BleepingComputer.com: Need help removing rootkit/rootkits

Ok i believe im infected with a large number of viruses and possibly one rootkit if not more.

I have run combofix multiple times and it told me that i had rootkits installed, specifically rootkit.zeroaccess, and afterwards i tried running avira. i thought i had gotten rid of it but it all popped up again today. i lost the ability to open and run firefox or any program because a fake antispyware program keeps popping up: "Vista Antispyware 2012". i have found that doing a restore or a startup repair is a temporary fix to allow me to access the internet, but it usually pops back up within the hour. now combofix will run but tells me to shut down avira even-though i have uninstalled it and deleted everything i can find related to it.

also on a side note there were a couple of times when after running combofix every folder file or program i tried to open would come up as an entry marked for deletion. usually a restart or another windows repair would fix the problem.

below is the most recent combofix log that i have. about 20 minutes old

any help at all would be greatly appreciated.

ComboFix 11-12-23.01 - Jessie 12/24/2011 15:04:19.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.2248 [GMT -5:00]
Running from: c:\users\Jessie\Desktop\Combo-Fix.exe
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jessie\AppData\Local\ngf.exe
c:\windows\$NtUninstallKB62280$
c:\windows\$NtUninstallKB62280$\3469481104
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\keywords
c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
c:\windows\$NtUninstallKB62280$\485945278\L\qnbwvoto
c:\windows\$NtUninstallKB62280$\485945278\lsflt7.ver
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
.
.
((((((((((((((((((((((((( Files Created from 2011-11-24 to 2011-12-24 )))))))))))))))))))))))))))))))
.
.
2011-12-24 20:13 . 2011-12-24 20:13 -------- d-----w- c:\users\Jessie\AppData\Local\temp
2011-12-24 20:13 . 2011-12-24 20:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-12-24 20:13 . 2011-12-24 20:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-24 20:13 . 2011-12-24 20:13 -------- d-----w- c:\users\oOJonathanOo\AppData\Local\temp
2011-12-24 20:13 . 2011-12-24 20:13 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-12-24 20:13 . 2011-12-24 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-24 20:13 . 2011-12-24 20:13 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-12-24 17:58 . 2011-12-24 17:58 29184 ----a-w- c:\windows\system32\3Wjb1DrV6.com
2011-12-24 06:27 . 2011-12-24 06:27 -------- d-----w- c:\users\Jessie\AppData\Local\SanctionedMedia
2011-12-24 03:40 . 2008-01-21 02:24 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-23 11:03 . 2011-12-23 11:03 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-12-23 11:03 . 2011-12-23 11:03 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-12-23 10:00 . 2011-12-23 10:00 35904 ----a-w- c:\windows\system32\drivers\rq10ixua.sys
2011-12-23 09:52 . 2011-12-23 09:55 -------- d-----w- c:\users\Jessie\Pavark
2011-12-05 21:22 . 2011-12-05 21:22 -------- d-----w- c:\program files\MediaFire
2011-12-03 23:24 . 2011-12-16 13:14 -------- d-----w- c:\users\Jessie\AppData\Local\Temp(100)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-24 21:45 . 2008-01-21 02:24 71680 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-11-17 22:31 . 2011-11-17 22:31 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2010-03-11 04:01 . 2010-03-11 04:01 124272 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-03-11 04:40 . 2010-03-11 04:40 13168 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-03-11 04:02 . 2010-03-11 04:02 70512 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-03-11 04:01 . 2010-03-11 04:01 91504 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-03-11 04:01 . 2010-03-11 04:01 22384 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-03-11 04:00 . 2010-03-11 04:00 255344 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-03-11 04:01 . 2010-03-11 04:01 31088 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-03-11 04:01 . 2010-03-11 04:01 40304 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-10-05 17:49 . 2009-10-05 17:49 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-03-11 04:02 . 2010-03-11 04:02 23920 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-05-03 17:39 . 2011-05-03 17:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Smad"="c:\users\Jessie\AppData\Local\SanctionedMedia\Smad\Smad.exe" [2011-12-24 37376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-02-19 591696]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jessie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^V CAST Media Monitor.lnk]
path=c:\users\Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V CAST Media Monitor.lnk
backup=c:\windows\pss\V CAST Media Monitor.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-03-11 04:21 300400 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2010-06-26 18:09 167936 ----a-w- c:\program files\Freecorder\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 12:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 18:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
c:\users\Jessie\AppData\Roaming\Skype\Phone\Skype.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-17 13:34 634880 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-15 22:44 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 06:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 18:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-24 136176]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-24 136176]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgusbgps.sys [2008-11-11 19968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 rq10ixua;Vba32 Armour Driver;c:\windows\System32\Drivers\rq10ixua.sys [2011-12-23 35904]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 65584]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-17 239168]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-07-22 690472]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-24 c:\windows\Tasks\At1.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At11.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At13.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At15.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At17.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At19.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At21.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At23.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At25.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At27.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At29.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At3.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At31.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At33.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At35.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At37.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At39.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At41.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At43.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At45.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At47.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At5.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At7.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\At9.job
- c:\windows\system32\3Wjb1DrV6.com [2011-12-24 17:58]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-24 16:28]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-24 16:28]
.
2011-12-24 c:\windows\Tasks\User_Feed_Synchronization-{C1AAE4D2-2DDE-4404-9C03-391CE478EC8A}.job
- c:\windows\system32\msfeedssync.exe [2011-05-12 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\8mu2k215.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: XULRunner: {977A121F-E5A0-4EC3-A9E6-B883FB961AFE} - c:\users\Jessie\AppData\Local\{977A121F-E5A0-4EC3-A9E6-B883FB961AFE}
FF - Ext: XULRunner: {5D19F6DC-A402-47CE-A144-44F3BF526335} - c:\users\Administrator\AppData\Local\{5D19F6DC-A402-47CE-A144-44F3BF526335}
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-24 15:13
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-24 15:16:38
ComboFix-quarantined-files.txt 2011-12-24 20:16
ComboFix2.txt 2011-12-24 04:23
ComboFix3.txt 2011-12-03 23:34
ComboFix4.txt 2011-10-04 18:44
ComboFix5.txt 2011-12-24 09:23
.
Pre-Run: 22,215,770,112 bytes free
Post-Run: 22,181,732,352 bytes free
.
- - End Of File - - A42F2A62AF940C6BFA9711B555786A79

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434346 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

• If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  
• A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
  
  • Please do this even if you have previously posted logs for us.
    
  • If you were unable to produce the logs originally please try once more.
    
  • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    
  • If you are unsure about any of these characteristics just post what you can and we will guide you.
  
  
• Please tell us if you have your original Windows CD/DVD available.
  
• Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

• Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  
• Notepad will open with the results.
  
• Follow the instructions that pop up for posting the results.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:



As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

sorry for the delay. the holiday season is just now winding down for my family lol.

also both mentioned programs will not complete their function on my laptop. dds continuously gets about halfway through the scan, and then locks down and i have to re-start. gmer also did the same thing and then gave me a blue screen and a subsequent restart also.

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

• Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  
  
  
• Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  
  
  
• Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


The problem is visible but unless you know what to look for Combofix isn't going to fix it automatically. Your copy is now out of date.


Please uninstall Combofix

Uninstall ComboFix

Remove Combofix now that we're done with it.

• Disable any realtime antivirus or antispyware programs.
  
• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  
• Please follow the prompts to uninstall Combofix.
  
• You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything associated with it.


Now follow the instructions to redownload and run

Please download ComboFix from one of these locations:

• Bleepingcomputer
  
• ForoSpyware

* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe

• Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Comfix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.