Debugger detected [97]

[Blade81]

Hi,

Haven't heard any opinions but we can attempt one more thing.

• Double click on avenger.exe to run The Avenger.
• Click OK.
• Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
• Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
  
  Code:

  Files to replace with dummy:
  c:\windows\system32\certstore.dat

• In the avenger window, click the Paste Script from Clipboard, button.
• Click the Execute button.
• You will be asked Are you sure you want to execute the current script?.
• Click Yes.
• You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
• Click Yes.
• Your PC will now be rebooted.
• Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
• If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
• After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
• Please post this log in your next reply.

[thegraz]

Here you go


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\certstore.dat" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

[Blade81]

That part went successfully. Now I have to know if the problem still returns.

[thegraz]

The file was replace and I rebooted. The file has not changed since the reboot about 6 hours ago. So I think the rename has stuck.

[Blade81]

Good. Let's uninstall ComboFix and OTL at this point

Now lets uninstall ComboFix:

• Click START then RUN
• Now copy-paste Combofix /u in the runbox and click OK

Next we remove some other used tools.

• Double-click OTL.exe.
• Click the CleanUp! button.
• Select Yes when the
  Begin cleanup Process?
  prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

How's the system running?

[thegraz]

Everything seems to be working like it should. I had to uninstall McAfee then reinstall it to get it to work. The .dat file still hasn't changed, so that is good. I don't see any errors when I restart, that is good, as well.

Just a few follow up questions, if you can.

I am going to use Spywarebot and Malwarebytes.

I am going to use McAfee for an antivirus and PC Tools for my firewall. I will turn off all other firewalls.

I have also installed SpywareBlaster; I think this is for Java.

Can you recommend anything else or do you know if there are any compatibility issues with any of these products?

Thanks again for your help

[Blade81]

I am going to use Spywarebot and Malwarebytes.

Hopefully you meant Spybot there

I am going to use McAfee for an antivirus and PC Tools for my firewall. I will turn off all other firewalls.

Ok.

I have also installed SpywareBlaster; I think this is for Java.

SpywareBlaster is designed to block malicious ActiveX controls from installing. SpywareBlaster tutorial can be found here.

Can you recommend anything else or do you know if there are any compatibility issues with any of these products?

Those should work well together

[thegraz]

Hopefully you meant Spybot there

LOL, yeah that is what I ment.

Thanks again for the help!!

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.