Jump to content

Need help with Malware


Recommended Posts

I have been trying to battle a computer virus for two weeks. I have downloaded different scanners, and they are now not finding anything. My initial infection was found with AVG. I tried to use the internet after cleaning that out and I was getting redirected. I downloaded Spybot S&D and it found a different Malware. I have tried to stay off the internet. Now when I scan it doesn't find anything. I also have HijackThis. I'm not convinced my Malware is gone. I was hoping someone would look at my HijackThis log. If someone will help, I will post the log. Thanks for any advice.

Link to post
Share on other sites

Hi Bobbi

:welcome:

We need to look at some information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your Thread

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Link to post
Share on other sites

Hi Bobbi

:welcome:

We need to look at some information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your Thread

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Link to post
Share on other sites

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Owner at 16:19:36.56 on Sun 03/20/2011

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.972 [GMT -4:00]

.

AV: COMODO Antivirus *Disabled/Outdated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: COMODO Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\VISION~1\ONETOU~2.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

E:\dds.scr

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=https=ftp=gopher=socks=

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [OneTouch Monitor] c:\progra~1\vision~1\ONETOU~2.EXE

mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\bounce~1.lnk - c:\program files\cms peripherals\bounceback express\BBLauncher.exe

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153509976422

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxsrvc.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\0g7bp6jh.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/outlook/homeandgarden/home/local/45385?lswe=45385&lwsa=Weather36HourHomeCommand&from=whatwhere

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ba92d9b&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox

FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-20 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-23 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-23 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-23 243024]

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-1-6 15592]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 239368]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 27576]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-1-17 1803224]

R2 portD;ABS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2010-2-25 7296]

R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2007-2-20 23200]

S2 Ca536av;Icatch(VII) Video Camera Device;c:\windows\system32\drivers\ca536av.sys --> c:\windows\system32\drivers\Ca536av.sys [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S4 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

.

=============== Created Last 30 ================

.

2011-03-20 19:56:45 -------- d--h--w- C:\VritualRoot

2011-03-20 17:31:12 -------- d-----w- c:\program files\COMODO

2011-03-18 03:41:35 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys

2011-03-18 03:41:33 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys

2011-03-18 03:41:33 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys

2011-03-18 03:41:32 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys

2011-03-18 03:41:31 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys

2011-03-18 03:41:30 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys

2011-03-18 03:41:30 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys

2011-03-18 03:40:01 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys

2011-03-18 03:40:01 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys

2011-03-18 03:40:00 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys

2011-03-14 22:14:40 -------- dc----w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

2011-03-11 23:47:35 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\COMODO

2011-03-10 19:51:19 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-03-10 19:44:56 -------- d-----w- c:\program files\Trend Micro

2011-03-09 17:38:39 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2011-03-09 14:32:37 -------- d-----w- c:\program files\S&D

2011-03-09 05:33:41 -------- d-----w- c:\program files\Unlocker

2011-03-08 23:31:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo

2011-03-08 22:42:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-08 22:42:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-08 22:42:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-08 22:27:59 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-03-05 23:52:37 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-03-05 23:52:37 -------- d-----w- c:\windows\system32\wbem\Repository

2011-03-05 03:19:09 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-03-05 03:19:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2011-03-04 22:32:49 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes

2011-03-04 22:29:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-02-20 16:34:20 -------- d-----w- c:\windows\KidMedia

.

==================== Find3M ====================

.

2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll

2011-02-02 07:58:35 2067456 ------w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ------w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ------w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ------w- c:\windows\system32\win32k.sys

2010-12-29 05:42:04 285480 ----a-w- c:\windows\system32\guard32.dll

2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:08:45 78336 ------w- c:\windows\system32\ieencode.dll

2010-12-20 23:08:45 1830912 ------w- c:\windows\system32\inetcpl.cpl

2010-12-20 23:08:45 17408 ------w- c:\windows\system32\corpol.dll

.

============= FINISH: 16:21:20.54 ===============

Link to post
Share on other sites

Hi,

This is not all of the DDS report, but I see what I need it to see.

I see you have COMODO Antivirus and AVG Anti-Virus Free in your computer. Two Anti-Virus Programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove AVG Anti-Virus Free:

Please download AppRemover to your Desktop. Double-click AppRemover.exe.

excl.gifUntick Enable anonymous usage statistic.

Click Next>>. Select the product you want to remove (AVG Anti-Virus)and click Next>>.

By clicking Next>> again, AppRemover will start the uninstall process. This may take a few minutes.

Once completed you may be prompted to restart your system. Please do so.

Next

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

2011/03/21 12:05:12.0593 3752 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/21 12:05:12.0687 3752 ================================================================================

2011/03/21 12:05:12.0687 3752 SystemInfo:

2011/03/21 12:05:12.0687 3752

2011/03/21 12:05:12.0687 3752 OS Version: 5.1.2600 ServicePack: 3.0

2011/03/21 12:05:12.0687 3752 Product type: Workstation

2011/03/21 12:05:12.0687 3752 ComputerName: OWNER

2011/03/21 12:05:12.0687 3752 UserName: Owner

2011/03/21 12:05:12.0687 3752 Windows directory: C:\WINDOWS

2011/03/21 12:05:12.0687 3752 System windows directory: C:\WINDOWS

2011/03/21 12:05:12.0687 3752 Processor architecture: Intel x86

2011/03/21 12:05:12.0687 3752 Number of processors: 1

2011/03/21 12:05:12.0687 3752 Page size: 0x1000

2011/03/21 12:05:12.0687 3752 Boot type: Normal boot

2011/03/21 12:05:12.0687 3752 ================================================================================

2011/03/21 12:05:12.0984 3752 Initialize success

2011/03/21 12:05:33.0375 3784 ================================================================================

2011/03/21 12:05:33.0375 3784 Scan started

2011/03/21 12:05:33.0375 3784 Mode: Manual;

2011/03/21 12:05:33.0375 3784 ================================================================================

2011/03/21 12:05:34.0015 3784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/03/21 12:05:34.0187 3784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/03/21 12:05:34.0515 3784 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/03/21 12:05:34.0656 3784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/03/21 12:05:34.0796 3784 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/03/21 12:05:35.0625 3784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/03/21 12:05:35.0750 3784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/03/21 12:05:36.0031 3784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/03/21 12:05:36.0218 3784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/03/21 12:05:36.0390 3784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/03/21 12:05:36.0671 3784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/03/21 12:05:36.0828 3784 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/03/21 12:05:37.0125 3784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/03/21 12:05:37.0281 3784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/03/21 12:05:37.0421 3784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/03/21 12:05:37.0734 3784 cmderd (61b20ca85950870fa23587b26f3e4d7d) C:\WINDOWS\system32\DRIVERS\cmderd.sys

2011/03/21 12:05:37.0875 3784 cmdGuard (dd530ee7d9efbb0ec42aebe7226b8a93) C:\WINDOWS\system32\DRIVERS\cmdguard.sys

2011/03/21 12:05:38.0078 3784 cmdHlp (07cbbe993ed08a52dafac1e6cf27b6a5) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys

2011/03/21 12:05:38.0593 3784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/03/21 12:05:38.0828 3784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/03/21 12:05:39.0000 3784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/03/21 12:05:39.0187 3784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/03/21 12:05:39.0343 3784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/03/21 12:05:39.0671 3784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/03/21 12:05:39.0859 3784 E100B (842c20ba5d00fa40e5a25b20fecd0f57) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/03/21 12:05:40.0078 3784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/03/21 12:05:40.0203 3784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/03/21 12:05:40.0390 3784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/03/21 12:05:40.0515 3784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/03/21 12:05:40.0656 3784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/03/21 12:05:40.0875 3784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/03/21 12:05:41.0031 3784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/03/21 12:05:41.0203 3784 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/03/21 12:05:41.0343 3784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/03/21 12:05:41.0578 3784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/03/21 12:05:41.0859 3784 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys

2011/03/21 12:05:42.0125 3784 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys

2011/03/21 12:05:42.0328 3784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/03/21 12:05:42.0656 3784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/03/21 12:05:42.0859 3784 ialm (da58a8be6a445835f603720c4bc8837e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/03/21 12:05:43.0062 3784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/03/21 12:05:43.0421 3784 Inspect (8154a2c13b72b08db11157673c60c3eb) C:\WINDOWS\system32\DRIVERS\inspect.sys

2011/03/21 12:05:43.0609 3784 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/03/21 12:05:43.0687 3784 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/03/21 12:05:43.0890 3784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/03/21 12:05:44.0078 3784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/03/21 12:05:44.0218 3784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/03/21 12:05:44.0390 3784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/03/21 12:05:44.0593 3784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/03/21 12:05:44.0703 3784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/03/21 12:05:44.0875 3784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/03/21 12:05:45.0046 3784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/03/21 12:05:45.0203 3784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/03/21 12:05:45.0359 3784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/03/21 12:05:45.0687 3784 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2011/03/21 12:05:46.0000 3784 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/03/21 12:05:46.0187 3784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/03/21 12:05:46.0390 3784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/03/21 12:05:46.0546 3784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/03/21 12:05:46.0718 3784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/03/21 12:05:46.0875 3784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/03/21 12:05:47.0125 3784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/03/21 12:05:47.0328 3784 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/03/21 12:05:47.0500 3784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/03/21 12:05:47.0687 3784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/03/21 12:05:47.0890 3784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/03/21 12:05:48.0109 3784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/03/21 12:05:48.0250 3784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/03/21 12:05:48.0406 3784 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/03/21 12:05:48.0546 3784 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/03/21 12:05:48.0703 3784 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/03/21 12:05:48.0859 3784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/03/21 12:05:49.0015 3784 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/03/21 12:05:49.0156 3784 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/03/21 12:05:49.0296 3784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/03/21 12:05:49.0453 3784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/03/21 12:05:49.0625 3784 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/03/21 12:05:49.0750 3784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/03/21 12:05:49.0968 3784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/03/21 12:05:50.0281 3784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/03/21 12:05:50.0468 3784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/03/21 12:05:50.0734 3784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/03/21 12:05:50.0953 3784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/03/21 12:05:51.0062 3784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/03/21 12:05:51.0250 3784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/03/21 12:05:51.0453 3784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/03/21 12:05:51.0625 3784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/03/21 12:05:51.0765 3784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/03/21 12:05:52.0093 3784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

2011/03/21 12:05:52.0265 3784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/03/21 12:05:53.0093 3784 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys

2011/03/21 12:05:53.0296 3784 portD (45bbbfa6caf0b5166be8ed726cc1d3f5) C:\WINDOWS\system32\DRIVERS\portd2k.sys

2011/03/21 12:05:53.0468 3784 ppsio2 (de4dfb09bf96fd5f810750140e2aa236) C:\WINDOWS\system32\drivers\ppsio2.sys

2011/03/21 12:05:53.0656 3784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/03/21 12:05:53.0765 3784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/03/21 12:05:53.0968 3784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/03/21 12:05:54.0140 3784 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/03/21 12:05:54.0828 3784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/03/21 12:05:55.0015 3784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/03/21 12:05:55.0218 3784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/03/21 12:05:55.0453 3784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/03/21 12:05:55.0531 3784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/03/21 12:05:55.0703 3784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/03/21 12:05:55.0937 3784 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/03/21 12:05:56.0156 3784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/03/21 12:05:56.0500 3784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/03/21 12:05:56.0687 3784 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/03/21 12:05:56.0812 3784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/03/21 12:05:57.0046 3784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/03/21 12:05:57.0359 3784 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/03/21 12:05:57.0562 3784 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys

2011/03/21 12:05:57.0843 3784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/03/21 12:05:58.0046 3784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/03/21 12:05:58.0312 3784 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/03/21 12:05:58.0578 3784 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/03/21 12:05:58.0703 3784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/03/21 12:05:58.0828 3784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/03/21 12:05:59.0500 3784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/03/21 12:05:59.0718 3784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/03/21 12:05:59.0890 3784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/03/21 12:06:00.0046 3784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/03/21 12:06:00.0218 3784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/03/21 12:06:00.0578 3784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/03/21 12:06:00.0953 3784 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys

2011/03/21 12:06:01.0156 3784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/03/21 12:06:01.0421 3784 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/03/21 12:06:01.0703 3784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/03/21 12:06:01.0875 3784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/03/21 12:06:02.0046 3784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/03/21 12:06:02.0187 3784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/03/21 12:06:02.0312 3784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/03/21 12:06:02.0531 3784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/03/21 12:06:02.0718 3784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/03/21 12:06:02.0921 3784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/03/21 12:06:03.0203 3784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/03/21 12:06:03.0453 3784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/03/21 12:06:03.0750 3784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/03/21 12:06:03.0968 3784 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys

2011/03/21 12:06:04.0406 3784 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/03/21 12:06:04.0593 3784 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/03/21 12:06:04.0765 3784 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/03/21 12:06:05.0218 3784 ================================================================================

2011/03/21 12:06:05.0218 3784 Scan finished

2011/03/21 12:06:05.0218 3784 ================================================================================

Thank you for all your help. I'm not able to connect to the internet. I'm using my laptop to post my results.

Link to post
Share on other sites

Since you cannot access your infected computer, you will have to download the required tools from your clean computer and move them to the infected computer with some removable media, for example burn it to a CD or write it to an USB flash disk.

If you use an USB flash disk, I highly recommend you to immunize it first, to prevent malware using the usb flash drive for spreading itself.

Please download Flash_Disinfector by sUBs from here and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run the tool
  • When requested, insert the USB flash disk(s) you want to to immunize/disinfect
  • Hold down the Shift key when inserting the drive(s) until Windows detects the drive
  • Click OK to start the disinfection process
  • Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that you choose to disinfect. Do not delete that folder!

====================

Next

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

AVG thinks Flash Disinfector is a virus, but it's not. Also, you need to remove AVG on the infected PC. ComboFix will not run until AVG is uninstalled as a protective measure. This is an issue with AVG. Use the uninstaller below:

http://www.appremover.com/get/appremover.exe

Click on Run on the box that pops up and follow the prompts.

Restart your computer completes removal of AVG Antivirus. You can install AVG after we clean your PC. Or I have another free Antivirus that you can install.

Link to post
Share on other sites

Ok, I will download the Flash cleaner again. I can't get internet on my infected computer so I'm using my laptop to download them to a flash drive and then plugging the flash drive into my infected computer that I did uninstall AVG on. Do I still need to remove AVG from my laptop if I'm not actually running ComboFix just downloading it?

Thanks

Link to post
Share on other sites

ComboFix 11-03-21.01 - Owner 03/21/2011 15:24:45.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1115 [GMT -4:00]

Running from: E:\ComboFix.exe

AV: COMODO Antivirus *Disabled/Outdated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

.

((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 )))))))))))))))))))))))))))))))

.

.

2011-03-20 19:56 . 2011-03-20 19:56 -------- d-----w- C:\VritualRoot

2011-03-20 17:31 . 2011-03-20 17:31 -------- d-----w- c:\program files\COMODO

2011-03-18 03:41 . 2001-08-17 16:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys

2011-03-18 03:41 . 2001-08-17 17:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys

2011-03-18 03:41 . 2001-08-17 17:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys

2011-03-18 03:41 . 2001-08-17 16:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys

2011-03-18 03:41 . 2001-08-17 18:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys

2011-03-18 03:41 . 2001-08-17 18:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys

2011-03-18 03:41 . 2001-08-17 17:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys

2011-03-18 03:40 . 2001-08-17 18:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys

2011-03-18 03:40 . 2001-08-17 16:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys

2011-03-18 03:40 . 2004-08-04 02:32 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys

2011-03-14 22:14 . 2011-03-14 22:14 -------- dc----w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

2011-03-12 20:38 . 2011-03-12 20:38 -------- d-----w- c:\documents and settings\Administrator

2011-03-11 23:47 . 2011-03-11 23:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\COMODO

2011-03-10 19:51 . 2011-03-10 19:51 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-03-10 19:44 . 2011-03-10 19:51 -------- d-----w- c:\program files\Trend Micro

2011-03-09 17:38 . 2011-03-21 18:12 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2011-03-09 14:32 . 2011-03-09 14:39 -------- d-----w- c:\program files\S&D

2011-03-09 05:33 . 2011-03-13 19:31 -------- d-----w- c:\program files\Unlocker

2011-03-08 23:31 . 2011-03-20 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo

2011-03-08 22:42 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-08 22:42 . 2011-03-08 22:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-08 22:42 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-08 22:27 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-03-05 23:52 . 2011-03-05 23:52 -------- d-----w- c:\windows\system32\wbem\Repository

2011-03-05 03:19 . 2011-03-21 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-03-05 03:19 . 2011-03-05 23:48 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-03-04 22:32 . 2011-03-04 22:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2011-03-04 22:29 . 2011-03-04 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-02-20 16:34 . 2011-02-20 16:34 -------- d-----w- c:\windows\KidMedia

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-09 13:53 . 2004-08-12 14:04 270848 ------w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2004-08-12 13:57 186880 ------w- c:\windows\system32\encdec.dll

2011-02-02 07:58 . 2006-07-21 17:56 2067456 ------w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2006-07-21 17:56 677888 ------w- c:\windows\system32\mstsc.exe

2011-01-24 12:23 . 2010-02-20 18:49 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-01-21 14:44 . 2004-08-12 14:05 439296 ------w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2004-08-12 13:55 290048 ----a-w- c:\windows\system32\atmfd.dll

2011-01-06 21:37 . 2011-01-06 21:37 94784 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-01-06 21:37 . 2011-01-06 21:37 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-01-06 21:37 . 2011-01-06 21:37 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-01-06 21:37 . 2011-01-06 21:37 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys

2010-12-31 13:10 . 2004-08-12 14:09 1854976 ------w- c:\windows\system32\win32k.sys

2010-12-29 05:42 . 2010-12-29 05:42 285480 ----a-w- c:\windows\system32\guard32.dll

2010-12-22 12:34 . 2004-08-12 13:58 301568 ----a-w- c:\windows\system32\kerberos.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 2548552]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

BounceBack Launcher.lnk - c:\program files\CMS Peripherals\BounceBack Express\BBLauncher.exe [2010-2-25 86016]

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

PowerReg Scheduler.exe [2007-12-2 256000]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-20 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/20/2010 2:50 PM 64288]

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1/6/2011 5:37 PM 15592]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 239368]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 27576]

R2 portD;ABS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2/25/2010 4:46 PM 7296]

R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2/20/2007 6:06 PM 23200]

S2 Ca536av;Icatch(VII) Video Camera Device;c:\windows\system32\Drivers\Ca536av.sys --> c:\windows\system32\Drivers\Ca536av.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - KLMD25

*Deregistered* - klmd25

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=https=ftp=gopher=socks=

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\0g7bp6jh.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/outlook/homeandgarden/home/local/45385?lswe=45385&lwsa=Weather36HourHomeCommand&from=whatwhere

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ba92d9b&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

Notify-avgrsstarter - (no file)

AddRemove-Barbie - e:\barbie island princess\Barbie as The Island Princess\uninst.exe

AddRemove-Candy Land - e:\candyland\DeIsL1.isu

AddRemove-Clue - e:\Uninst.isu

AddRemove-Furby CD-ROM Game - e:\Uninst.isu

AddRemove-Kid Pix Studio Deluxe 1.0 - f:\kid pix\DeIsL1.isu

AddRemove-Magic 3D Coloring Book - e:\color 3d book\Uninst.isu

AddRemove-Miss Spider - e:\misssp~1\UNINST~1.EXE

AddRemove-Mr. Potato Head's Activity Pack - c:\mrpotato\DeIsL1.isu

AddRemove-MTK3 - e:\animal hospital downunder\Pet Vet 3D Down Under\uninst.exe

AddRemove-OpDKey - e:\operat~1\DeIsL1.isu

AddRemove-Pac-Man All-Stars - e:\pac man all stars\Uninst.isu

AddRemove-Pet Vet 3D Animal Hospital_is1 - e:\animal hospital regular\Pet Vet 3D Animal Hospital\unins000.exe

AddRemove-Scholastic's I SPY Fantasy - e:\progra~1\SCHOLA~1\ISPYFA~1\UNWISE.EXE

AddRemove-Scholastic's I SPY Mystery - e:\ispymy~1\ISPYMY~1\UNWISE.EXE

AddRemove-Scholastic's I SPY Spooky Mansion Deluxe - f:\progra~1\SCHOLA~1\ISPYSP~1\UNWISE.EXE

AddRemove-Tigger's Honey Hunt - e:\tigerh~1\DeIsL1.isu

AddRemove-Veggie Carnival_is1 - e:\veggie carnival\unins000.exe

AddRemove-{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1 - f:\converthelper\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-21 15:33

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose, ZwOpenFile

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1085031214-1383384898-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-1085031214-1383384898-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:00,ff,42,ea,54,ff,ee,73,fe,6f,7b,e0,8c,4c,3a,fb,fc,67,5c,04,f0,

2c,0d,31,83,db,69,da,40,2d,47,9e,71,20,39,64,b4,69,68,dd,7d,fe,79,8b,f7,c2,\

"rkeysecu"=hex:82,56,d0,33,83,5b,ea,ab,0e,1f,b1,5f,17,d5,5a,42

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(464)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'lsass.exe'(520)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'explorer.exe'(3944)

c:\windows\system32\WININET.dll

c:\windows\system32\guard32.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-03-21 15:38:07

ComboFix-quarantined-files.txt 2011-03-21 19:38

.

Pre-Run: 4,754,509,824 bytes free

Post-Run: 5,421,584,384 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=1,2,3,4

- - End Of File - - 3BA13E5119D45C5EB9048336B8EE2400

Link to post
Share on other sites

Okay you did not place ComboFix on your Desktop on the infected PC. Appears you ran ComboFix from your flash drive.

Let's try the following to see if we can get this PC online:

Note:

You will need to save any work before double clicking the fix.bat file because it will automatically restart your computer

  • Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):
    @Echo on
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0


  • Once you've done that click on File and select Save As...
  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file fix.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it.
  • Once it runs it will automatically restart your computer
  • Once your computer boots again, check to see if your internet is back online?

Link to post
Share on other sites

ComboFix 11-03-21.01 - Owner 03/21/2011 19:11:28.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1073 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: COMODO Antivirus *Disabled/Outdated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\RECYCLER Me

c:\windows\jestertb.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 )))))))))))))))))))))))))))))))

.

.

2011-03-20 19:56 . 2011-03-20 19:56 -------- d-----w- C:\VritualRoot

2011-03-20 17:31 . 2011-03-20 17:31 -------- d-----w- c:\program files\COMODO

2011-03-18 03:41 . 2001-08-17 16:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys

2011-03-18 03:41 . 2001-08-17 17:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys

2011-03-18 03:41 . 2001-08-17 17:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys

2011-03-18 03:41 . 2001-08-17 16:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys

2011-03-18 03:41 . 2001-08-17 18:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys

2011-03-18 03:41 . 2001-08-17 18:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys

2011-03-18 03:41 . 2001-08-17 17:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys

2011-03-18 03:40 . 2001-08-17 18:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys

2011-03-18 03:40 . 2001-08-17 16:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys

2011-03-18 03:40 . 2004-08-04 02:32 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys

2011-03-14 22:14 . 2011-03-14 22:14 -------- dc----w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

2011-03-12 20:38 . 2011-03-12 20:38 -------- d-----w- c:\documents and settings\Administrator

2011-03-11 23:47 . 2011-03-11 23:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\COMODO

2011-03-10 19:51 . 2011-03-10 19:51 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-03-10 19:44 . 2011-03-10 19:51 -------- d-----w- c:\program files\Trend Micro

2011-03-09 17:38 . 2011-03-21 23:02 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2011-03-09 14:32 . 2011-03-09 14:39 -------- d-----w- c:\program files\S&D

2011-03-09 05:33 . 2011-03-13 19:31 -------- d-----w- c:\program files\Unlocker

2011-03-08 23:31 . 2011-03-20 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo

2011-03-08 22:42 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-08 22:42 . 2011-03-08 22:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-08 22:42 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-08 22:27 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-03-05 23:52 . 2011-03-05 23:52 -------- d-----w- c:\windows\system32\wbem\Repository

2011-03-05 03:19 . 2011-03-21 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-03-05 03:19 . 2011-03-05 23:48 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-03-04 22:32 . 2011-03-04 22:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2011-03-04 22:29 . 2011-03-04 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-02-20 16:34 . 2011-02-20 16:34 -------- d-----w- c:\windows\KidMedia

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-09 13:53 . 2004-08-12 14:04 270848 ------w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2004-08-12 13:57 186880 ------w- c:\windows\system32\encdec.dll

2011-02-02 07:58 . 2006-07-21 17:56 2067456 ------w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2006-07-21 17:56 677888 ------w- c:\windows\system32\mstsc.exe

2011-01-24 12:23 . 2010-02-20 18:49 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-01-21 14:44 . 2004-08-12 14:05 439296 ------w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2004-08-12 13:55 290048 ----a-w- c:\windows\system32\atmfd.dll

2011-01-06 21:37 . 2011-01-06 21:37 94784 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-01-06 21:37 . 2011-01-06 21:37 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-01-06 21:37 . 2011-01-06 21:37 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-01-06 21:37 . 2011-01-06 21:37 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys

2010-12-31 13:10 . 2004-08-12 14:09 1854976 ------w- c:\windows\system32\win32k.sys

2010-12-29 05:42 . 2010-12-29 05:42 285480 ----a-w- c:\windows\system32\guard32.dll

2010-12-22 12:34 . 2004-08-12 13:58 301568 ----a-w- c:\windows\system32\kerberos.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 2548552]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

BounceBack Launcher.lnk - c:\program files\CMS Peripherals\BounceBack Express\BBLauncher.exe [2010-2-25 86016]

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

PowerReg Scheduler.exe [2007-12-2 256000]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-20 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

[bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/20/2010 2:50 PM 64288]

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1/6/2011 5:37 PM 15592]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 239368]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 27576]

R2 portD;ABS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2/25/2010 4:46 PM 7296]

R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2/20/2007 6:06 PM 23200]

S2 Ca536av;Icatch(VII) Video Camera Device;c:\windows\system32\Drivers\Ca536av.sys --> c:\windows\system32\Drivers\Ca536av.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - KLMD25

*Deregistered* - klmd25

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=https=ftp=gopher=socks=

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\0g7bp6jh.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/outlook/homeandgarden/home/local/45385?lswe=45385&lwsa=Weather36HourHomeCommand&from=whatwhere

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ba92d9b&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: yahoo.homepage.dontask - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-21 19:18

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose, ZwOpenFile

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1085031214-1383384898-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-1085031214-1383384898-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:00,ff,42,ea,54,ff,ee,73,fe,6f,7b,e0,8c,4c,3a,fb,fc,67,5c,04,f0,

2c,0d,31,83,db,69,da,40,2d,47,9e,71,20,39,64,b4,69,68,dd,7d,fe,79,8b,f7,c2,\

"rkeysecu"=hex:82,56,d0,33,83,5b,ea,ab,0e,1f,b1,5f,17,d5,5a,42

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(464)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'lsass.exe'(520)

c:\windows\system32\guard32.dll

.

Completion time: 2011-03-21 19:23:12

ComboFix-quarantined-files.txt 2011-03-21 23:23

.

Pre-Run: 5,417,164,800 bytes free

Post-Run: 5,405,052,928 bytes free

.

Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=1,2,3,4

- - End Of File - - 09B4A1C54A965EB1D6413E47F6BC8199

I was able to get on line. When I loaded Combofix the first time I had to go on line to get the download for

the Windows Recovery Console. The past few days I wasn't receiving any packets. I downloaded and ran Combofix again.

Maybe my firewall was blocking my connection.

Link to post
Share on other sites

Hi,

Much better.... :)

Please download ATF Cleaner by Atribune.


  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Next

Update Run Malwarebytes

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6131

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

3/22/2011 9:43:00 AM

mbam-log-2011-03-22 (09-43-00).txt

Scan type: Quick scan

Objects scanned: 154267

Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello,

Thank you for all your help. My system restore tab has been missing and now it is back. Did ComboFix

do that? Do you think my computer is clean now? I was thinking I should run these same tests on my laptop,

since I was using it to transfer downloads to the infected computer. Thank you again for your time and advice.

I tried for two weeks on my own without success.

Link to post
Share on other sites

Yes ComboFix did the trick, but please do not use ComboFix on your own:

http://www.bleepingcomputer.com/forums/topic273628.html

Please run this online scan to help look for remnants.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetesets_scanner_update returned -1 esets_gle=0

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=e08b1567046bb24b906afbb87b0e555a

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-03-23 04:28:49

# local_time=2011-03-23 12:28:49 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 193050 193050 0 0

# compatibility_mode=3073 16777178 80 75 0 6638673 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=0

# found=0

# cleaned=0

# scan_time=0

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internet# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=e08b1567046bb24b906afbb87b0e555a

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-03-23 05:51:45

# local_time=2011-03-23 01:51:45 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 193569 193569 0 0

# compatibility_mode=3073 16777178 80 75 0 6639192 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=72113

# found=5

# cleaned=0

# scan_time=4461

C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Desktop\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\My Documents\Downloads\unlocker1.9.0.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Start Menu\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetesets_scanner_update returned -1 esets_gle=0

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=e08b1567046bb24b906afbb87b0e555a

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-03-23 04:28:49

# local_time=2011-03-23 12:28:49 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 193050 193050 0 0

# compatibility_mode=3073 16777178 80 75 0 6638673 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=0

# found=0

# cleaned=0

# scan_time=0

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internet# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=e08b1567046bb24b906afbb87b0e555a

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-03-23 05:51:45

# local_time=2011-03-23 01:51:45 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 193569 193569 0 0

# compatibility_mode=3073 16777178 80 75 0 6639192 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=72113

# found=5

# cleaned=0

# scan_time=4461

C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Desktop\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\My Documents\Downloads\unlocker1.9.0.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Start Menu\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetesets_scanner_update returned -1 esets_gle=0

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=e08b1567046bb24b906afbb87b0e555a

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-03-23 04:28:49

# local_time=2011-03-23 12:28:49 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 193050 193050 0 0

# compatibility_mode=3073 16777178 80 75 0 6638673 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=0

# found=0

# cleaned=0

# scan_time=0

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internet# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=e08b1567046bb24b906afbb87b0e555a

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-03-23 05:51:45

# local_time=2011-03-23 01:51:45 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 193569 193569 0 0

# compatibility_mode=3073 16777178 80 75 0 6639192 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=72113

# found=5

# cleaned=0

# scan_time=4461

C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Desktop\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\My Documents\Downloads\unlocker1.9.0.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Start Menu\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Sorry, I guess I hit reply too many times. I'm not sure how to delete the extra two.

That okay.... :)

Please download the OTM by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Services

    :Reg

    :Files
    :Files
    C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
    C:\Documents and Settings\Owner\Desktop\eBay.lnk
    C:\Documents and Settings\Owner\Start Menu\eBay.lnk
    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    ipconfig /flushdns /c
    %systemroot%\prefetch\*.*
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]


  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.