Solved PC running slowly, I keep seeing iexplorer.exe twice I followed 5 steps

Status
Not open for further replies.

joe5446

Posts: 13   +0
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.13.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Joe :: KNOFF [administrator]

4/12/2012 9:51:23 PM
mbam-log-2012-04-12 (21-51-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212398
Time elapsed: 12 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 21
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolba...i=1579M&a=Vz7j8uVB7v93L8ikUpm3fg&n=2011111219 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 11
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Program Files\MyWebSearch\bar\History\search3 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-13 00:07:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JS-75NCB3 rev.10.02E04
Running: z0yzouq5.exe; Driver: C:\DOCUME~1\Joe\LOCALS~1\Temp\kxtdqpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6F4D360, 0x2456AE, 0xE8000020]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat B77BDD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Joe at 0:15:19 on 2012-04-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.182 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {575BDDF5-790A-4D01-A37D-2863DEC1C085} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [RunNarrator] Narrator.exe
IE: &Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-12-5 92592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 253600]
.
=============== Created Last 30 ================
.
2012-04-13 04:07:43 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8bd4e5d2-89a8-492f-8b59-6c504f46e8b8}\mpengine.dll
2012-04-13 01:49:57 -------- d-----w- c:\documents and settings\joe\application data\Malwarebytes
2012-04-13 01:49:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-13 01:49:41 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-13 01:49:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-03-30 13:14:35 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-18 17:35:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-03-18 17:35:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-18 17:35:33 -------- d-----w- c:\program files\Real Alternative
2012-03-18 17:34:49 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2012-03-18 17:34:43 -------- d-----w- c:\program files\ffdshow
2012-03-18 17:34:11 -------- d-----w- c:\program files\Free Media Player
.
==================== Find3M ====================
.
2012-03-30 13:14:35 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 0:15:49.96 ===============
 
Good Morning! The fact that you had MyWebSearch all over the system could be what's slowing you down.

Note: It is common to have more than one iexplore.exe when using IE8.

You have been using FunWebProducts site and their partner sites to get screensavers, cursor, wallpaper, Smileys and other 'cute' things to put on the system.

Please do the following first:
Uninstall the My Web Search option from Add/Remove Programs

1) Click on Start, Settings, Control Panel
2) Double click on Add/Remove Programs
3) Find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with FunWebProducts.

  • [*] My Web Search (Smiley Central or FWP product as applicable)
    [*] My Way Speedbar (Smiley Central or other FWP as applicable)
    [*] My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
    [*] My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
    [*] Search Assistant - My Way
    [*]FunWebProducts.

4) Reboot your Computer.
5) Right click on Start> Choose Explore.
6) My Computer> Local Drive (C)> double-click on the Program Files folder
7) ]Right-click and delete the folders for:

* FunWebProducts
* MyWebSearch

8) If you have FunWebProducts saved as a Bookmark or Favorite, delete it

Stay away from: Other FunWebProducts
Smiley Central
Cursor Mania
FunBuddyIcons
My Mail Stationery
My Mail Signature
My Mail Stamps
Popular Screensavers
Webfetti
============================================
WE need to see what else has made it's way into the system:

Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=======================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=======================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.

Please leave the logs for Combofix and Eset in your next reply.
 
tried following ur step, but...

I could not find any sign of "My Web Search" or simular programs in the Add/Remove Programs should I just try the program files folder instead??

Thanks.
 
sorry instuctions said not to post this log

It's confusing because the name of the log is Attach.txt and it clearly says not to post it. However, the added directions were:
** Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though, just paste it as you would any other log.

To add to the confusion, it also tells you that you don't have to zip it. Sorry- we can't change it in the program because it is put there by the program author> so go ahead and paste it in!
========================================
You can look and see if any of the MyWebSearch or FunWebSites program folder are still on the system> then do right click> Delete. Malwarebytes has removed the rest.
==========================================
Please go ahead with the Combofix and Eset scans. Include those logs and the Attach.txt logs in your next reply.
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/30/2010 3:14:45 PM
System Uptime: 4/12/2012 9:34:12 PM (3 hours ago)
.
Motherboard: Dell Inc | | 0UW457
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket M2 | 2004/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 133.704 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_01ED1028&REV_A3\3&2411E6FE&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_01ED1028&REV_A3\3&2411E6FE&0&51
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Athlon 64 Processor Driver
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Conexant D850 56K V.9x DFVc Modem
Dell Resource CD
ffdshow v1.1.3489 [2010-06-28]
FlipShare
Free Media Player 0.1
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
NVIDIA Drivers
Real Alternative 2.0.2 Lite
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Sonic Encoders
TomTom HOME 2.8.3.2458
TomTom HOME Visual Studio Merge Modules
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
4/9/2012 11:16:30 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.123.1397.0 Previous Signature Version: 1.123.1329.0 Update Source: Signature Update Folder Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8202.0 Previous Engine Version: 1.1.8202.0 Error code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
4/9/2012 11:16:30 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.123.1397.0 Previous Signature Version: 1.123.1329.0 Update Source: Signature Update Folder Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8202.0 Previous Engine Version: 1.1.8202.0 Error code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
4/9/2012 11:15:37 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.123.1397.0).
4/9/2012 11:14:54 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Microsoft Antimalware Service service, but this action failed with the following error: An instance of the service is already running.
4/9/2012 11:14:39 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
4/8/2012 7:49:39 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/8/2012 7:49:27 PM, error: Service Control Manager [7034] - The dlcf_device service terminated unexpectedly. It has done this 1 time(s).
4/8/2012 7:49:16 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/8/2012 7:48:56 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/8/2012 2:45:23 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
4/8/2012 10:59:07 AM, error: Service Control Manager [7034] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s).
4/8/2012 10:59:04 AM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
4/8/2012 10:58:59 AM, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
4/8/2012 10:05:05 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dlcf_device service to connect.
4/8/2012 10:05:05 PM, error: Service Control Manager [7000] - The dlcf_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/11/2012 4:14:59 PM, error: Print [6161] - The document https://www.lowes.com/webapp/wcs/stores/servlet/OrderOKView?sto owned by Esther failed to print on printer Dell Color Printer 725. Data type: LEMF. Size of the spool file in bytes: 1191045. Number of bytes printed: 1191045. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\KNOFF. Win32 error code returned by the print processor: 0 (0x0).
.
==== End Of File ===========================
 
ComboFix 12-04-14.02 - Joe 04/16/2012 20:42:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.223 [GMT -4:00]
Running from: c:\documents and settings\Joe\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\SPL321.tmp
c:\documents and settings\All Users\SPL3A.tmp
c:\documents and settings\All Users\SPL3E5.tmp
c:\documents and settings\All Users\SPL51.tmp
c:\documents and settings\Joe\Application Data\alot
c:\documents and settings\Joe\Application Data\PriceGong
c:\documents and settings\Joe\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\10.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\2620.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\450.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\6110.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\7535.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\94.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\947.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\9551.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Joe\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Joe\Application Data\PriceGong\Data\z.txt
c:\windows\EventSystem.log
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 00:02 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D67E74DC-506B-4A31-918E-F80F02FD47C8}\mpengine.dll
2012-04-13 01:49 . 2012-04-13 01:49 -------- d-----w- c:\documents and settings\Joe\Application Data\Malwarebytes
2012-04-13 01:49 . 2012-04-13 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-13 01:49 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-13 01:49 . 2012-04-13 01:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-10 03:32 . 2012-04-10 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-03-30 13:14 . 2012-04-14 13:44 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-18 17:35 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-03-18 17:35 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-18 17:35 . 2012-03-18 17:35 -------- d-----w- c:\program files\Real Alternative
2012-03-18 17:34 . 2010-05-12 20:09 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2012-03-18 17:34 . 2012-03-18 17:34 -------- d-----w- c:\program files\ffdshow
2012-03-18 17:34 . 2012-03-18 17:36 -------- d-----w- c:\program files\Free Media Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 13:44 . 2011-06-07 21:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 02:15 . 2012-02-09 14:04 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-01 11:01 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-10 11:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-10 11:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2004-08-10 11:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-08-30 20:18 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 73728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [12/5/2011 8:34 AM 92592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 9:14 AM 253088]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:44]
.
2012-04-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-04-17 c:\windows\Tasks\User_Feed_Synchronization-{0D5ECB2E-8E38-45F5-B816-A378ABD13CEE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2012-04-16 c:\windows\Tasks\User_Feed_Synchronization-{14B79CB0-37D1-498C-9F01-779046CC1129}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{575BDDF5-790A-4D01-A37D-2863DEC1C085} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-16 20:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-16 20:50:56
ComboFix-quarantined-files.txt 2012-04-17 00:50
.
Pre-Run: 143,442,608,128 bytes free
Post-Run: 143,663,697,920 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0302A2DAD08A17266F16AD64604A825F
 
C:\Documents and Settings\Esther\Local Settings\Temp\71DB0F3E-BAB0-7891-B661-2E984EC2B901\MyBabylonTB.exe Win32/Toolbar.Babylon application
C:\Documents and Settings\Esther\Local Settings\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application
C:\Documents and Settings\Esther\My Documents\IWON.exe Win32/AdInstaller application
 
I would like to thank you guys/girls for all of your help. I have already recommended this site to other people. Now, Im gonna check out the rest of the topics on this forum and maybe I can become more confident in my computer skills. Thanks again.

Joe
 
Joe, the site was upgraded and I'm finding some threads didn't send feedback for replies made. Yous was one of them. I'll pick up from where we were. If you have resolved problems, please let me know.

For the Eset entries:
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code:
    :
    :Files 
    C:\Documents and Settings\Esther\Local Settings\Temp\71DB0F3E-BAB0-7891-B661-2E984EC2B901\MyBabylonTB.exe 
    C:\Documents and Settings\Esther\Local Settings\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe 
    C:\Documents and Settings\Esther\My Documents\IWON.exe 
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==============================================
Combofix looks good. With so many entries for Price Gong gone and MWS gone, have you pickled up any 'speed'? I can give you few tips for maintenance if you'd like.
 
All processes killed
Error: Unable to interpret <:> in the current context!
========== FILES ==========
C:\Documents and Settings\Esther\Local Settings\Temp\71DB0F3E-BAB0-7891-B661-2E984EC2B901\MyBabylonTB.exe moved successfully.
C:\Documents and Settings\Esther\Local Settings\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe moved successfully.
C:\Documents and Settings\Esther\My Documents\IWON.exe moved successfully.
File/Folder [purity] not found.
File/Folder [emptytemp] not found.
File/Folder [start explorer] not found.
File/Folder [Reboot] not found.

OTM by OldTimer - Version 3.1.19.0 log created on 04282012_124335
 
You're welcome. I'll finish up and give you some tips. But first, please post the entire OTM log.
 
A note: You can use the Edit function when you just have a small amount of text to add instead of creating another post. You can clean up the tools now:

Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
  • Choose Disc Cleanup
  • Click "OK" to select the partition or drive you want.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin
 
Status
Not open for further replies.
Back