Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

alureon-G@mbr(rtk)

Started by Zeeker1217 , May 17 2011 11:47 PM

  • This topic is locked This topic is locked

#1
Zeeker1217
Posted 17 May 2011 - 11:47 PM

Zeeker1217

    Member

  • Member
  • PipPip
  • 15 posts
Hi,
I am a noobie to the forum but have read alot of posts here. I am tryin to clean up my aunts pc and this Alureon-g@mbr(rtk) is just being a booger and wont go away. I have seen similar threads with similar viruses and look to be a long process to get them cleaned up. So I would be very appreciative for any guidance
Thank you in advance!!
  • 0

Advertisements

#2
Satchfan
Posted 18 May 2011 - 02:43 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Hello Zeeker1217 and welcome to the G2G forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:


• Please follow all instructions in the order posted
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• If you don't understand something, please don't hesitate to ask for clarification before proceeding
• The fixes are specific to your problem and should only be used for this issue on this machine.
• Please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


Run DDS

Please download DDS by sUBs from one of the following links and save it to your desktop.

  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
  • Post the contents of the DDS.txt and Attach.txt reports in your next reply


Run aswMBR

  • download aswMBR.exe ( 511KB ) to your desktop
  • double click the aswMBR.exe to run it
  • click the "Scan" button to start the scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Logs to include with next post:

DDS.txt
Attach.txt
aswMBR log

Thanks

Satchfan
  • 0

#3
Zeeker1217
Posted 18 May 2011 - 08:51 AM

Zeeker1217

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi, Satchfan
Thank you for your quick reponse! I will download that tonight when I am off work. It will be around 10pm central time.

Also the pics in your post are not showing for me. Is there a setting on this forum that I am missing?

Thank you again!!
  • 0

#4
Zeeker1217
Posted 18 May 2011 - 09:52 PM

Zeeker1217

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
dds.txt
DDS (Ver_11-03-05.01) - NTFSx86
Run by Julie at 22:31:03.90 on Wed 05/18/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.626 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\DOWNLO~1\MyWebEx\319\atnthost.exe
C:\WINDOWS\DOWNLO~1\MyWebEx\319\RAAGTAPP.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\SN0XRCV.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DOWNLO~1\MyWebEx\319\raagtx.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Julie\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uStart Page = hxxp://www.keloland.com/
uDefault_Page_URL = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar5.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SN0XRCV] c:\windows\system32\spool\drivers\w32x86\3\SN0XRCV.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\logon.cmd
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\windows\downlo~1\mywebex\319\raagtx.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: intuit.com\ttlc
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238538049002
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www2.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - c:\program files\sharp\sharpdesk\ExplorerExtensions.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-11 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-13 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-13 307928]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-13 19544]
R2 atnthost;WebEx Remote Access Agent;c:\windows\downlo~1\mywebex\319\atnthost.exe [2009-3-9 16792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-13 42184]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-13 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2146496]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-13 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-29 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-7 38224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quc2c1~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quc2c1~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
.
=============== Created Last 30 ================
.
2011-05-17 14:49:01 -------- d-----w- c:\docume~1\julie\applic~1\SUPERAntiSpyware.com
2011-05-17 14:23:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-05-17 14:22:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-13 18:43:57 -------- d-----w- c:\docume~1\julie\locals~1\applic~1\Temp
2011-05-13 18:43:22 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-13 18:42:32 40112 ----a-w- c:\windows\avastSS.scr
2011-05-13 18:42:12 -------- d-----w- c:\program files\AVAST Software
2011-05-13 18:42:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-05-13 14:30:00 -------- d-----w- c:\windows\pss
2011-05-11 19:37:16 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-11 19:36:53 -------- d-----w- c:\program files\Lavasoft
2011-05-09 17:31:09 1409 ----a-w- c:\windows\QTFont.for
2011-05-07 15:00:13 -------- d-----w- c:\docume~1\julie\applic~1\Malwarebytes
2011-05-07 14:59:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-07 14:59:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-07 14:59:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-07 14:59:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-06 19:29:10 -------- d-----w- c:\program files\AVG
.
==================== Find3M ====================
.
2011-05-17 14:27:38 26112 ----a-w- c:\windows\system32\userinit.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ------w- c:\windows\system32\html.iec
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD3200AAJS-00L7A0 rev.01.03E01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F3E4D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86f447f0]; MOV EAX, [0x86f4486c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F5CAB8]
3 CLASSPNP[0xF75FEFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86EFA720]
\Driver\atapi[0x86F63A00] -> IRP_MJ_CREATE -> 0x86F3E4D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86F3E31B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:32:30.51 ===============
  • 0

#5
Zeeker1217
Posted 18 May 2011 - 09:54 PM

Zeeker1217

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
attach.txt
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/7/2006 8:23:51 AM
System Uptime: 5/18/2011 10:17:08 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0JC474
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 107 GiB total, 72.464 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 36.508 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01C41028&REV_04\4&10BD256C&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01C41028&REV_04\4&10BD256C&0&40F0
Service: E100B
.
==== System Restore Points ===================
.
RP1: 5/5/2011 5:31:02 PM - System Checkpoint
RP2: 5/6/2011 1:57:30 PM - Removed WexTech AnswerWorks
RP3: 5/6/2011 1:59:44 PM - Removed Microsoft FrontPage 2002
RP4: 5/6/2011 2:10:24 PM - Removed QuickBooks
RP5: 5/6/2011 2:29:09 PM - Installed AVG 2011
RP6: 5/6/2011 2:29:21 PM - Removed AVG 2011
RP7: 5/6/2011 2:30:05 PM - Installed AVG 2011
RP8: 5/6/2011 2:34:57 PM - Removed AVG 2011
RP9: 5/9/2011 12:34:28 PM - System Checkpoint
RP10: 5/10/2011 1:54:49 PM - System Checkpoint
RP11: 5/11/2011 10:33:31 AM - Removed Adobe Acrobat - Reader 6.0.2 Update
RP12: 5/11/2011 10:35:31 AM - Removed AnswerWorks 4.0 Runtime - English
RP13: 5/11/2011 10:38:29 AM - Removed iSEEK AnswerWorks English Runtime
RP14: 5/11/2011 10:38:47 AM - Removed TurboTax 2009 WinPerTaxSupport
RP15: 5/11/2011 10:39:35 AM - Removed TurboTax 2009 WinPerFedFormset
RP16: 5/11/2011 10:40:19 AM - Removed TurboTax 2009 WinPerReleaseEngine
RP17: 5/11/2011 10:41:32 AM - Removed TurboTax 2009 wrapper
RP18: 5/11/2011 2:36:23 PM - Installed Ad-Aware
RP19: 5/11/2011 2:36:50 PM - Installed Ad-Aware
RP20: 5/13/2011 1:26:29 PM - Removed AVG 2011
RP21: 5/13/2011 1:27:58 PM - Removed AVG 2011
RP22: 5/13/2011 1:42:12 PM - avast! Free Antivirus Setup
RP23: 5/17/2011 11:33:26 PM - OTL Restore Point
.
==== Installed Programs ======================
.
Ad-Aware
Adobe Acrobat Elements 6.0
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
Adobe Reader 7.0.8
Adobe Reader 7.0.9
Adobe Reader 7.1.0
AllPro Invoice Manager
AOLIcon
avast! Free Antivirus
Bookkeeping Forms
Brother MFL-Pro Suite
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
DellSupport
ELIcon
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
iTunes
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SE v1.4.2_03
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetWaiting
PaperPort
Payroll Calculator v3.4
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
QuickBooks
QuickBooks Customer Manager Version 2
QuickBooks Premier: Accountant Edition 2008
QuickBooks Premier: Accountant Edition 2009
QuickBooks Premier: Accountant Edition 2010
QuickBooks Product Listing Service
QuickBooks Remote Access
QuickBooks Simple Start Edition
QuickTime
RealPlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Search Assist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SHARP MX-2300/2700/3500/4500/5500/6200/7000 PC-Fax
Sharpdesk
Sonic Activation Module
Sonic Encoders
SUPERAntiSpyware
SupportSoft Assisted Service
Tax Forms Helper 2006 7.5
Tax Forms Helper 2008 8.5
TurboTax 2010
TurboTax 2010 WinBizFedFormset
TurboTax 2010 WinBizReleaseEngine
TurboTax 2010 WinBizTaxSupport
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax Business 2010
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
Visual Studio 2005 Tools for Office Second Edition Runtime
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/18/2011 7:58:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: General access denied error
5/18/2011 6:58:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: General access denied error
5/18/2011 5:58:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: General access denied error
5/18/2011 4:58:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: General access denied error
5/18/2011 3:58:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
5/18/2011 2:58:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
5/18/2011 12:58:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
5/18/2011 10:21:14 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f742b71d, parameter3 9f841758, parameter4 00000000.
5/18/2011 1:58:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
5/17/2011 9:43:25 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f742b71d, parameter3 a0c9a758, parameter4 00000000.
5/17/2011 9:22:08 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/17/2011 11:58:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: General access denied error
5/17/2011 10:58:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: General access denied error
5/16/2011 10:58:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: General access denied error
5/13/2011 3:00:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
5/13/2011 3:00:29 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/13/2011 11:26:14 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/13/2011 11:26:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/13/2011 1:05:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
5/13/2011 1:04:48 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
5/13/2011 1:04:48 PM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/12/2011 4:04:45 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/12/2011 4:03:15 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
5/12/2011 12:48:49 PM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
5/12/2011 11:58:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: General access denied error
5/11/2011 9:58:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: General access denied error
5/11/2011 8:58:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: General access denied error
5/11/2011 3:58:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: General access denied error
5/11/2011 2:58:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: General access denied error
5/11/2011 2:56:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
5/11/2011 2:56:12 PM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/11/2011 2:50:56 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
5/11/2011 2:50:26 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/11/2011 2:30:24 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
5/11/2011 2:30:24 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL. Reference error message: The operation completed successfully. .
5/11/2011 2:30:24 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
5/11/2011 12:58:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: General access denied error
5/11/2011 1:58:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: General access denied error
.
==== End Of File ===========================
  • 0

#6
Zeeker1217
Posted 18 May 2011 - 11:08 PM

Zeeker1217

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
aswmbr.txt

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-19 00:03:40
-----------------------------
00:03:40.875 OS Version: Windows 5.1.2600 Service Pack 3
00:03:40.875 Number of processors: 2 586 0x403
00:03:40.875 ComputerName: JULIE UserName: Julie
00:03:41.203 Initialize success
00:03:53.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
00:03:53.875 Disk 0 Vendor: WDC_WD3200AAJS-00L7A0 01.03E01 Size: 305245MB BusType: 3
00:03:53.890 Device \Driver\atapi -> DriverStartIo 86f3e31b
00:03:55.890 Disk 0 MBR read successfully
00:03:55.890 Disk 0 MBR scan
00:03:55.890 Disk 0 TDL4@MBR code has been found
00:03:55.890 Disk 0 MBR hidden
00:03:55.890 Disk 0 MBR [TDL4] **ROOTKIT**
00:03:55.890 Disk 0 trace - called modules:
00:03:55.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f3e4d0]<<
00:03:55.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f5cab8]
00:03:55.890 3 CLASSPNP.SYS[f75fefd7] -> nt!IofCallDriver -> [0x86efa720]
00:03:55.890 \Driver\atapi[0x86f63a00] -> IRP_MJ_CREATE -> 0x86f3e4d0
00:03:55.890 Scan finished successfully
00:04:37.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Julie\Desktop\MBR.dat"
00:04:37.593 The log file has been saved successfully to "C:\Documents and Settings\Julie\Desktop\aswMBR.txt"
  • 0

#7
Satchfan
Posted 19 May 2011 - 04:52 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Hi Zeeker1217

Apologies for not replying sooner about the image problem but for some reason I received no notification of your reply.

I’m not sure what the reason is but will try to find out.

Meanwhile, I hope you can manage with the following instructions minus pctures. Let me know if you have any problems.


Re-Run aswMBR

Click Scan

On completion of the scan click the Fix button

Save the log as before and post in your next reply


Download and run ComboFix

Download Combofix from either of the links below. You must rename it to mytool before saving it.
Save it to your desktop. Change the save as file type to "all files"

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:

  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

Link 1
Link 2


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.
  • Double click on the renamed ComboFix.exe & follow the prompts.

When finished, it will produce a report for you. Please post the C:\ComboFix.txt in your next reply with the aswMBR log.

Satchfan
  • 0

#8
Zeeker1217
Posted 19 May 2011 - 09:25 AM

Zeeker1217

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi,
The pics are showing now. The pc with the issue is currently not hooked up to the net. I have to save the files to a flash drive and then xfr them over. I hope that wont cause any issues. If it will please let me know and I can hook it back up to the net.
I re-ran the aswmbr and when fixing it locked up on verifying disinfection. I had to reboot and ran it again. This time no error lines so looks like it did fix that part. Here is the log....
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-19 10:17:38
-----------------------------
10:17:38.671 OS Version: Windows 5.1.2600 Service Pack 3
10:17:38.671 Number of processors: 2 586 0x403
10:17:38.671 ComputerName: JULIE UserName: Julie
10:17:39.265 Initialize success
10:18:03.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:18:03.593 Disk 0 Vendor: WDC_WD3200AAJS-00L7A0 01.03E01 Size: 305245MB BusType: 3
10:18:05.609 Disk 0 MBR read successfully
10:18:05.609 Disk 0 MBR scan
10:18:05.609 Disk 0 unknown MBR code
10:18:07.609 Disk 0 scanning sectors +312496380
10:18:07.625 Disk 0 scanning C:\WINDOWS\system32\drivers
10:18:12.203 Service scanning
10:18:13.421 Disk 0 trace - called modules:
10:18:13.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:18:13.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f64ab8]
10:18:13.421 3 CLASSPNP.SYS[f75fefd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86fd2b00]
10:18:13.421 Scan finished successfully
10:19:26.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Julie\Desktop\MBR.dat"
10:19:26.750 The log file has been saved successfully to "C:\Documents and Settings\Julie\Desktop\aswMBR2.txt"
  • 0

#9
Zeeker1217
Posted 19 May 2011 - 12:17 PM

Zeeker1217

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ComboFix 11-05-18.04 - Julie 05/19/2011 10:58:45.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.643 [GMT -5:00]
Running from: c:\documents and settings\Julie\Desktop\mytool.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jennifer\WINDOWS
c:\documents and settings\Julie\WINDOWS
c:\documents and settings\NetworkService\Application Data\alot
c:\windows\system32\config\systemprofile\Application Data\alot
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-17 14:49 . 2011-05-17 14:49 -------- d-----w- c:\documents and settings\Julie\Application Data\SUPERAntiSpyware.com
2011-05-17 14:23 . 2011-05-17 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-17 14:23 . 2011-05-17 14:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-05-17 14:22 . 2011-05-17 14:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-17 14:10 . 2011-05-17 14:10 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-05-13 18:48 . 2011-05-13 19:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-05-13 18:43 . 2011-05-13 19:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-13 18:43 . 2011-05-13 18:52 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\Temp
2011-05-13 18:43 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-13 18:43 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-13 18:43 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-13 18:43 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-13 18:43 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-13 18:43 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-13 18:43 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-13 18:43 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-13 18:43 . 2011-05-13 18:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-05-13 18:43 . 2011-05-13 18:43 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-05-13 18:42 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-13 18:42 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-13 18:42 . 2011-05-13 18:42 -------- d-----w- c:\program files\AVAST Software
2011-05-13 18:42 . 2011-05-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-13 15:20 . 2011-05-13 15:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-05-11 19:37 . 2011-04-29 17:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-11 19:36 . 2011-05-11 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-05-11 19:36 . 2011-05-11 19:36 -------- d-----w- c:\program files\Lavasoft
2011-05-09 17:31 . 2011-05-09 17:31 1409 ----a-w- c:\windows\QTFont.for
2011-05-07 15:00 . 2011-05-07 15:00 -------- d-----w- c:\documents and settings\Julie\Application Data\Malwarebytes
2011-05-07 14:59 . 2011-05-07 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-07 14:59 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-07 14:59 . 2011-05-07 15:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-07 14:59 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-06 19:29 . 2011-05-06 19:29 -------- d-----w- c:\program files\AVG
2011-05-05 22:11 . 2011-05-05 22:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-05-05 22:11 . 2011-05-05 22:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-05 20:48 . 2011-05-05 20:48 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-05-05 17:01 . 2011-05-05 17:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-17 14:27 . 2005-08-16 09:18 26112 ----a-w- c:\windows\system32\userinit.exe
2011-03-07 05:33 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2005-08-16 09:18 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2005-08-16 09:18 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2005-08-16 09:18 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2005-08-16 09:18 385024 ------w- c:\windows\system32\html.iec
.
<pre>
c:\program files\AVG\AVG10\avgtray .exe
c:\program files\Dell Support Center\bin\sprtcmd .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\ScanSoft\PaperPort\IndexSearch .exe
c:\program files\ScanSoft\PaperPort\pptd40nt .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"SN0XRCV"="c:\windows\system32\spool\drivers\w32x86\3\SN0XRCV.exe" [2005-09-13 102400]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
logon.cmd [2007-7-12 78]
QuickBooks Remote Access.LNK - c:\windows\DOWNLO~1\MyWebEx\319\raagtx.exe [2009-3-9 38200]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell\\Dell Laser MFP 1815\\NetworkScan\\DNSCST.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SN0XNJR.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/11/2011 2:37 PM 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/13/2011 1:43 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/13/2011 1:43 PM 307928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/13/2011 1:43 PM 19544]
R2 atnthost;WebEx Remote Access Agent;c:\windows\DOWNLO~1\MyWebEx\319\atnthost.exe [3/9/2009 5:35 PM 16792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2011 1:43 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/29/2011 12:11 PM 2146496]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2011 1:43 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [4/29/2011 12:11 PM 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/7/2011 9:59 AM 38224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUC2C1~1\QBDBMgrN.exe -hvQuickBooksDB20 --> c:\progra~1\Intuit\QUC2C1~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 17:11]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 18:43]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 18:43]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.keloland.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 11:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,a9,c0,e3,89,8e,94,48,91,24,01,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,a9,c0,e3,89,8e,94,48,91,24,01,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{20182402-24ED-DBEE-0C047CC941A92C12}\{18337038-91FA-1511-718667CAE01F35A0}\{7E9CBDE1-C583-B4C7-27A5326796C918BF}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,57,54,30,
51,70,f6,93,b4,f8,df,3c,dd,68,a3,d9,2a,dc,cf,1b,c4,1f,0f,5e,a4,db,28,03,33,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{286D4131-3821-6CBF-08770360589374C2}\{48BEB065-0DEC-1314-6E019AD5B66531AE}\{E2D4EA90-E228-BF00-D20DE2AD05099BA2}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71AAA611-245D-D09F-882845FC5EAA24CC}\{DFD26894-68B9-4777-FDD1761F9E74CD53}\{F10C9B44-6C01-0B82-830AFBCCD029C402}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,57,54,30,
51,70,f6,93,b4,f8,df,3c,dd,68,a3,d9,2a,dc,cf,1b,c4,1f,0f,5e,a4,db,28,03,33,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9807A10-4727-9AC7-5739BD03864C7141}\{F4D35AF9-854F-CCC6-B4221006081D3FF5}\{1DA5733C-531E-5F12-5A70B13F4DD5DE9D}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(572)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1392)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-19 11:17:46
ComboFix-quarantined-files.txt 2011-05-19 16:17
ComboFix2.txt 2011-01-12 22:33
.
Pre-Run: 77,591,658,496 bytes free
Post-Run: 78,313,164,800 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E707F6973B3598A684D201A7B36361B3
  • 0

#10
Satchfan
Posted 19 May 2011 - 02:37 PM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Hello Zeeker1217

Open ComboFix

Please do the following:


• Close any open browsers.
Close/disable all anti virus and anti malware programs so that they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
RenV::
c:\program files\AVG\AVG10\avgtray .exe 
c:\program files\Dell Support Center\bin\sprtcmd .exe 
c:\program files\iTunes\iTunesHelper .exe 
c:\program files\ScanSoft\PaperPort\IndexSearch .exe 
c:\program files\ScanSoft\PaperPort\pptd40nt .exe 

File::
c:\program files\AVG

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it produces a log at C:\ComboFix.txt. Post the contents of Combofix.txt in your next reply.


Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scanner” tab, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

How is the computer running now?

Satchfan
  • 0

Advertisements

#11
Zeeker1217
Posted 19 May 2011 - 04:03 PM

Zeeker1217

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I will have to do this tonight after 10pm and post the logs.
Thanks again for your help!!
  • 0

#12
Zeeker1217
Posted 19 May 2011 - 10:23 PM

Zeeker1217

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ComboFix 11-05-18.04 - Julie 05/19/2011 17:03:18.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.513 [GMT -5:00]
Running from: c:\documents and settings\Julie\Desktop\mytool.exe
Command switches used :: c:\documents and settings\Julie\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-19 21:59 . 2011-05-19 21:59 -------- d-----w- C:\mytool
2011-05-17 14:49 . 2011-05-17 14:49 -------- d-----w- c:\documents and settings\Julie\Application Data\SUPERAntiSpyware.com
2011-05-17 14:23 . 2011-05-17 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-17 14:23 . 2011-05-17 14:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-05-17 14:22 . 2011-05-17 14:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-17 14:10 . 2011-05-17 14:10 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-05-13 18:48 . 2011-05-13 19:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-05-13 18:43 . 2011-05-13 19:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-13 18:43 . 2011-05-13 18:52 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\Temp
2011-05-13 18:43 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-13 18:43 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-13 18:43 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-13 18:43 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-13 18:43 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-13 18:43 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-13 18:43 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-13 18:43 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-13 18:43 . 2011-05-13 18:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-05-13 18:43 . 2011-05-13 18:43 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-05-13 18:42 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-13 18:42 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-13 18:42 . 2011-05-13 18:42 -------- d-----w- c:\program files\AVAST Software
2011-05-13 18:42 . 2011-05-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-13 15:20 . 2011-05-13 15:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-05-11 19:37 . 2011-04-29 17:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-11 19:36 . 2011-05-11 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-05-11 19:36 . 2011-05-11 19:36 -------- d-----w- c:\program files\Lavasoft
2011-05-09 17:31 . 2011-05-09 17:31 1409 ----a-w- c:\windows\QTFont.for
2011-05-07 15:00 . 2011-05-07 15:00 -------- d-----w- c:\documents and settings\Julie\Application Data\Malwarebytes
2011-05-07 14:59 . 2011-05-07 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-07 14:59 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-07 14:59 . 2011-05-07 15:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-07 14:59 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-06 19:29 . 2011-05-06 19:29 -------- d-----w- c:\program files\AVG
2011-05-05 22:11 . 2011-05-05 22:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-05-05 22:11 . 2011-05-05 22:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-05 20:48 . 2011-05-05 20:48 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-05-05 17:01 . 2011-05-05 17:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-17 14:27 . 2005-08-16 09:18 26112 ----a-w- c:\windows\system32\userinit.exe
2011-03-07 05:33 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2005-08-16 09:18 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2005-08-16 09:18 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2005-08-16 09:18 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2005-08-16 09:18 385024 ------w- c:\windows\system32\html.iec
.
<pre>
c:\program files\AVG\AVG10\avgtray .exe
c:\program files\Dell Support Center\bin\sprtcmd .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\ScanSoft\PaperPort\IndexSearch .exe
c:\program files\ScanSoft\PaperPort\pptd40nt .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"SN0XRCV"="c:\windows\system32\spool\drivers\w32x86\3\SN0XRCV.exe" [2005-09-13 102400]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
logon.cmd [2007-7-12 78]
QuickBooks Remote Access.LNK - c:\windows\DOWNLO~1\MyWebEx\319\raagtx.exe [2009-3-9 38200]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell\\Dell Laser MFP 1815\\NetworkScan\\DNSCST.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SN0XNJR.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/11/2011 2:37 PM 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/13/2011 1:43 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/13/2011 1:43 PM 307928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/13/2011 1:43 PM 19544]
R2 atnthost;WebEx Remote Access Agent;c:\windows\DOWNLO~1\MyWebEx\319\atnthost.exe [3/9/2009 5:35 PM 16792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2011 1:43 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/29/2011 12:11 PM 2146496]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2011 1:43 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [4/29/2011 12:11 PM 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/7/2011 9:59 AM 38224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUC2C1~1\QBDBMgrN.exe -hvQuickBooksDB20 --> c:\progra~1\Intuit\QUC2C1~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 17:11]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 18:43]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 18:43]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.keloland.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 17:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,a9,c0,e3,89,8e,94,48,91,24,01,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,a9,c0,e3,89,8e,94,48,91,24,01,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{20182402-24ED-DBEE-0C047CC941A92C12}\{18337038-91FA-1511-718667CAE01F35A0}\{7E9CBDE1-C583-B4C7-27A5326796C918BF}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,57,54,30,
51,70,f6,93,b4,f8,df,3c,dd,68,a3,d9,2a,dc,cf,1b,c4,1f,0f,5e,a4,db,28,03,33,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{286D4131-3821-6CBF-08770360589374C2}\{48BEB065-0DEC-1314-6E019AD5B66531AE}\{E2D4EA90-E228-BF00-D20DE2AD05099BA2}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71AAA611-245D-D09F-882845FC5EAA24CC}\{DFD26894-68B9-4777-FDD1761F9E74CD53}\{F10C9B44-6C01-0B82-830AFBCCD029C402}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,57,54,30,
51,70,f6,93,b4,f8,df,3c,dd,68,a3,d9,2a,dc,cf,1b,c4,1f,0f,5e,a4,db,28,03,33,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9807A10-4727-9AC7-5739BD03864C7141}\{F4D35AF9-854F-CCC6-B4221006081D3FF5}\{1DA5733C-531E-5F12-5A70B13F4DD5DE9D}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(572)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3932)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-19 17:18:10
ComboFix-quarantined-files.txt 2011-05-19 22:18
ComboFix2.txt 2011-05-19 16:17
ComboFix3.txt 2011-01-12 22:33
.
Pre-Run: 78,332,715,008 bytes free
Post-Run: 78,308,929,536 bytes free
.
- - End Of File - - C7B5A6A1F14A5DCA9D833568AB37FBC6
  • 0

#13
Zeeker1217
Posted 19 May 2011 - 10:24 PM

Zeeker1217

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6622

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/19/2011 11:20:40 PM
mbam-log-2011-05-19 (23-20-40).txt

Scan type: Quick scan
Objects scanned: 215541
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#14
Zeeker1217
Posted 19 May 2011 - 10:27 PM

Zeeker1217

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
It is running alot smoother... if left on for a while it would blue screen before or if opening programs it would also. So far its been left on all day and hsa not blue screened or locked up.
  • 0

#15
Satchfan
Posted 20 May 2011 - 02:34 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Hi Zeeker 1217

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

You are using two anti-viruses. Avast and Ad-aware, (ad-aware now includes anti-virus protection). Having more than one anti-virus can cause conflicts with each other. I recommended you remove Ad-Aware.


When you’ve done that, the last fix didn’t work so let’s try it again:

Open ComboFix

Please do the following:


• Close any open browsers.
Close/disable all anti virus and anti malware programs so that they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
RenV::
c:\program files\AVG\AVG10\avgtray .exe 
c:\program files\Dell Support Center\bin\sprtcmd .exe 
c:\program files\iTunes\iTunesHelper .exe 
c:\program files\ScanSoft\PaperPort\IndexSearch .exe 
c:\program files\ScanSoft\PaperPort\pptd40nt .exe 

Folder::
c:\program files\AVG

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it produces a log at C:\ComboFix.txt. Post the contents of Combofix.txt in your next reply.

Thanks

Satchfan
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP