Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTML : Iframe - inf


  • This topic is locked This topic is locked
41 replies to this topic

#1 Daveinsk

Daveinsk

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 28 January 2012 - 05:12 PM

Hello Gracious Help,

I run XP Pro on a Pentium 4, 3ghz (Dell GX270).

3 days ago, I had my Firefox browser open, but had not used it or been at the puter for about 5 hours. When I sat down at the puter, there were perhaps 10 Avast warning pop-ups within about 15 mins - that said that it had blocked me from opening a malicious site. The trouble was, I was not trying to open any sites at this time. Two of the sites it specified were a beastiality site and a zoo site - neither of which I have ever been to.

Avast seemed to block my browser from opening these sites, but my question is - what was directing my browser to go to them in the first place? The Avast warning said that the virus (or malware) that it was protecting me from was HTML:Iframe-inf

A web search came up with a few complex suggestions on how to rid of fix this problem, but all were too complex for me to follow.

The hijacking or redirecting (or whatever it was) has not happened again since. I have had no further Avast warnings over the last 2 days. I first looked for help from the Avast website, and spoke to an IYogi support rep on the phone (whose number I got from the Avast website). He took remote control of my puter, checked my registry and said he could help if I bought a $186.00 support pkge (that provided support for 6 months). In retrospect, the "Help for Avast Free" phone number is just a marketing ploy to sell support packages. I just hope the guy did not add spyware or key loggers (or such) onto my system while he was in my puter. I am afraid to use my puter for any banking or secure sites until I am again sure that it is clean (from both the original problem, and the guy who took remote control of my puter).

Below are all of the logs that your "Prep to post" area requested. I followed all the Preparations steps as closely as I could. One problem: GMER ran the moment I opened it - before I could shut off IAT/EAT box (as instructed). This scan produced a very quick, short report. So I then unchecked the IAT/EAT box (as instructed) and ran a second scan. This scan took a long time and is very lengthy. I tried to include both scans, but I got a message that my post was too long and had to shorten it, so I did not submit the 2nd longer scan (when the IAT/EAT box was unchecked). Please ask me if you want this scan, and I will email it to you (or send it by any method you request).

Thank-you very much for any help that you can offer.

DDS Log


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Administrator at 12:38:00 on 2012-01-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1051 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.EXE
P:\Norton Ghost\Agent\VProTray.exe
P:\Adobe Acrobat 9\Acrobat\Acrotray.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
P:\Spybot\Spybot - Search & Destroy\TeaTimer.exe
P:\RingCentral\eXtreme Fax\RCHotKey.exe
C:\WINDOWS\system32\spoolsv.exe
P:\TClock\tclock.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
P:\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\ComObjects\update.exe
C:\WINDOWS\system32\dllhost.exe
P:\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Outlook Express\msimn.exe
P:\PaltalkScene\paltalk.exe
P:\Mozilla Firefox\firefox.exe
P:\Mozilla Firefox\plugin-container.exe
P:\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
P:\Defogger - disables CD Emulation programs\Defogger.exe
C:\Program Files\AVAST Software\Avast\defs\12012800\Sf.bin
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.shaw.ca/start/enCA
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - p:\spybot\spybot~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\16.0.912.77\npchrome_frame.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] p:\spybot\spybot - search & destroy\TeaTimer.exe
uRun: [RCHotKey] "p:\ringcentral\extreme fax\RCHotKey.exe"
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Norton Ghost 14.0] "p:\norton ghost\agent\VProTray.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "p:\adobe acrobat 9\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "p:\adobe acrobat 9\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TaskMngr] wscript.exe "c:\program files\common files\comobjects\data.js"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\shortc~1.lnk - p:\tclock\tclock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\config~1.lnk - p:\winfax pro\WTNSETUP.EXE
uPolicies-explorer: NoSMMyPictures = 01000000
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - p:\paltalkscene\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - p:\spybot\spybot~1\SDHelper.dll
Trusted Zone: skype.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
TCP: Interfaces\{254EB178-E9B7-4052-A4CD-E4F748B9E8D8} : DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\16.0.912.77\npchrome_frame.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {A213B520-C6C2-11d0-AF9D-008029E1027E} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\3nomuutp.default\
FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
FF - prefs.js: keyword.enabled - false
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\3nomuutp.default\extensions\{7e7165e2-0767-448c-852f-5fa8714f2c37}\components\PlainOldFavorites.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: p:\adobe acrobat 9\acrobat\browser\nppdf32.dll
FF - plugin: p:\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: p:\vlc media player\vlc\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-15 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-15 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-15 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-15 44768]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2008-4-14 5120]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-11-13 4408616]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-11-13 112936]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-12 30576]
R3 SymSnapService;SymSnapService;p:\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1558000]
S0 cerc6;cerc6; [x]
S2 BulkUsb;USB Scanner;c:\windows\system32\drivers\usbscan.sys [2010-2-25 15104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-8 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-8 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-16 03:29:03 175616 ----a-w- c:\windows\system32\unrar.dll
2012-01-16 02:50:03 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-16 02:49:40 41184 ----a-w- c:\windows\avastSS.scr
2012-01-16 02:49:23 -------- d-----w- c:\program files\AVAST Software
2012-01-15 23:57:50 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AMozilla
2012-01-15 23:57:30 -------- d-----w- c:\documents and settings\administrator\application data\AMozilla
2012-01-15 23:57:25 -------- d-----w- c:\program files\common files\ComObjects
.
==================== Find3M ====================
.
2012-01-27 22:05:32 196608 ----a-w- c:\windows\system32\drivers\nAsmedia.bin
2012-01-14 02:59:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-05 18:58:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-05 18:58:35 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
.
============= FINISH: 12:42:16.46 ===============



GMER - ark.txt (Auto run - before the AIT/EAT box could be unchecked)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-28 14:33:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 HDS728040PLA320 rev.PF1OA63A
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xABF6EBDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xABF6EA45]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xABFEB7A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----



Please contact me for any further info or scans you may desire.

A gracious thank-you in advance, for any explanation of why my browser was trying to take me to malicious websites (that Avast blocked), when it had been open for hours (perhaps with some tabs open), but I hadn't used it for hours.

Thank you also for any help that you may be able to offer to ensure there is no malware that is causing this problem, that may still be on my system.

Lastly,if you could check to see that my system is secure to do banking and visit other secure sites (without compromising privacy or passwords - after the IYogi rep had remote control) - that would also be greatly appreciated.


Dave in Sask.

BC AdBot (Login to Remove)

 


#2 Daveinsk

Daveinsk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 28 January 2012 - 08:07 PM

Hello again,

Today I had the same problem again. When Avast kept giving me warnings and notifications that it has protected me from going onto malicious websites (even when I wasn't surfing), I pushed "More Info" button on the Avast pop-up, which took me to the Avast webpages that explained more about the infection (and attempted browser hijackings or re-direction, or whatever it is).

I did this for two Avast warning pop-ups (that tried to take me to two different malicious sites). Below are the URL's to the two Avast webpages that opened, when I clicked the "more info" button on the warning pop-up:

hxxp://www.avast.com/en-ca/lp-security-information-fp2?p_ext=0&utm_campaign=Virus_alert&utm_source=prg_fav_60_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ca%2Fvirus-alert-challenger2&p_vir=html:Iframe-inf&p_prc=file://C:\Program%20Files\Common%20Files\ComObjects\update.exe&p_obj=http://www.allzoomovies.com/?x=4302&p_var=.%2Ffa%2Fen-ca%2Fvirus-alert-default2&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=162&p_lng=en&p_lid=en-ca&p_elm=7&p_vbd=1367


hxxp://www.avast.com/en-ca/lp-security-information-fp2?p_ext=0&utm_campaign=Virus_alert&utm_source=prg_fav_60_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ca%2Fvirus-alert-challenger2&p_vir=html:Iframe-inf&p_prc=file://C:\Program%20Files\Common%20Files\ComObjects\update.exe&p_obj=http://www.animalsexmania.net/?x=9171.5825.7884.4683&p_var=.%2Ffa%2Fen-ca%2Fvirus-alert-default2&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=162&p_lng=en&p_lid=en-ca&p_elm=7&p_vbd=1367


Note that the first hijack or re-direct (or whatever) attempt tried to take my browser to allzoomovies.com, which is in the first (Avast website) URL above. The second attempt was to take my browser to www.animalsexmania.net The Avast pop-up popped up perhaps 10 times over a few mins, but it seemed to always be trying to take my browser to one of these two sites.


In addition, I saved the above two web pages in .htm format, and have attached them to this post. If they will open for you, you will see virtually the same pages that I saw when I went to these (Avast info) pages.

Hope this helps, and thanks again,

Daveinsk

Attached Files


Edited by Budapest, 29 January 2012 - 05:43 PM.
Disabled links


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 31 January 2012 - 01:05 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Daveinsk

Daveinsk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 31 January 2012 - 07:28 PM

Hello Gringo,

TY for your offer and efforts to help.

I shut off my Windows Firewall, Avast and Tea timer, and ran Combo fix. The Log is cut and pasted below.

Since my previous post, I was consulted by a Tech who works for my ISP provider. He thought the problem was narrowed down to a script, likely part of an updater - but he wasn't sure if it was part of Firefox or not. He could find nothing using HiJT, TDSSkiller, Virus total, Hitmanpro, and Processexplorer. He didn't think Combofix would help. He didn't fix the problem, but suggested more drastic measures to get rid of it (such as deleting Firefox and all of its add-ons - which which be a lot of work to re-install). Before reading your post (as per his suggestion), I set IE as my default browser (instead of Firefox), to see if that stopped the problem, or changed the Avast warnings. Hopefully any changes in the Avast warning may help determine whether the Firefox updater is responsible.

Since my last post, I have also noticed that the Avast malicious website warning and block were occurring whether or not I had any browser on.

I will not be able to tell if the problem is fixed for at least a few days, as the pop-ups sometimes occured multiple times with a few mins, but other times my machine could go for days without any Avast pop-up warnings. There were no other apparent problems.

Here is the Combofix Report

ComboFix 12-01-30.02 - Administrator 01/31/2012 17:43:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1202 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\GoToAssistDownloadHelper.exe
c:\documents and settings\Administrator\Start Menu\Programs\Startup\Shortcut to tclock.exe.lnk
c:\documents and settings\Administrator\WINDOWS
c:\windows\system32\SET1F8.tmp
c:\windows\system32\SET213.tmp
c:\windows\system32\SET215.tmp
c:\windows\system32\SET223.tmp
c:\windows\system32\SET240.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 19:42 . 2012-01-31 19:42 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-31 19:41 . 2012-01-31 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-01-31 19:18 . 2012-01-31 19:18 -------- d-----w- c:\program files\Citrix
2012-01-31 19:18 . 2012-01-31 19:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Citrix
2012-01-16 03:45 . 2012-01-29 06:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2012-01-16 03:29 . 2011-03-02 11:43 175616 ----a-w- c:\windows\system32\unrar.dll
2012-01-16 02:50 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-16 02:50 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-16 02:50 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-16 02:50 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-16 02:50 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-16 02:50 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-01-16 02:50 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-01-16 02:50 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-01-16 02:49 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-16 02:49 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-16 02:49 . 2012-01-16 02:49 -------- d-----w- c:\program files\AVAST Software
2012-01-15 23:57 . 2012-01-15 23:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AMozilla
2012-01-15 23:57 . 2012-01-15 23:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\AMozilla
2012-01-15 23:57 . 2012-01-15 23:57 -------- d-----w- c:\program files\Common Files\ComObjects
2012-01-14 02:43 . 2012-01-22 04:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 22:05 . 2010-12-09 23:55 196608 ----a-w- c:\windows\system32\drivers\nAsmedia.bin
2012-01-14 02:59 . 2011-05-13 01:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:24 . 2009-11-22 06:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-05 18:58 . 2011-11-05 18:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-05 18:58 . 2010-08-06 02:35 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-11-04 19:20 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-14 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-14 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCHotKey"="p:\ringcentral\eXtreme Fax\RCHotKey.exe" [2010-11-23 38144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976]
"Norton Ghost 14.0"="p:\norton ghost\Agent\VProTray.exe" [2008-12-11 2245992]
"Adobe Acrobat Speed Launcher"="p:\adobe acrobat 9\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="p:\adobe acrobat 9\Acrobat\Acrotray.exe" [2009-10-03 640376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TaskMngr"="wscript.exe" [2008-05-08 155648]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Configuration Wizard.lnk - p:\winfax pro\WTNSETUP.EXE [N/A]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 01000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-01-31 19:18 13672 ----a-w- c:\program files\Citrix\GoToAssist\607\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Wallpaper Changer.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Wallpaper Changer.lnk
backup=c:\windows\pss\Wallpaper Changer.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Action Manager 32.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Action Manager 32.lnk
backup=c:\windows\pss\Action Manager 32.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft AutoScreenRecorder 3.1 Free]
0 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
2009-06-05 09:46 1187840 ----a-w- c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
2009-05-13 17:12 380928 ----a-w- c:\program files\ASUS\GamerOSD\GamerOSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 17:13 152872 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-08 22:51 136176 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-08-27 21:59 135536 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 14:27 570664 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"p:\\CCleaner\\WebFerret.exe"=
"p:\\WebFerret\\WebFerret.exe"=
"p:\\PaltalkScene\\paltalk.exe"=
"p:\\UTorrent\\uTorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\ASUS\\GamerOSD\\SBS.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"p:\\RingCentral\\eXtreme Fax\\RCUI.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System TCP/IP Port
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/15/2012 8:50 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/15/2012 8:50 PM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/15/2012 8:50 PM 20568]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [4/14/2008 6:00 AM 5120]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11/13/2010 8:24 PM 4408616]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [11/13/2010 8:25 PM 112936]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/12/2010 11:01 AM 30576]
R3 SymSnapService;SymSnapService;p:\norton ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1558000]
S0 cerc6;cerc6; [x]
S2 BulkUsb;USB Scanner;c:\windows\system32\drivers\usbscan.sys [2/25/2010 8:10 PM 15104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2011 4:51 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2011 4:51 PM 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24975269
*NewlyCreated* - GOTOASSIST
*NewlyCreated* - PROCEXP151
*Deregistered* - 24975269
*Deregistered* - PROCEXP151
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 22:51]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 22:51]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-1606980848-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-08 22:51]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-1606980848-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-08 22:51]
.
2012-01-14 c:\windows\Tasks\switchSevenDays.job
- c:\program files\NCH Software\Switch\switch.exe [2012-01-14 06:20]
.
2012-01-14 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Software\Switch\switch.exe [2012-01-14 06:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.shaw.ca/start/enCA
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: skype.com
TCP: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3nomuutp.default\
FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
FF - prefs.js: keyword.enabled - false
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{A213B520-C6C2-11d0-AF9D-008029E1027E} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-31 17:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-854245398-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,e9,b8,57,88,e5,4b,47,82,31,07,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,e9,b8,57,88,e5,4b,47,82,31,07,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-01-31 17:59:48
ComboFix-quarantined-files.txt 2012-01-31 23:59
.
Pre-Run: 21,011,513,344 bytes free
Post-Run: 21,013,684,224 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 494F604B2D05CC7381CD9335B0CDDB20

Thank-you Gringo, for any further help or insights that you may be able to offer.

- Dave in Sask.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 31 January 2012 - 07:33 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Daveinsk

Daveinsk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 31 January 2012 - 07:57 PM

Hello Gringo,

As per your request, I downloaded and ran TDSSKiller - (after shutting off the Windows Firewall, Avast and Tea-timer again).

The summarized report was: Found: 0 threats, Neutralized: 0 threats, and Quarantined: 0 Objects.

The detailed log is presented below:

18:45:36.0781 0236 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
18:45:37.0359 0236 ============================================================
18:45:37.0359 0236 Current date / time: 2012/01/31 18:45:37.0359
18:45:37.0359 0236 SystemInfo:
18:45:37.0359 0236
18:45:37.0359 0236 OS Version: 5.1.2600 ServicePack: 3.0
18:45:37.0359 0236 Product type: Workstation
18:45:37.0359 0236 ComputerName: DELL1
18:45:37.0359 0236 UserName: Administrator
18:45:37.0359 0236 Windows directory: C:\WINDOWS
18:45:37.0359 0236 System windows directory: C:\WINDOWS
18:45:37.0359 0236 Processor architecture: Intel x86
18:45:37.0359 0236 Number of processors: 2
18:45:37.0359 0236 Page size: 0x1000
18:45:37.0359 0236 Boot type: Normal boot
18:45:37.0359 0236 ============================================================
18:45:39.0250 0236 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:45:39.0265 0236 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:45:39.0265 0236 \Device\Harddisk0\DR0:
18:45:39.0265 0236 MBR used
18:45:39.0265 0236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3DAE6FB
18:45:39.0265 0236 \Device\Harddisk1\DR1:
18:45:39.0265 0236 MBR used
18:45:39.0265 0236 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x7FF54B
18:45:39.0281 0236 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x80348A, BlocksNum 0xBFF010
18:45:39.0296 0236 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x14024D9, BlocksNum 0x13FE59A
18:45:39.0296 0236 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x2800AB2, BlocksNum 0x3BFF00D
18:45:39.0312 0236 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x63FFAFE, BlocksNum 0x7B8FE02
18:45:39.0484 0236 Initialize success
18:45:39.0484 0236 ============================================================
18:45:42.0953 1284 ============================================================
18:45:42.0953 1284 Scan started
18:45:42.0953 1284 Mode: Manual;
18:45:42.0953 1284 ============================================================
18:45:44.0343 1284 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:45:44.0343 1284 Aavmker4 - ok
18:45:44.0640 1284 Abiosdsk - ok
18:45:44.0984 1284 abp480n5 - ok
18:45:45.0453 1284 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:45:45.0531 1284 ACPI - ok
18:45:45.0812 1284 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:45:45.0812 1284 ACPIEC - ok
18:45:46.0140 1284 adpu160m - ok
18:45:46.0453 1284 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
18:45:46.0468 1284 aeaudio - ok
18:45:46.0828 1284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:45:46.0890 1284 aec - ok
18:45:47.0218 1284 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:45:47.0265 1284 AFD - ok
18:45:47.0734 1284 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:45:47.0750 1284 agp440 - ok
18:45:48.0140 1284 Aha154x - ok
18:45:48.0437 1284 aic78u2 - ok
18:45:48.0703 1284 aic78xx - ok
18:45:49.0062 1284 AliIde - ok
18:45:49.0328 1284 amsint - ok
18:45:49.0578 1284 asc - ok
18:45:49.0875 1284 asc3350p - ok
18:45:50.0125 1284 asc3550 - ok
18:45:50.0437 1284 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys
18:45:50.0437 1284 asusgsb - ok
18:45:50.0750 1284 asuskbnt (b3b881eb81013aac11594a5400ada47a) C:\WINDOWS\system32\drivers\atkkbnt.sys
18:45:50.0750 1284 asuskbnt - ok
18:45:51.0125 1284 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:45:51.0125 1284 aswFsBlk - ok
18:45:51.0468 1284 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
18:45:51.0468 1284 aswMon2 - ok
18:45:51.0796 1284 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
18:45:51.0796 1284 aswRdr - ok
18:45:52.0265 1284 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
18:45:52.0265 1284 aswSnx - ok
18:45:52.0671 1284 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
18:45:52.0671 1284 aswSP - ok
18:45:53.0109 1284 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
18:45:53.0109 1284 aswTdi - ok
18:45:53.0406 1284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:45:53.0406 1284 AsyncMac - ok
18:45:53.0718 1284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:45:53.0718 1284 atapi - ok
18:45:54.0062 1284 Atdisk - ok
18:45:55.0750 1284 ati2mtag (2f24aff9e8409821aafa005d3706b583) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:45:55.0781 1284 ati2mtag - ok
18:45:56.0140 1284 AtiHdmiService (1e82f05cff41316bcaa513909d99a004) C:\WINDOWS\system32\drivers\AtiHdmi.sys
18:45:56.0156 1284 AtiHdmiService - ok
18:45:56.0468 1284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:45:56.0468 1284 Atmarpc - ok
18:45:56.0765 1284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:45:56.0765 1284 audstub - ok
18:45:57.0125 1284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:45:57.0125 1284 Beep - ok
18:45:57.0406 1284 BulkUsb (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:45:57.0406 1284 BulkUsb - ok
18:45:57.0515 1284 catchme - ok
18:45:57.0828 1284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:45:57.0828 1284 cbidf2k - ok
18:45:58.0140 1284 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:45:58.0140 1284 CCDECODE - ok
18:45:58.0390 1284 cd20xrnt - ok
18:45:58.0687 1284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:45:58.0687 1284 Cdaudio - ok
18:45:59.0000 1284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:45:59.0000 1284 Cdfs - ok
18:45:59.0390 1284 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:45:59.0421 1284 Cdrom - ok
18:45:59.0671 1284 cerc6 - ok
18:45:59.0968 1284 Changer - ok
18:46:00.0281 1284 CmdIde - ok
18:46:00.0546 1284 Cpqarray - ok
18:46:00.0796 1284 dac2w2k - ok
18:46:01.0062 1284 dac960nt - ok
18:46:01.0359 1284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:46:01.0359 1284 Disk - ok
18:46:01.0734 1284 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:46:01.0812 1284 dmboot - ok
18:46:02.0140 1284 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:46:02.0171 1284 dmio - ok
18:46:02.0484 1284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:46:02.0484 1284 dmload - ok
18:46:02.0781 1284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:46:02.0781 1284 DMusic - ok
18:46:03.0078 1284 dpti2o - ok
18:46:03.0406 1284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:46:03.0406 1284 drmkaud - ok
18:46:03.0750 1284 E1000 (d94437e7ee086677b266099f695cdea1) C:\WINDOWS\system32\DRIVERS\e1000325.sys
18:46:03.0781 1284 E1000 - ok
18:46:04.0078 1284 EIO_XP (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO_XP.sys
18:46:04.0078 1284 EIO_XP - ok
18:46:04.0500 1284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:46:04.0546 1284 Fastfat - ok
18:46:05.0093 1284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:46:05.0093 1284 Fdc - ok
18:46:05.0437 1284 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:46:05.0437 1284 Fips - ok
18:46:05.0750 1284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:46:05.0750 1284 Flpydisk - ok
18:46:06.0093 1284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:46:06.0109 1284 FltMgr - ok
18:46:06.0421 1284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:46:06.0437 1284 Fs_Rec - ok
18:46:06.0734 1284 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:46:06.0734 1284 Ftdisk - ok
18:46:07.0046 1284 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:46:07.0046 1284 GEARAspiWDM - ok
18:46:07.0343 1284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:46:07.0343 1284 Gpc - ok
18:46:07.0687 1284 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:46:07.0687 1284 HDAudBus - ok
18:46:08.0046 1284 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:46:08.0046 1284 hidusb - ok
18:46:08.0312 1284 hpn - ok
18:46:08.0593 1284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:46:08.0703 1284 HTTP - ok
18:46:09.0015 1284 i2omgmt - ok
18:46:09.0234 1284 i2omp - ok
18:46:09.0484 1284 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:46:09.0484 1284 i8042prt - ok
18:46:09.0968 1284 ialm (3ca41cdb9c912aed354b0c7abe4a4654) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:46:10.0140 1284 ialm - ok
18:46:10.0453 1284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:46:10.0453 1284 Imapi - ok
18:46:10.0718 1284 ini910u - ok
18:46:11.0062 1284 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:46:11.0062 1284 IntelIde - ok
18:46:11.0375 1284 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:46:11.0375 1284 intelppm - ok
18:46:11.0687 1284 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:46:11.0687 1284 Ip6Fw - ok
18:46:12.0015 1284 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:46:12.0015 1284 IpFilterDriver - ok
18:46:12.0328 1284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:46:12.0328 1284 IpInIp - ok
18:46:12.0640 1284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:46:12.0671 1284 IpNat - ok
18:46:13.0031 1284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:46:13.0031 1284 IPSec - ok
18:46:13.0296 1284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:46:13.0312 1284 IRENUM - ok
18:46:13.0609 1284 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:46:13.0609 1284 isapnp - ok
18:46:13.0937 1284 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:46:13.0953 1284 Kbdclass - ok
18:46:14.0250 1284 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:46:14.0250 1284 kbdhid - ok
18:46:14.0593 1284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:46:14.0625 1284 kmixer - ok
18:46:15.0000 1284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:46:15.0015 1284 KSecDD - ok
18:46:15.0281 1284 lbrtfdc - ok
18:46:15.0578 1284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:46:15.0578 1284 mnmdd - ok
18:46:15.0859 1284 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:46:15.0875 1284 Modem - ok
18:46:16.0156 1284 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:46:16.0156 1284 MODEMCSA - ok
18:46:16.0531 1284 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:46:16.0531 1284 Mouclass - ok
18:46:16.0843 1284 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:46:16.0859 1284 mouhid - ok
18:46:17.0171 1284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:46:17.0171 1284 MountMgr - ok
18:46:17.0437 1284 mraid35x - ok
18:46:17.0750 1284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:46:17.0796 1284 MRxDAV - ok
18:46:18.0281 1284 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:46:18.0406 1284 MRxSmb - ok
18:46:18.0734 1284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:46:18.0734 1284 Msfs - ok
18:46:19.0140 1284 MSHUSBVideo (0a8f9c579c14a9364af84eb7106ceae5) C:\WINDOWS\system32\Drivers\nx6000.sys
18:46:19.0156 1284 MSHUSBVideo - ok
18:46:19.0453 1284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:46:19.0453 1284 MSKSSRV - ok
18:46:19.0750 1284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:46:19.0750 1284 MSPCLOCK - ok
18:46:20.0046 1284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:46:20.0062 1284 MSPQM - ok
18:46:20.0421 1284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:46:20.0421 1284 mssmbios - ok
18:46:20.0718 1284 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:46:20.0718 1284 MSTEE - ok
18:46:21.0093 1284 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:46:21.0109 1284 Mup - ok
18:46:21.0484 1284 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:46:21.0484 1284 NABTSFEC - ok
18:46:21.0906 1284 NCHSSVAD (e78ce4b8e70ccc1a6e63008c3660867c) C:\WINDOWS\system32\drivers\nchssvad.sys
18:46:21.0906 1284 NCHSSVAD - ok
18:46:22.0250 1284 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:46:22.0296 1284 NDIS - ok
18:46:22.0593 1284 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:46:22.0593 1284 NdisIP - ok
18:46:22.0890 1284 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:46:22.0890 1284 NdisTapi - ok
18:46:23.0203 1284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:46:23.0203 1284 Ndisuio - ok
18:46:23.0531 1284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:46:23.0546 1284 NdisWan - ok
18:46:23.0859 1284 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:46:23.0859 1284 NDProxy - ok
18:46:24.0171 1284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:46:24.0187 1284 NetBIOS - ok
18:46:24.0531 1284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:46:24.0562 1284 NetBT - ok
18:46:24.0906 1284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:46:24.0906 1284 Npfs - ok
18:46:25.0375 1284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:46:25.0546 1284 Ntfs - ok
18:46:25.0843 1284 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
18:46:25.0843 1284 NuidFltr - ok
18:46:26.0156 1284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:46:26.0156 1284 Null - ok
18:46:26.0437 1284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:46:26.0453 1284 NwlnkFlt - ok
18:46:26.0750 1284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:46:26.0750 1284 NwlnkFwd - ok
18:46:27.0093 1284 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:46:27.0093 1284 Parport - ok
18:46:27.0406 1284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:46:27.0406 1284 PartMgr - ok
18:46:27.0718 1284 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:46:27.0718 1284 ParVdm - ok
18:46:28.0109 1284 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:46:28.0109 1284 PCI - ok
18:46:28.0375 1284 PCIDump - ok
18:46:28.0703 1284 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:46:28.0703 1284 PCIIde - ok
18:46:29.0078 1284 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:46:29.0093 1284 Pcmcia - ok
18:46:29.0359 1284 PDCOMP - ok
18:46:29.0593 1284 PDFRAME - ok
18:46:29.0781 1284 PDRELI - ok
18:46:29.0968 1284 PDRFRAME - ok
18:46:30.0171 1284 perc2 - ok
18:46:30.0359 1284 perc2hib - ok
18:46:30.0718 1284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:46:30.0718 1284 PptpMiniport - ok
18:46:31.0015 1284 PROCEXP151 - ok
18:46:31.0312 1284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:46:31.0312 1284 PSched - ok
18:46:31.0625 1284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:46:31.0640 1284 Ptilink - ok
18:46:31.0875 1284 ql1080 - ok
18:46:32.0125 1284 Ql10wnt - ok
18:46:32.0390 1284 ql12160 - ok
18:46:32.0640 1284 ql1240 - ok
18:46:32.0921 1284 ql1280 - ok
18:46:33.0171 1284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:46:33.0171 1284 RasAcd - ok
18:46:33.0500 1284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:46:33.0500 1284 Rasl2tp - ok
18:46:33.0828 1284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:46:33.0828 1284 RasPppoe - ok
18:46:34.0171 1284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:46:34.0171 1284 Raspti - ok
18:46:34.0484 1284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:46:34.0531 1284 Rdbss - ok
18:46:34.0843 1284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:46:34.0843 1284 RDPCDD - ok
18:46:35.0234 1284 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:46:35.0281 1284 rdpdr - ok
18:46:35.0671 1284 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:46:35.0703 1284 RDPWD - ok
18:46:36.0062 1284 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:46:36.0062 1284 redbook - ok
18:46:36.0375 1284 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
18:46:36.0375 1284 ROOTMODEM - ok
18:46:36.0687 1284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:46:36.0687 1284 Secdrv - ok
18:46:37.0015 1284 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:46:37.0015 1284 serenum - ok
18:46:37.0312 1284 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:46:37.0312 1284 Serial - ok
18:46:37.0656 1284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:46:37.0656 1284 Sfloppy - ok
18:46:37.0984 1284 Simbad - ok
18:46:38.0328 1284 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:46:38.0328 1284 SLIP - ok
18:46:38.0953 1284 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
18:46:39.0078 1284 smwdm - ok
18:46:39.0343 1284 Sparrow - ok
18:46:39.0656 1284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:46:39.0656 1284 splitter - ok
18:46:40.0000 1284 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:46:40.0015 1284 sr - ok
18:46:40.0437 1284 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:46:40.0531 1284 Srv - ok
18:46:40.0812 1284 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:46:40.0812 1284 streamip - ok
18:46:41.0125 1284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:46:41.0125 1284 swenum - ok
18:46:41.0437 1284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:46:41.0437 1284 swmidi - ok
18:46:41.0718 1284 symc810 - ok
18:46:42.0015 1284 symc8xx - ok
18:46:42.0343 1284 symsnap (4b016fa3594b04506b9246d8e3eb0b66) C:\WINDOWS\system32\DRIVERS\symsnap.sys
18:46:42.0359 1284 symsnap - ok
18:46:42.0609 1284 sym_hi - ok
18:46:42.0875 1284 sym_u3 - ok
18:46:43.0156 1284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:46:43.0156 1284 sysaudio - ok
18:46:43.0546 1284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:46:43.0687 1284 Tcpip - ok
18:46:44.0062 1284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:46:44.0062 1284 TDPIPE - ok
18:46:44.0343 1284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:46:44.0343 1284 TDTCP - ok
18:46:44.0687 1284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:46:44.0687 1284 TermDD - ok
18:46:45.0000 1284 TosIde - ok
18:46:45.0328 1284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:46:45.0328 1284 Udfs - ok
18:46:45.0640 1284 ultra - ok
18:46:46.0109 1284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:46:46.0234 1284 Update - ok
18:46:46.0562 1284 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:46:46.0562 1284 usbaudio - ok
18:46:46.0875 1284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:46:46.0890 1284 usbccgp - ok
18:46:47.0187 1284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:46:47.0187 1284 usbehci - ok
18:46:47.0515 1284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:46:47.0515 1284 usbhub - ok
18:46:47.0812 1284 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:46:47.0812 1284 USBSTOR - ok
18:46:48.0125 1284 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:46:48.0125 1284 usbuhci - ok
18:46:48.0453 1284 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
18:46:48.0468 1284 usbvideo - ok
18:46:48.0781 1284 v2imount (1747e022b76bc248795b0aedecccf96f) C:\WINDOWS\system32\DRIVERS\v2imount.sys
18:46:48.0781 1284 v2imount - ok
18:46:49.0125 1284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:46:49.0140 1284 VgaSave - ok
18:46:49.0390 1284 ViaIde - ok
18:46:49.0609 1284 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) C:\WINDOWS\system32\Drivers\Video3D32.sys
18:46:49.0609 1284 Video3D - ok
18:46:49.0906 1284 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:46:49.0906 1284 VolSnap - ok
18:46:50.0187 1284 VProEventMonitor (e78781b2c86c92a0a738df566460f716) C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys
18:46:50.0203 1284 VProEventMonitor - ok
18:46:50.0656 1284 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
18:46:50.0656 1284 wacommousefilter - ok
18:46:50.0984 1284 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
18:46:50.0984 1284 wacomvhid - ok
18:46:51.0296 1284 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
18:46:51.0296 1284 WacomVKHid - ok
18:46:51.0609 1284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:46:51.0609 1284 Wanarp - ok
18:46:52.0015 1284 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:46:52.0015 1284 Wdf01000 - ok
18:46:52.0281 1284 WDICA - ok
18:46:52.0609 1284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:46:52.0609 1284 wdmaud - ok
18:46:52.0937 1284 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
18:46:52.0953 1284 WimFltr - ok
18:46:53.0281 1284 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:46:53.0281 1284 WS2IFSL - ok
18:46:53.0578 1284 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:46:53.0578 1284 WSTCODEC - ok
18:46:53.0890 1284 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:46:53.0890 1284 WudfPf - ok
18:46:54.0187 1284 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:46:54.0203 1284 WudfRd - ok
18:46:54.0234 1284 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:46:54.0468 1284 \Device\Harddisk0\DR0 - ok
18:46:54.0484 1284 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:46:54.0484 1284 \Device\Harddisk1\DR1 - ok
18:46:54.0500 1284 Boot (0x1200) (15a5d25c3dc584341083c1fdcf7d8db7) \Device\Harddisk0\DR0\Partition0
18:46:54.0500 1284 \Device\Harddisk0\DR0\Partition0 - ok
18:46:54.0515 1284 Boot (0x1200) (b88f8b45dc9485986e2af3430ed814c9) \Device\Harddisk1\DR1\Partition0
18:46:54.0515 1284 \Device\Harddisk1\DR1\Partition0 - ok
18:46:54.0531 1284 Boot (0x1200) (a277dbbc2b295e235766f8b20a236db7) \Device\Harddisk1\DR1\Partition1
18:46:54.0546 1284 \Device\Harddisk1\DR1\Partition1 - ok
18:46:54.0546 1284 Boot (0x1200) (71f52df572577ce6691e5a713eccb14b) \Device\Harddisk1\DR1\Partition2
18:46:54.0546 1284 \Device\Harddisk1\DR1\Partition2 - ok
18:46:54.0562 1284 Boot (0x1200) (2cdf0ddd3904e56d755a4a79d700dc0a) \Device\Harddisk1\DR1\Partition3
18:46:54.0562 1284 \Device\Harddisk1\DR1\Partition3 - ok
18:46:54.0578 1284 Boot (0x1200) (d571f79692b79663d1ad29dc6f2a3745) \Device\Harddisk1\DR1\Partition4
18:46:54.0578 1284 \Device\Harddisk1\DR1\Partition4 - ok
18:46:54.0578 1284 ============================================================
18:46:54.0578 1284 Scan finished
18:46:54.0578 1284 ============================================================
18:46:54.0593 2060 Detected object count: 0
18:46:54.0593 2060 Actual detected object count: 0


Thank-you again for any help or insights you might provide.

PS. I have noticed that my computer seems to be opening programs a little slower now, after running Combofix.

- Dave

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 31 January 2012 - 08:11 PM

Hello

Lets run one more just to make sure nothing is hiding

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Daveinsk

Daveinsk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 31 January 2012 - 09:03 PM

Hello Gringo,

Here is the scan you requested.

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-31 19:38:16
-----------------------------
19:38:16.640 OS Version: Windows 5.1.2600 Service Pack 3
19:38:16.640 Number of processors: 2 586 0x304
19:38:16.640 ComputerName: DELL1 UserName:
19:38:17.140 Initialize success
19:38:17.203 AVAST engine defs: 12013101
19:38:22.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
19:38:22.312 Disk 0 Vendor: HDS728040PLA320 PF1OA63A Size: 38146MB BusType: 3
19:38:22.312 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-22
19:38:22.312 Disk 1 Vendor: ST3120026AS 3.18 Size: 114473MB BusType: 3
19:38:22.328 Disk 0 MBR read successfully
19:38:22.328 Disk 0 MBR scan
19:38:22.343 Disk 0 Windows XP default MBR code
19:38:22.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 31580 MB offset 63
19:38:22.359 Disk 0 scanning sectors +64677690
19:38:22.421 Disk 0 scanning C:\WINDOWS\system32\drivers
19:38:39.593 Service scanning
19:38:42.234 Modules scanning
19:39:10.656 Disk 0 trace - called modules:
19:39:10.687 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
19:39:10.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b85ab8]
19:39:10.687 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x89c07d98]
19:39:11.265 AVAST engine scan C:\WINDOWS
19:39:20.843 AVAST engine scan C:\WINDOWS\system32
19:44:33.937 AVAST engine scan C:\WINDOWS\system32\drivers
19:44:57.078 AVAST engine scan C:\Documents and Settings\Administrator
19:48:44.531 AVAST engine scan C:\Documents and Settings\All Users
19:49:28.656 Scan finished successfully
19:57:43.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
19:57:43.125 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\12 01 31 aswMBR.txt"


Thank-you again for any help or insights,

- Dave

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 31 January 2012 - 09:11 PM

Hello

Those reports are coming back clean how is the computer doing so far


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Daveinsk

Daveinsk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 31 January 2012 - 09:28 PM

Gringo,

The computer is opening programs a little slower, and I lost my extended clock with date (an add on) )on the task bar when I ran the combo-fix, but otherwise, it seems OK so far.

In numerous scans before yours (some of which I posted above in my first reply to you) - the same thing - nothing was found. The ISP consultant suggested that it may be something embedded in an updates script. The Avast warning and blocker eventually suggested a specific file - C:Programs:Common: Firefox updater.exe, but scans of that file with Avast, Spybot and Malwarebytes (and others) - all showed nothing. However, the problem persisted after these scans, but it occurs intermittently, so it may take a few days to know whether the problem was addressed. However, since we found nothing, I presume it is probably still lurking.

Internet posts from other users with a similar problem 10 months ago - suggested that Avast was causing a similar problem in its update at the time, but that it was rectified with the next Firefox update.

I have Norton Ghost on an external hard drive, but I don't know if it will work. But if you have no other suggestions, I think I will give it a try.

A gracious TY for all your efforts Gringo

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 31 January 2012 - 09:47 PM

Hello


send me the reports from the combofix script.


while we are working on the computer keep an eye on it and see how it behaves, Tclock can be reinstalled later




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Daveinsk

Daveinsk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 31 January 2012 - 09:51 PM

oops... My last reply was in response to your (first) sentence where you asked me how the computer was doing now. I just realized that there was another request to run Combofix again. I am doing that now, and will report the results soon.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 31 January 2012 - 09:57 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Daveinsk

Daveinsk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 31 January 2012 - 10:04 PM

Gringo,

The strangest thing just happened. I created and dragged the file you requested onto Combofix. It immediately began a scan - then told me that a new version of Combofix was available and asked if I wanted to download it? I said no. It proceeded with the scan, but a minute later a pop-up came up that asked; Were you trying to run CFScript? CFScript seems to be incorrectly spelled". There was only one option on this pop-up box - which was to click "OK". When I clicked the OK button, the pop-up box and the scan window both disappeared, so, I have no Combofix report.

Dave

#15 Daveinsk

Daveinsk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 31 January 2012 - 10:13 PM

Do you want me to try to run Combofix again?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users