse~1\applic~1\zyxage.vbs" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\meqor.ban" not found! Deletion of file "c:\windows\system32\meqor.ban" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\dilomeji.scr" not found! Deletion of file "c:\windows\system32\dilomeji.scr" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\aqusy.scr" not found! Deletion of file "c:\windows\aqusy.scr" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\fusi.pif" not found! Deletion of file "c:\windows\fusi.pif" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\sujygoryw.inf" not found! Deletion of file "c:\windows\sujygoryw.inf" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\program files\common files\odapywu.dat" not found! Deletion of file "c:\program files\common files\odapywu.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\axytubediz.dll" not found! Deletion of file "c:\windows\axytubediz.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\docume~1\alluse~1\applic~1\alowa.bin" not found! Deletion of file "c:\docume~1\alluse~1\applic~1\alowa.bin" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\Upgrd.exe" not found! Deletion of file "c:\windows\system32\Upgrd.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: folder "c:\program files\fufagp" not found! Deletion of folder "c:\program files\fufagp" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate.

avenger ran and caused my system to reboot but i never saw a command prompt appear nor did a log open. i dont know if this has any impact but some of the symptoms have changed: -on occasion upon starting up the computer it will freeze -i no longer have false alerts telling me .exe files are infected -i no longer have a false anti-virus window show up -upon start up i repeatedly recieve a google installer error im not sure if any of that new info will help thanks again for all the effort

i can download and uzip gmer but i cannot get it to run. like combofix it shows up int he processes but doesnt go any further

i can download combofix.exe but it will not run. it shows up in the processes list but that is all it ever does

i could not get GMER.exe to run Win32kDiag.exe did run but produced only this report: Log file is located at: C:\Documents and Settings\M285\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished!