Jump to content

BKDR_TDSS.SM problem


oakr8r2

Recommended Posts

Hi I am having a problem with BKDR_TDSS.SM I run scans and I find it each and every time and Trendmicro "fixes" it but it always comesback. Malwarebytes scan found 26 items and it got rid of them and those are gone. The only problem is the BKDR one I don't know what to try next. I have already deleted the restore points.

I dont know if this is related to the virus but this comp is running windows xp sp2 and when I try to update to sp3 it always fails and says that atapi.sys is running and it cannont proceed.

any help would be so great. thanks in advance.

Link to post
Share on other sites

Hello oakr8r2 and welcome to MalwareBytes' forums.

It is highly against safe practice to attempt any service pack update while a system is infected or even, if suspected of having malware. Do NOT attempt any SP3 update. Kindly follow my guidance.

You will want to print out or copy these instructions to Notepad for offline reference!

eusa_hand.gif

If you are a casual viewer, do NOT try this on your system!

If you are not oakr8r2 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Please do the following:

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

Step 4

Download and Save to the DESKTOP Win32kDiag from any of the following locations and save it to your Desktop.

Click on Start button. Select Run, and copy-paste the following command (the bolded text) into the "Open" textbox, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

Step 5

Download RootRepeal:

http://rootrepeal.googlepages.com/RootRepeal.zip

  • Extract the archive to a folder you create such as C:\RootRepeal
  • Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
  • Click the "File" tab (located at the bottom of the RootRepeal screen)
  • Click the "Scan" button
  • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
  • Click OK and the file scan will begin
  • When the scan is done, there will be files listed, but most if not all of them will be legitimate
  • Click the "Save Report" Button
  • Save the log file to your Documents folder
  • Post the content of the RootRepeal file scan log in your next reply.

Step 6

Reply with copy of Win32kdiag.txt

and the RootRepeal log

There will be much more to do later. Please respond soonest.

Link to post
Share on other sites

win32kdiag log

Running from: C:\Documents and Settings\Jesse\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Jesse\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/11/29 09:05

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP2

==================================================

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

Here are the 2 logs requested thanks for taking the time to help me Maurice

Link to post
Share on other sites

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

  • the contents of OTL.txt
  • the contents of Extras.txt
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

These steps will not take a whole lot of time. But please do reply soonest.

Link to post
Share on other sites

OTL logfile created on: 11/29/2009 9:20:11 AM - Run 1

OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Jesse\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.01 Mb Total Physical Memory | 272.16 Mb Available Physical Memory | 35.48% Memory free

1.46 Gb Paging File | 0.97 Gb Available in Paging File | 66.68% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 19.56 Gb Free Space | 52.51% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 1.86 Gb Total Space | 0.69 Gb Free Space | 37.31% Space Free | Partition Type: FAT

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MANRIQUEZ

Current User Name: Jesse

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/29 09:19:04 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe

PRC - [2009/11/24 15:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009/11/24 15:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009/11/24 15:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009/11/24 15:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2009/11/24 15:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

PRC - [2009/08/28 13:38:10 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009/08/28 13:37:56 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009/08/28 13:37:42 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009/03/21 12:34:47 | 00,655,360 | ---- | M] () -- C:\Program Files\Imation\USB_ImationFlashDetect.exe

PRC - [2009/01/30 13:52:48 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe

PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2008/07/07 09:42:06 | 02,156,368 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2007/06/13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2003/12/22 08:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

PRC - [2003/09/16 05:19:24 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

PRC - [2003/08/04 17:28:18 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe

PRC - [2001/08/17 14:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe

========== Modules (SafeList) ==========

MOD - [2009/11/29 09:19:04 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe

MOD - [2006/08/25 07:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 15:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2009/11/24 15:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - [2009/11/24 15:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - [2009/11/24 15:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)

SRV - [2009/08/28 13:37:42 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009/01/30 13:52:48 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)

SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV - [2004/01/04 23:27:32 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)

SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009/11/24 15:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2009/11/24 15:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)

DRV - [2009/11/24 15:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009/11/24 15:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2009/11/24 15:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2009/11/24 15:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)

DRV - [2009/08/28 13:38:10 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/08/28 13:38:09 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/08/25 13:09:02 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/01/08 17:00:54 | 00,016,640 | ---- | M] (Wondershare) -- C:\WINDOWS\system32\drivers\DsAudioDevice_282.sys -- (DsAudioDevice_282)

DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2004/10/07 17:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2004/08/03 22:08:21 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2004/08/03 21:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2004/01/04 23:27:34 | 00,021,488 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)

DRV - [2004/01/04 23:27:34 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)

DRV - [2004/01/04 23:27:32 | 00,051,056 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)

DRV - [2001/08/18 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2001/08/17 05:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)

DRV - [2001/08/17 04:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)

DRV - [2001/08/17 04:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)

DRV - [2001/08/17 04:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)

DRV - [2001/08/17 04:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)

DRV - [2001/08/17 04:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)

DRV - [2001/08/17 04:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/27 21:22:38 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/27 21:22:19 | 00,000,000 | ---D | M]

[2009/11/27 21:22:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Mozilla\Extensions

[2009/11/29 08:59:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\pkg28de4.default\extensions

[2009/11/27 21:22:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (250319 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 208.43.47.212 a1.review.zdnet.com

O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk

O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com

O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com

O1 - Hosts: 208.43.47.212 reviews.download.com

O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk

O1 - Hosts: 208.43.47.212 reviews.pcmag.com

O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk

O1 - Hosts: 208.43.47.212 reviews.techradar.com

O1 - Hosts: 208.43.47.212 toptenreviews.com

O1 - Hosts: 208.43.47.212 www.reevoo.com

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.1001-search.info

O1 - Hosts: 127.0.0.1 1001-search.info

O1 - Hosts: 8722 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [DXDllRegExe] File not found

O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe File not found

O4 - HKCU..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe File not found

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\Jesse\Start Menu\Programs\Startup\Imation_Flash_Detect.lnk = C:\Program Files\Imation\USB_ImationFlashDetect.exe ()

O4 - Startup: C:\Documents and Settings\Jesse\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)

O4 - Startup: C:\Documents and Settings\Jesse\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommo...20Installer.cab (Support.com Configuration Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1170687395223 (WUWebControl Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/02/04 11:05:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/29 09:19:04 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe

[2009/11/29 08:59:07 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Jesse\Desktop\RootRepeal.exe

[2009/11/29 08:53:29 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Jesse\Desktop\ATF-Cleaner.exe

[2009/11/29 08:51:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/11/29 08:51:16 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/11/29 08:50:34 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Jesse\Desktop\erunt-setup.exe

[2009/11/29 08:23:50 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009/11/29 08:23:49 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009/11/29 08:23:48 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009/11/29 08:23:42 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009/11/29 08:23:41 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009/11/29 08:23:41 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009/11/29 08:23:41 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009/11/29 08:23:41 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009/11/29 08:23:12 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009/11/29 08:23:04 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2009/11/28 21:13:23 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Jesse\IECompatCache

[2009/11/28 20:36:55 | 01,839,984 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Jesse\Desktop\HousecallLauncher(2).exe

[2009/11/28 18:32:27 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/11/28 18:32:25 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/11/28 18:32:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/11/28 17:52:21 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2009/11/28 17:52:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2009/11/27 22:29:51 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2009/11/27 21:22:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Local Settings\Application Data\Mozilla

[2009/11/27 21:22:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Application Data\Mozilla

[2009/11/27 21:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2009/11/27 17:20:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Application Data\Malwarebytes

[2009/11/27 17:19:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/11/25 21:45:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Local Settings\Application Data\edbmnv

[2009/11/17 13:33:13 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Jesse\PrivacIE

[2009/11/17 13:30:08 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Jesse\IETldCache

[2009/11/17 13:26:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2009/11/17 13:25:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2009/11/17 13:19:30 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2009/11/17 13:19:30 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2009/11/17 13:19:28 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2009/11/17 13:19:23 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2009/11/13 16:40:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer

[2009/11/13 16:40:44 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild

[2009/11/13 16:40:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US

[2009/11/13 16:40:31 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies

[2009/11/13 16:39:44 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll

[2009/11/13 16:39:44 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll

[2009/11/13 16:39:43 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll

[2009/11/13 16:39:43 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll

[2009/11/13 16:39:43 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe

[2009/11/13 16:39:43 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll

[2009/11/13 16:39:42 | 00,000,000 | ---D | C] -- C:\d22a9cc1ee80b925221080

[2009/11/13 16:34:59 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0

[2009/11/09 19:54:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2009/11/09 19:54:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector

[2009/11/09 19:47:48 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework

[2009/11/09 19:46:35 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll

[2009/11/09 19:46:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2009/11/09 19:42:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2009/11/07 19:32:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Application Data\Gradekeeper

[2009/11/07 19:30:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Gradekeeper

[2009/11/07 19:30:19 | 00,000,000 | ---D | C] -- C:\Program Files\Gradekeeper

[2009/10/30 18:52:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Application Data\DriverCure

[2009/10/30 18:52:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2009/10/30 18:52:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverCure

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/29 09:19:21 | 00,843,187 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\SecurityCheck.exe

[2009/11/29 09:19:04 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe

[2009/11/29 08:59:32 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Jesse\Desktop\RootRepeal.exe

[2009/11/29 08:58:26 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\RootRepeal.zip

[2009/11/29 08:55:27 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\Win32kDiag.exe

[2009/11/29 08:53:29 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Jesse\Desktop\ATF-Cleaner.exe

[2009/11/29 08:51:29 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\NTREGOPT.lnk

[2009/11/29 08:51:29 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\ERUNT.lnk

[2009/11/29 08:50:35 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Jesse\Desktop\erunt-setup.exe

[2009/11/29 08:47:50 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Jesse\NTUSER.DAT

[2009/11/29 08:30:34 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\tdlcmd.dll

[2009/11/29 08:28:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/11/29 08:25:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/29 08:25:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/29 08:25:23 | 80,433,9712 | -HS- | M] () -- C:\hiberfil.sys

[2009/11/29 08:24:28 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Jesse\ntuser.ini

[2009/11/29 08:23:51 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk

[2009/11/29 08:23:41 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/11/29 08:22:42 | 45,898,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/11/29 08:22:42 | 00,106,123 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/11/28 22:38:38 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Jesse\defogger_reenable

[2009/11/28 22:26:00 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\23hvrpq3.exe

[2009/11/28 22:25:46 | 00,524,800 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\dds.scr

[2009/11/28 22:25:24 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\Defogger.exe

[2009/11/28 20:36:50 | 01,839,984 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Jesse\Desktop\HousecallLauncher(2).exe

[2009/11/28 19:57:34 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\Internet Explorer.lnk

[2009/11/28 18:32:31 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/11/28 18:00:14 | 00,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job

[2009/11/28 17:59:57 | 00,250,319 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/11/28 17:52:37 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\Spybot - Search & Destroy.lnk

[2009/11/28 17:47:04 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\settings.dat

[2009/11/28 08:01:28 | 00,000,737 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/11/28 08:01:28 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/11/28 08:01:28 | 00,000,211 | RHS- | M] () -- C:\boot.ini

[2009/11/28 08:00:19 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\housecall.guid.cache

[2009/11/27 22:39:25 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/11/27 21:22:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2009/11/27 21:22:23 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/11/27 15:04:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/11/25 13:58:40 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/11/24 15:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009/11/24 15:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009/11/24 15:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009/11/24 15:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009/11/24 15:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009/11/24 15:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009/11/24 15:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009/11/24 15:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009/11/24 15:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009/11/18 12:37:18 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/11/18 12:37:18 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/11/18 12:37:17 | 00,522,560 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/11/15 20:00:47 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/13 17:04:23 | 00,020,688 | ---- | M] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/11/13 17:00:46 | 00,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/11/07 19:30:23 | 00,001,596 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\Gradekeeper.lnk

[2009/11/06 22:16:28 | 06,921,474 | -H-- | M] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\IconCache.db

[2009/11/02 19:38:28 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Jesse\My Documents\Jesus Manrique1.doc(rhet. precis).doc

[2009/10/30 18:52:26 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/29 09:19:21 | 00,843,187 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\SecurityCheck.exe

[2009/11/29 08:58:29 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\RootRepeal.zip

[2009/11/29 08:55:31 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\Win32kDiag.exe

[2009/11/29 08:51:29 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\NTREGOPT.lnk

[2009/11/29 08:51:29 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\ERUNT.lnk

[2009/11/29 08:23:51 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk

[2009/11/29 08:23:12 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2009/11/29 08:22:16 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\tdlcmd.dll

[2009/11/28 22:39:37 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\23hvrpq3.exe

[2009/11/28 22:39:29 | 00,524,800 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\dds.scr

[2009/11/28 22:38:38 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Jesse\defogger_reenable

[2009/11/28 22:38:11 | 00,050,621 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\Defogger.exe

[2009/11/28 19:57:34 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\Internet Explorer.lnk

[2009/11/28 18:32:31 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/11/28 17:52:37 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\Spybot - Search & Destroy.lnk

[2009/11/28 17:47:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\settings.dat

[2009/11/28 08:00:19 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\housecall.guid.cache

[2009/11/27 21:22:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/11/27 21:22:23 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/11/27 17:38:47 | 80,433,9712 | -HS- | C] () -- C:\hiberfil.sys

[2009/11/07 19:30:23 | 00,001,596 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\Gradekeeper.lnk

[2009/11/01 22:39:11 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Jesse\My Documents\Jesus Manrique1.doc(rhet. precis).doc

[2009/10/30 18:52:34 | 00,000,442 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job

[2009/10/30 18:52:25 | 00,000,416 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job

[2009/08/29 18:41:12 | 00,002,552 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI

[2009/02/21 12:01:27 | 00,000,147 | ---- | C] () -- C:\WINDOWS\Disney's Magic Artist.INI

[2009/01/24 10:59:00 | 00,000,088 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI

[2009/01/17 16:37:15 | 00,000,217 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2009/01/17 16:36:35 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll

[2009/01/17 15:58:52 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\fusioncache.dat

[2009/01/17 15:50:03 | 00,001,135 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2009/01/15 19:30:36 | 00,016,384 | ---- | C] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/02/05 09:38:45 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/01/04 23:27:36 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/11/17 13:32:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2009/10/30 19:03:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure

[2009/10/30 18:52:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2009/09/23 13:51:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/05/16 01:01:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/10/30 18:52:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\DriverCure

[2009/11/07 19:52:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Gradekeeper

[2009/03/14 07:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Leadertech

[2009/11/28 18:00:14 | 00,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

[2009/10/30 18:52:26 | 00,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 11/29/2009 9:20:11 AM - Run 1

OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Jesse\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.01 Mb Total Physical Memory | 272.16 Mb Available Physical Memory | 35.48% Memory free

1.46 Gb Paging File | 0.97 Gb Available in Paging File | 66.68% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 19.56 Gb Free Space | 52.51% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 1.86 Gb Total Space | 0.69 Gb Free Space | 37.31% Space Free | Partition Type: FAT

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MANRIQUEZ

Current User Name: Jesse

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows -- File not found

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan

"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan

"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1

"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0

"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal

"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics

"{3EE9EB18-62AD-4F68-AD11-2DF358CBDCA2}" = RollerCoaster Tycoon

"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy

"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe

Link to post
Share on other sites

Spybot's Tea Timer must be kept disabled while we proceed with malware removal.

Right click the Spybot Icon (blue icon with lock teatimer-systemtray-en.1.png) in the system tray (notification area).

  • If you have the new version, click once on Resident Protection and make sure it is Unchecked.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
    If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
    Exit Spybot S&D when done and reboot the system so the changes are in effect.

This system has 2 active antivirus applications. That is ill-advised since it will lead to conflicts.

I suggest you de-install AVG 8.5 Free edition.

Use Control Panel & Add-or-Remove programs to de-install AVG AV.

Once that is done, logoff and restart the system fresh.

Next, Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

=

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of C:\Combofix.txt

Link to post
Share on other sites

ComboFix 09-11-28.04 - Jesse 11/29/2009 10:15.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.477 [GMT -8:00]

Running from: c:\documents and settings\Jesse\Desktop\Combo-Fix.exe

AV: avast! antivirus 4.8.1368 [VPS 091129-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Shared

c:\windows\system32\tdlcmd.dll

Infected copy of c:\windows\System32\DRIVERS\atapi.sys was found and disinfected

Restored copy from - Kitty ate it :blink:

.

((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))

.

2009-11-29 16:51 . 2009-11-29 16:51 -------- d-----w- c:\program files\ERUNT

2009-11-29 16:23 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-29 16:23 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-29 16:23 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-11-29 16:23 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-29 16:23 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-11-29 16:23 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-11-29 16:23 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-29 16:23 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-11-29 16:23 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-29 16:23 . 2009-11-29 16:23 -------- d-----w- c:\program files\Alwil Software

2009-11-29 05:13 . 2009-11-29 05:13 -------- d-sh--w- c:\documents and settings\Jesse\IECompatCache

2009-11-29 02:32 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-29 02:32 . 2009-11-29 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-29 02:32 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-29 01:52 . 2009-11-29 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-29 01:52 . 2009-11-29 01:52 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-11-28 15:46 . 2008-12-04 09:25 120832 ----a-w- c:\documents and settings\Jesse\Application Data\Mozilla\Firefox\Profiles\pkg28de4.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll

2009-11-28 06:29 . 2009-11-28 06:30 -------- dc-h--w- c:\windows\ie8

2009-11-28 05:22 . 2009-11-28 05:22 0 ----a-w- c:\windows\nsreg.dat

2009-11-28 05:22 . 2009-11-28 05:22 -------- d-----w- c:\documents and settings\Jesse\Local Settings\Application Data\Mozilla

2009-11-28 01:20 . 2009-11-28 01:20 -------- d-----w- c:\documents and settings\Jesse\Application Data\Malwarebytes

2009-11-28 01:19 . 2009-11-28 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-26 05:45 . 2009-11-28 16:05 -------- d-----w- c:\documents and settings\Jesse\Local Settings\Application Data\edbmnv

2009-11-17 21:35 . 2009-11-17 21:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-11-17 21:33 . 2009-11-17 21:33 -------- d-sh--w- c:\documents and settings\Jesse\PrivacIE

2009-11-17 21:30 . 2009-11-17 21:30 -------- d-sh--w- c:\documents and settings\Jesse\IETldCache

2009-11-17 21:26 . 2009-11-28 05:31 -------- d-----w- c:\windows\ie8updates

2009-11-17 21:19 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-11-17 21:19 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-11-17 21:19 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-11-17 21:19 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-11-17 21:19 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-11-17 21:19 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-11-17 21:19 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-11-14 00:40 . 2009-11-14 00:40 -------- d-----w- c:\windows\system32\XPSViewer

2009-11-14 00:40 . 2009-11-14 00:40 -------- d-----w- c:\program files\MSBuild

2009-11-14 00:40 . 2009-11-14 00:40 -------- d-----w- c:\program files\Reference Assemblies

2009-11-14 00:39 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-11-14 00:39 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-11-14 00:39 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-11-14 00:39 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-11-14 00:39 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-11-14 00:39 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-11-14 00:39 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-11-14 00:39 . 2009-11-14 00:40 -------- d-----w- C:\d22a9cc1ee80b925221080

2009-11-14 00:34 . 2009-11-14 00:34 -------- d-----w- c:\program files\MSXML 6.0

2009-11-10 03:54 . 2009-11-11 01:44 -------- d-----w- c:\program files\Microsoft Silverlight

2009-11-10 03:54 . 2009-11-10 03:54 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

2009-11-10 03:47 . 2009-11-10 03:47 -------- d-----w- c:\program files\Microsoft Sync Framework

2009-11-10 03:46 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2009-11-10 03:46 . 2009-11-10 03:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-11-10 03:42 . 2009-11-10 03:54 -------- d-----w- c:\program files\Microsoft

2009-11-08 03:32 . 2009-11-08 03:52 -------- d-----w- c:\documents and settings\Jesse\Application Data\Gradekeeper

2009-11-08 03:30 . 2009-11-08 03:30 -------- d-----w- c:\windows\Gradekeeper

2009-11-08 03:30 . 2009-11-08 03:30 -------- d-----w- c:\program files\Gradekeeper

2009-10-31 02:52 . 2009-10-31 02:52 -------- d-----w- c:\documents and settings\Jesse\Application Data\DriverCure

2009-10-31 02:52 . 2009-10-31 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure

2009-10-31 02:52 . 2009-10-31 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-14 01:04 . 2007-02-05 16:28 20688 ----a-w- c:\documents and settings\Jesse\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-10 03:53 . 2009-08-05 16:25 -------- d-----w- c:\program files\Windows Live

2009-10-06 16:05 . 2007-05-23 18:07 -------- d-----w- c:\program files\Common Files\Adobe

2009-09-28 22:23 . 2009-09-28 22:23 20200 ---ha-w- c:\windows\system32\mlfcache.dat

2009-09-22 00:09 . 2009-09-22 00:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe

2009-09-11 14:33 . 2001-08-18 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 20:45 . 2001-08-18 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-05 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\documents and settings\Jesse\Start Menu\Programs\Startup\

Imation_Flash_Detect.lnk - c:\program files\Imation\USB_ImationFlashDetect.exe [2009-3-21 655360]

PowerReg Scheduler V3.exe [2009-3-14 225280]

PowerReg Scheduler.exe [2009-3-23 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/29/2009 8:23 AM 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/29/2009 8:23 AM 20560]

R3 DsAudioDevice_282;DsAudioDevice_282;c:\windows\system32\drivers\DsAudioDevice_282.sys [5/16/2009 8:12 AM 16640]

.

Contents of the 'Scheduled Tasks' folder

2009-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Jesse\Application Data\Mozilla\Firefox\Profiles\pkg28de4.default\

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-ares - c:\program files\Ares\Ares.exe

HKCU-Run-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe

HKLM-Run-DXDllRegExe - dxdllreg.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-29 10:23

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2009-11-29 10:27

ComboFix-quarantined-files.txt 2009-11-29 18:26

Pre-Run: 21,211,828,224 bytes free

Post-Run: 21,293,326,336 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - BA7DDBAB76B1F23F20FD778BDE377B98

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

eusa_hand.gif

If you are a casual viewer, do NOT try this on your system!

If you are not oakr8r2 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

You will want to print out or copy these instructions to Notepad for offline reference!

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes Anti-Malware (reboot)"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

At this time of posting, the current definitions are # 3256.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Reply with copy of latest C:\Combofix.txt

and latest MBAM scan log

These steps will not take a whole lot of time. Kindly reply soonest.

Link to post
Share on other sites

ComboFix 09-11-29.01 - Jesse 11/29/2009 11:00.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.472 [GMT -8:00]

Running from: c:\documents and settings\Jesse\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Jesse\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1368 [VPS 091129-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))

.

2009-11-29 16:51 . 2009-11-29 16:51 -------- d-----w- c:\program files\ERUNT

2009-11-29 16:23 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-29 16:23 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-29 16:23 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-11-29 16:23 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-29 16:23 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-11-29 16:23 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-11-29 16:23 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-29 16:23 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-11-29 16:23 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-29 16:23 . 2009-11-29 16:23 -------- d-----w- c:\program files\Alwil Software

2009-11-29 05:13 . 2009-11-29 05:13 -------- d-sh--w- c:\documents and settings\Jesse\IECompatCache

2009-11-29 02:32 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-29 02:32 . 2009-11-29 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-29 02:32 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-29 01:52 . 2009-11-29 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-29 01:52 . 2009-11-29 01:52 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-11-28 15:46 . 2008-12-04 09:25 120832 ----a-w- c:\documents and settings\Jesse\Application Data\Mozilla\Firefox\Profiles\pkg28de4.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll

2009-11-28 06:29 . 2009-11-28 06:30 -------- dc-h--w- c:\windows\ie8

2009-11-28 05:22 . 2009-11-28 05:22 0 ----a-w- c:\windows\nsreg.dat

2009-11-28 05:22 . 2009-11-28 05:22 -------- d-----w- c:\documents and settings\Jesse\Local Settings\Application Data\Mozilla

2009-11-28 01:20 . 2009-11-28 01:20 -------- d-----w- c:\documents and settings\Jesse\Application Data\Malwarebytes

2009-11-28 01:19 . 2009-11-28 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-26 05:45 . 2009-11-28 16:05 -------- d-----w- c:\documents and settings\Jesse\Local Settings\Application Data\edbmnv

2009-11-17 21:35 . 2009-11-17 21:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-11-17 21:33 . 2009-11-17 21:33 -------- d-sh--w- c:\documents and settings\Jesse\PrivacIE

2009-11-17 21:30 . 2009-11-17 21:30 -------- d-sh--w- c:\documents and settings\Jesse\IETldCache

2009-11-17 21:26 . 2009-11-28 05:31 -------- d-----w- c:\windows\ie8updates

2009-11-17 21:19 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-11-17 21:19 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-11-17 21:19 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-11-17 21:19 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-11-17 21:19 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-11-17 21:19 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-11-17 21:19 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-11-14 00:40 . 2009-11-14 00:40 -------- d-----w- c:\windows\system32\XPSViewer

2009-11-14 00:40 . 2009-11-14 00:40 -------- d-----w- c:\program files\MSBuild

2009-11-14 00:40 . 2009-11-14 00:40 -------- d-----w- c:\program files\Reference Assemblies

2009-11-14 00:39 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-11-14 00:39 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-11-14 00:39 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-11-14 00:39 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-11-14 00:39 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-11-14 00:39 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-11-14 00:39 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-11-14 00:39 . 2009-11-14 00:40 -------- d-----w- C:\d22a9cc1ee80b925221080

2009-11-14 00:34 . 2009-11-14 00:34 -------- d-----w- c:\program files\MSXML 6.0

2009-11-10 03:54 . 2009-11-11 01:44 -------- d-----w- c:\program files\Microsoft Silverlight

2009-11-10 03:54 . 2009-11-10 03:54 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

2009-11-10 03:47 . 2009-11-10 03:47 -------- d-----w- c:\program files\Microsoft Sync Framework

2009-11-10 03:46 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2009-11-10 03:46 . 2009-11-10 03:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-11-10 03:42 . 2009-11-10 03:54 -------- d-----w- c:\program files\Microsoft

2009-11-08 03:32 . 2009-11-08 03:52 -------- d-----w- c:\documents and settings\Jesse\Application Data\Gradekeeper

2009-11-08 03:30 . 2009-11-08 03:30 -------- d-----w- c:\windows\Gradekeeper

2009-11-08 03:30 . 2009-11-08 03:30 -------- d-----w- c:\program files\Gradekeeper

2009-10-31 02:52 . 2009-10-31 02:52 -------- d-----w- c:\documents and settings\Jesse\Application Data\DriverCure

2009-10-31 02:52 . 2009-10-31 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure

2009-10-31 02:52 . 2009-10-31 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-14 01:04 . 2007-02-05 16:28 20688 ----a-w- c:\documents and settings\Jesse\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-10 03:53 . 2009-08-05 16:25 -------- d-----w- c:\program files\Windows Live

2009-10-06 16:05 . 2007-05-23 18:07 -------- d-----w- c:\program files\Common Files\Adobe

2009-09-28 22:23 . 2009-09-28 22:23 20200 ---ha-w- c:\windows\system32\mlfcache.dat

2009-09-22 00:09 . 2009-09-22 00:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe

2009-09-11 14:33 . 2001-08-18 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 20:45 . 2001-08-18 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-11-29_18.23.56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-29 18:56 . 2009-11-29 18:56 16384 c:\windows\Temp\Perflib_Perfdata_50c.dat

+ 2009-11-29 19:07 . 2009-11-29 19:07 16384 c:\windows\Temp\Perflib_Perfdata_4fc.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-05 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\documents and settings\Jesse\Start Menu\Programs\Startup\

Imation_Flash_Detect.lnk - c:\program files\Imation\USB_ImationFlashDetect.exe [2009-3-21 655360]

PowerReg Scheduler V3.exe [2009-3-14 225280]

PowerReg Scheduler.exe [2009-3-23 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/29/2009 8:23 AM 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/29/2009 8:23 AM 20560]

R3 DsAudioDevice_282;DsAudioDevice_282;c:\windows\system32\drivers\DsAudioDevice_282.sys [5/16/2009 8:12 AM 16640]

.

Contents of the 'Scheduled Tasks' folder

2009-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Jesse\Application Data\Mozilla\Firefox\Profiles\pkg28de4.default\

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-29 11:08

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3684)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\devldr32.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2009-11-29 11:16 - machine was rebooted

ComboFix-quarantined-files.txt 2009-11-29 19:16

ComboFix2.txt 2009-11-29 18:27

Pre-Run: 21,284,085,760 bytes free

Post-Run: 21,243,666,432 bytes free

- - End Of File - - B9C732F0F9624E82C5BDDB64846028AF

Malwarebytes' Anti-Malware 1.41

Database version: 3258

Windows 5.1.2600 Service Pack 2

11/29/2009 11:31:11 AM

mbam-log-2009-11-29 (11-31-11).txt

Scan type: Quick Scan

Objects scanned: 104067

Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

De-install your Adobe Reader: Use Control Panel's Add-Remove programs, Remove Adobe Reader.

find the appropriate update here: http://www.adobe.com/support/downloads/pro...latform=Windows

Unless you have purchased Malwarebytes' Anti Malware {MBAM}, you should un-install it. Go to Control Panel and Add-or-Remove programs.

Look for it and click the line for it. Select Change/Remove to de-install it.

OK & Exit out of Control Panel

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used; followed by advice on staying safer.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it combo-fix icon_exclaim.gif), put that name in the RUN box stated just below.

The "/u" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space after x and before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Click Start, then click Run.
    In the command box that opens, type or copy/paste combo-fix /u and then click OK.

  • Please double-click OTL.exe otlDesktopIcon.png to run it.
  • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.

* Delete Win32kdiag.txt and win32kdiag.exe on your desktop, if still present.

* Delete Rootrepeal.zip & rootrepeal.exe, if still present.

We are finished here. Best regards.

Do reply after you have removed the tools so that I can close this topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.