Jump to content

Bobbi

Honorary Members
 View Profile  See their activity

  • Posts

    32

  • Joined

  • Last visited

 Content Type 

Everything posted by Bobbi

  1. Bobbi
    I will follow your steps. Thanks for all your help.
  2. Bobbi
    It is working good so far. When the modem acted funny and then my virus scan picked up items, I feared my computer was still corrupted. Thank you for all your advice.
  3. Bobbi
    I called my internet provider and they reset my router. Do I need to do anything else? Thanks
  4. Bobbi
    I have a modem from my cable company. I have looked it over and it doesn't have a reset button. I think my only option is to call my internet provider. Do I need a new IP address? Thanks you.
  5. Bobbi
    I will follow the steps, but the computer that had the virus is the only one doing this. My laptop uses the same router with no problems . Is this something I should have done after removing the virus last month? I did a virus scan after the router failed and it did find two suspicious items. Thank you for your help.
  6. Bobbi
    Hi, Yes it does connect. Thanks
  7. Bobbi
    I had help last month from this site removing a virus from my computer. I haven't gone on line since it's removal. Yesterday I did and I lost my internet connection after about 30 min. My cable modem lights are usually lite and strong, however after this they all were blinking and disappearing. My packets were not being received. I had to completely remove my modem's connections and they did come back on for my laptop, but I left the modem off my virus affected computer. My question is, could the problem I'm having still be virus related? Thank you for any advice.
  8. Bobbi
    Thank you for all your help. Hopefully my computer will stay clean. I read the link you posted about Iomega and that is nothing I downloaded on purpose. I'm not sure where it came from. I deleted everything I could find of it, but the icon still sits in my control panel. Can I use the Flash cleaner for an external hard drive? I have a lot of my kids games on the external hard drive, and I have been afraid of connecting it to the infected computer. I'm afraid I may have already contaminated it before I noticed the infection. I appreciate all your tips and advice. This has definitely been a learning experience. These forums are a great help.
  9. Bobbi
    ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=e08b1567046bb24b906afbb87b0e555a # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-03-25 07:09:32 # local_time=2011-03-25 03:09:32 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 370060 370060 0 0 # compatibility_mode=3073 16777189 80 75 0 6815683 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=71468 # found=4 # cleaned=0 # scan_time=5437 C:\Documents and Settings\Owner\My Documents\Downloads\unlocker1.9.0.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\_OTM\MovedFiles\03232011_215143\C_Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\_OTM\MovedFiles\03232011_215143\C_Documents and Settings\Owner\Desktop\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\_OTM\MovedFiles\03232011_215143\C_Documents and Settings\Owner\Start Menu\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I It said it found 4 things. I wasn't sure about the Iomega because I don't remember installing it. Thanks
  10. Bobbi
    Hi, Should I run the ESETS scan again to be sure it's gone? It found 5 things before. When all the problems first started with my computer I noticed a strange icon in my control panel. It was Iomega Active disk I believe. I manually deleted Iomega, but I noticed it is still in the control panel. I thought with the malware removal process it would be gone. I used the Flash disenfector on a flash drive. Can I use it on a large external hard drive? Thanks
  11. Bobbi
    Hi, I tried to move it. It said to reboot. After reboot it's still there. Could this be the restore point I made earlier today? Thanks
  12. Bobbi
    . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 7/2/2009 10:33:22 PM System Uptime: 3/24/2011 12:18:23 PM (1 hours ago) . Motherboard: Gateway | | Gateway 400VTX Processor: Mobile Intel® Celeron® CPU 2.00GHz | uFCPGA2 | 1991/400mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 28 GiB total, 4.801 GiB free. D: is CDROM () E: is Removable F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Dell TrueMobile 1300 WLAN Mini-PCI Card Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_041814E4&REV_03\4&16793A72&0&20F0 Manufacturer: Broadcom Name: Dell TrueMobile 1300 WLAN Mini-PCI Card PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_041814E4&REV_03\4&16793A72&0&20F0 Service: BCM43XX . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Serial Device ID: ROOT\LEGACY_SERIAL\0000 Manufacturer: Name: Serial PNP Device ID: ROOT\LEGACY_SERIAL\0000 Service: Serial . ==== System Restore Points =================== . RP1: 3/21/2011 3:48:09 PM - System Checkpoint RP2: 3/23/2011 12:29:41 PM - System Checkpoint . ==== Installed Programs ====================== . Ad-Aware Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop Elements 7.0 Adobe Photoshop.com Inspiration Browser Apple Application Support Apple Mobile Device Support Apple Software Update AVG 2011 Bonjour BounceBack Express CCleaner Defraggler Dell TrueMobile 1300 WLAN Mini-PCI Card F-Secure PSC Prerequisites Flash Updater Foxit Reader GTW Modem Hitman Pro 3.5 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® Extreme Graphics Driver Intel® PRO Ethernet Adapter and Software InterVideo XPack (Combo) iTunes Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office XP Professional Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Moffsoft FreeCalc Mozilla Firefox 4.0 (x86 en-US) MSXML 6 Service Pack 2 (KB954459) OGA Notifier 2.0.0048.0 PhotoshopdotcomInspirationBrowser QuickTime Scholastic's I SPY Spooky Mansion Deluxe Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 8 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Speccy Spybot - Search & Destroy Synaptics TouchPad TOSHIBA Virtual Sound v1.03.12 Unity Web Player Unlocker 1.9.0 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VoiceOver Kit WebFldrs XP Where in the World Is Carmen Sandiego? Treasures of Knowledge Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows Startup Inspector v2.04B Windows XP Service Pack 3 ZoneAlarm . ==== Event Viewer Messages From Past Week ======== . 3/23/2011 7:00:29 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The system cannot find the file specified. 3/23/2011 12:38:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 3/23/2011 12:37:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant 3/23/2011 12:37:46 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning. 3/23/2011 12:37:46 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning. 3/23/2011 12:37:46 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/23/2011 12:37:46 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/23/2011 12:37:46 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 3/23/2011 12:37:46 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/21/2011 3:47:41 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 3/21/2011 11:17:20 AM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet. 3/21/2011 10:10:25 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000008' while processing the file 'change.log' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 3/20/2011 6:01:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd 3/20/2011 6:01:34 PM, error: Service Control Manager [7000] - The WLTRYSVC service failed to start due to the following error: The system cannot find the file specified. 3/20/2011 3:55:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/20/2011 3:07:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm Lbd 3/20/2011 2:45:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 3/20/2011 2:23:07 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. . ==== End Of File ===========================
  13. Bobbi
    Laptop scans Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6156 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/24/2011 12:51:21 PM mbam-log-2011-03-24 (12-51-21).txt Scan type: Quick scan Objects scanned: 175643 Time elapsed: 7 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS log . DDS (Ver_11-03-05.01) - NTFSx86 Run by ralph at 13:00:52.03 on Thu 03/24/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.478 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *Enabled* . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\WINDOWS\GWMDMMSG.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\ralph\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [GWMDMMSG] GWMDMMSG.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [TvsTray] c:\program files\toshiba\tvs\TvsTray.exe mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266364613766 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266364592926 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\ralph\applic~1\mozilla\firefox\profiles\bh0gkpnc.default\ FF - plugin: c:\documents and settings\ralph\local settings\application data\unity\webplayer\loader\npUnity3D32.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-23 64512] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-3-20 532224] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400] R2 portD;ABS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2010-3-24 7296] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192] R3 cbfs3;EldoS CallbackFS driver v3;c:\windows\system32\drivers\cbfs3.sys [2011-1-11 267208] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-12-21 517448] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58:35 2067456 ------w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 13:02:53.26 =============== Attach.txt It says I should zip this and attach not to post. What should I do? Thanks
  14. Bobbi
    I ran the disk cleanup. I answered yes to remove all but the last restire point. After that I immediately had a Comodo warning. It said high risk security alert found Heur.Suspicious@84860772 in C:\system volume information\_res tore{431A3A8 etc.}. I looked in the System Volume Info. file and that same restore point is still there. I went through the clean up process again, but it won't remove. I'm scanning my laptop now. Thanks
  15. Bobbi
    Thank you. You have been wonderful. I could not have done this on my own. I had a couple of questions. I have a file in Recycler and one restore folder in System Volume Information. Do I need to turn off system restore to flush out bad restore points? During my last couple of steps between the ESET scan and the OTM my Comodo picked up a threat and started a scan. When it was done it asked to ignore or clean two threats out. I chose clean. Could this have messed up anything? I always use Firefox with No Script and WOT. I even had the extra AVG green check by the websites I went to. I still got this virus. I believe it came with a download on a site even with all those safeguards. I wanted a portable cleaner and I downloaded on to a flash drive, and I think I infected both my computer and my laptop. Which happened before you advised the Flash-Disinfector. If I open a thread to clean my laptop would you be the one to help me? Thank you so much for all your advice and patience. My computer knowledge is lacking. Which is probably why I was an easy target.
  16. Bobbi
    All processes killed ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== FILES ========== C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk moved successfully. C:\Documents and Settings\Owner\Desktop\eBay.lnk moved successfully. C:\Documents and Settings\Owner\Start Menu\eBay.lnk moved successfully. File/Folder C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully. C:\WINDOWS\prefetch\ACRORD32INFO.EXE-24548733.pf moved successfully. C:\WINDOWS\prefetch\ADOBE GAMMA LOADER.EXE-1DBD7BA3.pf moved successfully. C:\WINDOWS\prefetch\BBLAUNCHER.EXE-112B142C.pf moved successfully. C:\WINDOWS\prefetch\BBREMINDER.EXE-20216AA0.pf moved successfully. C:\WINDOWS\prefetch\CFP.EXE-1E7EB3AA.pf moved successfully. C:\WINDOWS\prefetch\CFPUPDAT.EXE-02A11C92.pf moved successfully. C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf moved successfully. C:\WINDOWS\prefetch\DEFRAG.EXE-273F131E.pf moved successfully. C:\WINDOWS\prefetch\DFRGNTFS.EXE-269967DF.pf moved successfully. C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf moved successfully. C:\WINDOWS\prefetch\JQSNOTIFY.EXE-24AE4A36.pf moved successfully. C:\WINDOWS\prefetch\layout.ini moved successfully. C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf moved successfully. C:\WINDOWS\prefetch\MBAM.EXE-0BEE0439.pf moved successfully. C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf moved successfully. C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully. C:\WINDOWS\prefetch\NTVDM.EXE-1A10A423.pf moved successfully. C:\WINDOWS\prefetch\OTM.EXE-26872DAF.pf moved successfully. C:\WINDOWS\prefetch\POWERREG SCHEDULER.EXE-3A544F41.pf moved successfully. C:\WINDOWS\prefetch\QUICKSTART.EXE-24C38DA1.pf moved successfully. C:\WINDOWS\prefetch\RUNDLL32.EXE-147710F4.pf moved successfully. C:\WINDOWS\prefetch\SOFFICE.EXE-358D937C.pf moved successfully. C:\WINDOWS\prefetch\SPYBOTSD.EXE-29174E97.pf moved successfully. C:\WINDOWS\prefetch\SSSTARS.SCR-2D6FC20D.pf moved successfully. C:\WINDOWS\prefetch\SVCHOST.EXE-3530F672.pf moved successfully. C:\WINDOWS\prefetch\TEATIMER.EXE-2D171176.pf moved successfully. C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf moved successfully. C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully. C:\WINDOWS\prefetch\WSCNTFY.EXE-1B24F5EB.pf moved successfully. C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 21154771 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Owner ->Temp folder emptied: 4994 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 109820930 bytes ->Flash cache emptied: 2926 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2317419 bytes %systemroot%\System32 .tmp files removed: 1162769 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 664 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 128.00 mb Restore point Set: OTM Restore Point (0) OTM by OldTimer - Version 3.1.17.2 log created on 03232011_215143 Files moved on Reboot... Registry entries deleted on Reboot... It took longer than I thought and I had to reboot. Thanks
  17. Bobbi
    I ran the OTM and I pasted under the yellow section and I hit the red Move It. There is a bunch of info on the right under the green results section. The bar started moving across the bottom but then it just stopped. Now it seems frozen on that screen. I have no icons in the back or start option at the bottom. I tried the exit button but it didn't work. what should I do next? Thanks
  18. Bobbi
    Sorry, I guess I hit reply too many times. I'm not sure how to delete the extra two.
  19. Bobbi
    ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetesets_scanner_update returned -1 esets_gle=0 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=e08b1567046bb24b906afbb87b0e555a # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-03-23 04:28:49 # local_time=2011-03-23 12:28:49 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 193050 193050 0 0 # compatibility_mode=3073 16777178 80 75 0 6638673 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=0 # found=0 # cleaned=0 # scan_time=0 ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internet# version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=e08b1567046bb24b906afbb87b0e555a # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-03-23 05:51:45 # local_time=2011-03-23 01:51:45 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 193569 193569 0 0 # compatibility_mode=3073 16777178 80 75 0 6639192 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=72113 # found=5 # cleaned=0 # scan_time=4461 C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Owner\Desktop\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Owner\My Documents\Downloads\unlocker1.9.0.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Owner\Start Menu\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application (unable to clean) 00000000000000000000000000000000 I
  20. Bobbi
    ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetesets_scanner_update returned -1 esets_gle=0 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=e08b1567046bb24b906afbb87b0e555a # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-03-23 04:28:49 # local_time=2011-03-23 12:28:49 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 193050 193050 0 0 # compatibility_mode=3073 16777178 80 75 0 6638673 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=0 # found=0 # cleaned=0 # scan_time=0 ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internet# version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=e08b1567046bb24b906afbb87b0e555a # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-03-23 05:51:45 # local_time=2011-03-23 01:51:45 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 193569 193569 0 0 # compatibility_mode=3073 16777178 80 75 0 6639192 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=72113 # found=5 # cleaned=0 # scan_time=4461 C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Owner\Desktop\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Owner\My Documents\Downloads\unlocker1.9.0.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Owner\Start Menu\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application (unable to clean) 00000000000000000000000000000000 I
  21. Bobbi
    ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetesets_scanner_update returned -1 esets_gle=0 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=e08b1567046bb24b906afbb87b0e555a # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-03-23 04:28:49 # local_time=2011-03-23 12:28:49 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 193050 193050 0 0 # compatibility_mode=3073 16777178 80 75 0 6638673 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=0 # found=0 # cleaned=0 # scan_time=0 ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internet# version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=e08b1567046bb24b906afbb87b0e555a # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-03-23 05:51:45 # local_time=2011-03-23 01:51:45 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 193569 193569 0 0 # compatibility_mode=3073 16777178 80 75 0 6639192 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=72113 # found=5 # cleaned=0 # scan_time=4461 C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Owner\Desktop\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Owner\My Documents\Downloads\unlocker1.9.0.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Owner\Start Menu\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application (unable to clean) 00000000000000000000000000000000 I
  22. Bobbi
    I should run the ESET online scanner on my infected computer that I already ran ComboFix on?
  23. Bobbi
    Hello, Thank you for all your help. My system restore tab has been missing and now it is back. Did ComboFix do that? Do you think my computer is clean now? I was thinking I should run these same tests on my laptop, since I was using it to transfer downloads to the infected computer. Thank you again for your time and advice. I tried for two weeks on my own without success.
  24. Bobbi
    Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6131 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 3/22/2011 9:43:00 AM mbam-log-2011-03-22 (09-43-00).txt Scan type: Quick scan Objects scanned: 154267 Time elapsed: 4 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  25. Bobbi
    ComboFix 11-03-21.01 - Owner 03/21/2011 19:11:28.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1073 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: COMODO Antivirus *Disabled/Outdated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\RECYCLER Me c:\windows\jestertb.dll . . ((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 ))))))))))))))))))))))))))))))) . . 2011-03-20 19:56 . 2011-03-20 19:56 -------- d-----w- C:\VritualRoot 2011-03-20 17:31 . 2011-03-20 17:31 -------- d-----w- c:\program files\COMODO 2011-03-18 03:41 . 2001-08-17 16:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys 2011-03-18 03:41 . 2001-08-17 17:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys 2011-03-18 03:41 . 2001-08-17 17:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys 2011-03-18 03:41 . 2001-08-17 16:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys 2011-03-18 03:41 . 2001-08-17 18:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys 2011-03-18 03:41 . 2001-08-17 18:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys 2011-03-18 03:41 . 2001-08-17 17:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys 2011-03-18 03:40 . 2001-08-17 18:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys 2011-03-18 03:40 . 2001-08-17 16:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys 2011-03-18 03:40 . 2004-08-04 02:32 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys 2011-03-14 22:14 . 2011-03-14 22:14 -------- dc----w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-03-12 20:38 . 2011-03-12 20:38 -------- d-----w- c:\documents and settings\Administrator 2011-03-11 23:47 . 2011-03-11 23:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\COMODO 2011-03-10 19:51 . 2011-03-10 19:51 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-03-10 19:44 . 2011-03-10 19:51 -------- d-----w- c:\program files\Trend Micro 2011-03-09 17:38 . 2011-03-21 23:02 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat 2011-03-09 14:32 . 2011-03-09 14:39 -------- d-----w- c:\program files\S&D 2011-03-09 05:33 . 2011-03-13 19:31 -------- d-----w- c:\program files\Unlocker 2011-03-08 23:31 . 2011-03-20 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo 2011-03-08 22:42 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-08 22:42 . 2011-03-08 22:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-08 22:42 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-08 22:27 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2011-03-05 23:52 . 2011-03-05 23:52 -------- d-----w- c:\windows\system32\wbem\Repository 2011-03-05 03:19 . 2011-03-21 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-03-05 03:19 . 2011-03-05 23:48 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-03-04 22:32 . 2011-03-04 22:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2011-03-04 22:29 . 2011-03-04 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-20 16:34 . 2011-02-20 16:34 -------- d-----w- c:\windows\KidMedia . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2004-08-12 14:04 270848 ------w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-12 13:57 186880 ------w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2006-07-21 17:56 2067456 ------w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2006-07-21 17:56 677888 ------w- c:\windows\system32\mstsc.exe 2011-01-24 12:23 . 2010-02-20 18:49 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-01-21 14:44 . 2004-08-12 14:05 439296 ------w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-12 13:55 290048 ----a-w- c:\windows\system32\atmfd.dll 2011-01-06 21:37 . 2011-01-06 21:37 94784 ----a-w- c:\windows\system32\drivers\inspect.sys 2011-01-06 21:37 . 2011-01-06 21:37 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-01-06 21:37 . 2011-01-06 21:37 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-01-06 21:37 . 2011-01-06 21:37 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys 2010-12-31 13:10 . 2004-08-12 14:09 1854976 ------w- c:\windows\system32\win32k.sys 2010-12-29 05:42 . 2010-12-29 05:42 285480 ----a-w- c:\windows\system32\guard32.dll 2010-12-22 12:34 . 2004-08-12 13:58 301568 ----a-w- c:\windows\system32\kerberos.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 2548552] . c:\documents and settings\Owner\Start Menu\Programs\Startup\ BounceBack Launcher.lnk - c:\program files\CMS Peripherals\BounceBack Express\BBLauncher.exe [2010-2-25 86016] OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] PowerReg Scheduler.exe [2007-12-2 256000] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-20 113664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/20/2010 2:50 PM 64288] R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1/6/2011 5:37 PM 15592] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 239368] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 27576] R2 portD;ABS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2/25/2010 4:46 PM 7296] R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2/20/2007 6:06 PM 23200] S2 Ca536av;Icatch(VII) Video Camera Device;c:\windows\system32\Drivers\Ca536av.sys --> c:\windows\system32\Drivers\Ca536av.sys [?] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - KLMD25 *Deregistered* - klmd25 . Contents of the 'Scheduled Tasks' folder . 2011-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=https=ftp=gopher=socks= FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\0g7bp6jh.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/outlook/homeandgarden/home/local/45385?lswe=45385&lwsa=Weather36HourHomeCommand&from=whatwhere FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ba92d9b&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-21 19:18 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwClose, ZwOpenFile . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1085031214-1383384898-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1085031214-1383384898-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:00,ff,42,ea,54,ff,ee,73,fe,6f,7b,e0,8c,4c,3a,fb,fc,67,5c,04,f0, 2c,0d,31,83,db,69,da,40,2d,47,9e,71,20,39,64,b4,69,68,dd,7d,fe,79,8b,f7,c2,\ "rkeysecu"=hex:82,56,d0,33,83,5b,ea,ab,0e,1f,b1,5f,17,d5,5a,42 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(464) c:\windows\system32\guard32.dll . - - - - - - - > 'lsass.exe'(520) c:\windows\system32\guard32.dll . Completion time: 2011-03-21 19:23:12 ComboFix-quarantined-files.txt 2011-03-21 23:23 . Pre-Run: 5,417,164,800 bytes free Post-Run: 5,405,052,928 bytes free . Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=1,2,3,4 - - End Of File - - 09B4A1C54A965EB1D6413E47F6BC8199 I was able to get on line. When I loaded Combofix the first time I had to go on line to get the download for the Windows Recovery Console. The past few days I wasn't receiving any packets. I downloaded and ran Combofix again. Maybe my firewall was blocking my connection.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.