TechSpot

Please evaluate logs.Thanks!

By MrEd
Aug 2, 2011
  1. Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7350

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 7.0.5730.13

    8/1/2011 8:25:42 PM
    mbam-log-2011-08-01 (20-25-42).txt

    Scan type: Quick scan
    Objects scanned: 169136
    Time elapsed: 14 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 2
    Registry Data Items Infected: 1
    Folders Infected: 5
    Files Infected: 5

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D714A94F-123A-45CC-8F03-040BCAF82AD6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE02D.DLL (Adware.SideStep) -> Value: SBCIE02D.DLL -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\crgyrvyj (Trojan.FakeAlert.N) -> Value: crgyrvyj -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\documents and settings\babycakes\application data\errorsmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
    c:\documents and settings\babycakes\application data\errorsmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
    c:\documents and settings\babycakes\application data\errorsmart\registry backups (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
    c:\documents and settings\Owner\application data\errorsmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
    c:\documents and settings\Owner\application data\errorsmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

    Files Infected:
    c:\WINDOWS\downloaded program files\SbCIe02d.dll (Adware.SideStep) -> Quarantined and deleted successfully.
    c:\WINDOWS\Tasks\{7b02ef0b-a410-4938-8480-9ba26420a627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\WINDOWS\Tasks\{bb65b0fb-5712-401b-b616-e69ac55e2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\documents and settings\babycakes\application data\errorsmart\registry backups\2008-04-13_12-28-02.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
    c:\documents and settings\babycakes\application data\errorsmart\registry backups\2008-09-11_03-45-46.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
    -------------------------------------


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-02 18:07:24
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK4026GAX rev.PA100U
    Running: wd3vg6xk.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pgldipow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 7.0.5730.13
    Run by Owner at 18:22:57 on 2011-08-02
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.229 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://www.google.com/
    mDefault_Search_URL = hxxp://www.google.com/
    mSearch Page = hxxp://www.google.com/
    mStart Page = hxxp://www.google.com/
    mSearch Bar = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchURL = hxxp://www.google.com/
    mSearchAssistant = hxxp://www.google.com/
    mCustomizeSearch = hxxp://www.google.com
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: X1IEHook Class: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
    BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: Powermarks: {e166b4a2-83e7-11d3-b4fd-004005a47aaa} - c:\progra~1\powerm~1.5\iec.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    uRun: [Window Washer] c:\program files\window washer\webroot\washer\wwDisp.exe
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe" -s
    uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
    mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam software\eReg.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: &Search - ?p=ZK
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: Display All Images with Full Quality - "c:\program files\netzero\qsacc\appres.dll/228"
    IE: Display Image with Full Quality - "c:\program files\netzero\qsacc\appres.dll/227"
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - hxxp://www.sidestep.com/get/k00722/sb02d.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-12 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-3-5 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-12 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-12 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-12 297752]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-4-8 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-1 41272]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-6-11 27064]
    S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2007-2-8 15576]
    .
    =============== Created Last 30 ================
    .
    2011-08-01 23:28:21 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2011-08-01 23:27:48 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
    2011-08-01 23:26:59 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-01 23:26:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-08-01 23:26:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-01 23:26:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-07-31 22:24:23 -------- d-----w- c:\documents and settings\owner\local settings\application data\LogiShrd
    2011-07-31 22:19:10 539160 ----a-w- c:\windows\system32\LVUI2.dll
    2011-07-31 22:19:01 416280 ----a-w- c:\windows\system32\lvcodec2.dll
    2011-07-31 22:18:48 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
    2011-07-31 22:18:46 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
    2011-07-31 22:18:03 34068 ----a-w- c:\windows\system32\Repository.reg
    2011-07-31 22:18:03 199192 ----a-w- c:\windows\system32\lvci12101110.dll
    2011-07-31 22:18:02 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
    2011-07-31 22:16:39 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
    2011-07-31 21:43:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-31 21:21:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
    2011-07-31 21:21:19 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
    2011-07-31 21:21:11 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
    2011-07-31 21:21:10 16384 ----a-w- c:\windows\system32\ipsink.ax
    2011-07-31 21:21:02 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
    2011-07-31 21:20:54 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
    2011-07-31 21:20:45 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
    2011-07-31 21:20:38 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
    2011-07-31 21:20:04 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
    2011-07-31 21:20:04 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2011-07-31 21:19:03 90624 ----a-w- c:\windows\system32\kswdmcap.ax
    2011-07-31 21:19:03 28672 ----a-w- c:\windows\system32\vidcap.ax
    2011-07-31 21:19:00 61952 ----a-w- c:\windows\system32\kstvtune.ax
    2011-07-31 21:18:55 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2011-07-31 21:18:55 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2011-07-31 21:18:55 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
    2011-07-31 21:18:53 20992 ----a-w- c:\windows\system32\dshowext.ax
    2011-07-31 21:18:52 43008 ----a-w- c:\windows\system32\ksxbar.ax
    2011-07-31 20:36:59 -------- d-----w- c:\documents and settings\owner\local settings\application data\Deployment
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 18:24:36.23 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/30/2005 7:41:12 PM
    System Uptime: 8/2/2011 3:40:57 PM (3 hours ago)
    .
    Motherboard: TOSHIBA | | Satellite L25
    Processor: Intel(R) Celeron(R) M processor 1.50GHz | U23 | 1496/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 37 GiB total, 0.879 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Atheros AR5005G Wireless Network Adapter
    Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_7094144F&REV_01\4&13826118&0&20A4
    Manufacturer: Atheros
    Name: Atheros AR5005G Wireless Network Adapter
    PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_7094144F&REV_01\4&13826118&0&20A4
    Service: AR5211
    .
    Class GUID:
    Description: PCI Modem
    Device ID: PCI\VEN_1002&DEV_4378&SUBSYS_FF311179&REV_02\3&13C0B0C5&0&A6
    Manufacturer:
    Name: PCI Modem
    PNP Device ID: PCI\VEN_1002&DEV_4378&SUBSYS_FF311179&REV_02\3&13C0B0C5&0&A6
    Service:
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: WAN Miniport (ATW)
    Device ID: ROOT\NET\0000
    Manufacturer: America Online, Inc.
    Name: WAN Miniport (ATW)
    PNP Device ID: ROOT\NET\0000
    Service: wanatw
    .
    ==== System Restore Points ===================
    .
    RP800: 5/12/2011 12:12:47 PM - System Checkpoint
    RP801: 5/14/2011 8:16:16 PM - Removed Safari
    RP802: 5/14/2011 8:20:03 PM - Removed Splash PRO
    RP803: 5/16/2011 9:00:15 PM - System Checkpoint
    RP804: 5/19/2011 11:11:47 PM - Installed Bluesoleil2.6.0.8 Release 070517
    RP805: 5/22/2011 2:55:37 PM - System Checkpoint
    RP806: 5/27/2011 3:41:38 PM - System Checkpoint
    RP807: 6/3/2011 8:53:33 PM - System Checkpoint
    RP808: 6/7/2011 3:41:58 PM - System Checkpoint
    RP809: 6/10/2011 11:43:32 PM - B4 Latest Direct X and Media Player
    RP810: 6/10/2011 11:55:26 PM - Installed DirectX
    RP811: 6/11/2011 12:09:30 AM - B4 Media Player
    RP812: 6/11/2011 11:23:30 PM - Revo Uninstaller Pro's restore point - ePrompter
    RP813: 6/11/2011 11:26:55 PM - Revo Uninstaller Pro's restore point - ePrompter
    RP814: 7/31/2011 6:15:48 PM - Logitech Webcam Software v12.10.1110
    RP815: 8/1/2011 7:28:00 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe Acrobat 5.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Shockwave Player 11.5
    AI RoboForm (All Users)
    Atheros Client Utility
    Atheros Wireless LAN MiniPCI card Driver
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    AuctionSieve
    AVG 8.5
    Bluesoleil2.6.0.8 Release 070517
    Bonjour
    CD/DVD Drive Acoustic Silencer
    CleanUp!
    Conexant AC-Link Audio
    Critical Update for Windows Media Player 11 (KB959772)
    Disketch CD Label Software
    Dropbox
    DVD-RAM Driver
    Google Chrome
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB894871)
    Hotfix for Windows XP (KB895200)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB981793)
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    ICS Viewer 6.0
    InterVideo WinDVD for TOSHIBA
    iRider
    J2SE Runtime Environment 5.0 Update 2
    Logitech Vid HD
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Media Player Classic - Home Cinema v1.5.1.2903
    Memorex exPressit Label Design Studio
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Professional
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MobileMe Control Panel
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    MSXML 6 Service Pack 2 (KB973686)
    Notebook Maximizer
    OpenMG Limited Patch 4.6-06-09-04-01
    OpenMG Secure Module 4.6.00
    PC-Linq
    PDF Manual NW-S600/S700F Series
    Picasa 3
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    REALTEK Gigabit and Fast Ethernet NIC Driver
    RealUpgrade 1.1
    Retrospect 6.5
    Revo Uninstaller Pro 2.5.3
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    Sonic DLA
    Sonic RecordNow!
    SonicStage 4.1
    Synaptics Pointing Device Driver
    TOSHIBA Assist
    TOSHIBA ConfigFree
    Toshiba Hotkey Utility
    TOSHIBA PC Diagnostic Tool
    Toshiba Q4 Retail Demo ScreenSaver
    Toshiba Registration
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    Toshiba Tbiosdrv Driver
    Toshiba Touchpad Utility
    Toshiba Utility
    TOSHIBA Zooming Utility
    Touch and Launch
    U3Launcher
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB900930)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC_MergeModuleToMSI
    Viewpoint Media Player
    WebFldrs XP
    Window Washer 5
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Mail
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB884018
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB887797
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB889673
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893056
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/1/2011 7:54:34 PM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Evaluate for what? That's another way of asking what problems you're having.
     
  3. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    sluggish performance

    Hello...well since I had 17 items of Malware and my system is sluggish, I was wondering if you detected anything on these logs? PCI modem loads request to install at startupt Do I need that? Can I stop it from asking to install it? .Thought maybe my setup might be bad with a bunch of unwanted processes running etc. so wondered if you could assist with tweaking?Should I run Combofix as I saw you advise some others? Thanks!
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This is not a "tweaking" forum. We have a heavy load handling the malware! It is very time consuming to go through of the logs for each thread. There are many tutorials for slow system- both on TechSpot and the internet. I will leave that search up to you.

    What I am trying to learn is what the problem was that you thought you needed malware help. Why did you run Malwarebytes in the first place that found all those entries to make you think we needed to check the logs? For instance, Mbam shows entries for several rogue programs. Those programs would have been causing problems for you>> what were they? Alerts? Errors? etc.

    The modem problem should be asked in the hardware forum.
    ==========================================
    Update Alerts!
    1. Adobe Acrobat 5.0> Update ASAP. Current version is v10. Adobe Reader site Uninstall any earlier updates as they are vulnerabilities.
    2. AVG 8.5> I'm not sure this is still supported. Current version is AVG 2011
    3. J2SE Runtime Environment 5.0 Update 2 > Update ASAK. Current version is v6u26.Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    =============================================
    4. You have no security except for the questionable AVG. You should also have at least 2 antimalware programs.
    5. Recommend uninstall Window Washer by Webroot
    ======================================================
    6.
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===============================================
    Now you can run Combofix
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ==================================================
    Please leave logs for Eset and Combofix in your next reply.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I am reasonably sure you will have malware in the Java cache due to outdated program. Empty now:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ==================================================
     
  6. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Thanks! Here are the requested logs!

    Hello-I also uninstalled Windowwasher. Thanks for all your help! :)

    Esetscan


    C:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application
    C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\swupdate\newpackage.bin probably a variant of Win32/StartPage.HSZAKFT trojan
    C:\Program Files\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
    --------------------------------------------
    Combofix


    ComboFix 11-08-05.02 - Owner 08/05/2011 15:31:20.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.164 [GMT -4:00]
    Running from: c:\program downloads\Combofix 8-5-11\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Babycakes\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Owner\WINDOWS
    c:\windows\iun6002.exe
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\Thumbs.db
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-05 15:15 . 2011-08-05 15:15 -------- d-----w- c:\program files\ESET
    2011-08-05 15:06 . 2011-08-05 15:05 128000 ----a-w- c:\windows\system32\javacpl.cpl
    2011-08-05 15:06 . 2011-08-05 15:05 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-08-05 14:27 . 2011-07-20 15:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-08-05 14:27 . 2011-07-20 15:30 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-08-05 14:27 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-08-05 14:27 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-08-05 14:26 . 2011-08-05 14:26 -------- d-----w- c:\program files\Avira
    2011-08-05 14:26 . 2011-08-05 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-08-05 14:12 . 2011-08-05 14:12 -------- d-----w- c:\documents and settings\Owner\Application Data\VS Revo Group
    2011-08-01 23:28 . 2011-08-01 23:28 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2011-08-01 23:27 . 2011-08-01 23:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2011-08-01 23:26 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-01 23:26 . 2011-08-01 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-08-01 23:26 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-01 23:26 . 2011-08-01 23:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-07-31 22:24 . 2011-07-31 22:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LogiShrd
    2011-07-31 22:19 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2.dll
    2011-07-31 22:19 . 2009-10-07 08:43 416280 ----a-w- c:\windows\system32\lvcodec2.dll
    2011-07-31 22:18 . 2009-10-07 08:49 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
    2011-07-31 22:18 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
    2011-07-31 22:18 . 2009-10-07 08:43 199192 ----a-w- c:\windows\system32\lvci12101110.dll
    2011-07-31 22:18 . 2009-10-07 08:24 34068 ----a-w- c:\windows\system32\Repository.reg
    2011-07-31 22:18 . 2009-10-07 08:47 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
    2011-07-31 22:16 . 2009-10-07 08:49 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
    2011-07-31 22:13 . 2011-07-31 22:22 -------- d-----w- c:\program files\Common Files\LogiShrd
    2011-07-31 22:13 . 2011-07-31 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
    2011-07-31 22:13 . 2011-08-01 16:17 -------- d-----w- c:\program files\Logitech
    2011-07-31 21:43 . 2011-07-31 21:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-31 21:21 . 2004-08-04 02:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
    2011-07-31 21:21 . 2004-08-04 03:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
    2011-07-31 21:21 . 2004-08-04 03:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
    2011-07-31 21:21 . 2004-08-04 04:56 16384 ----a-w- c:\windows\system32\ipsink.ax
    2011-07-31 21:21 . 2004-08-04 03:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
    2011-07-31 21:20 . 2004-08-04 03:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
    2011-07-31 21:20 . 2004-08-04 03:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
    2011-07-31 21:20 . 2004-08-04 03:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
    2011-07-31 21:20 . 2004-08-04 03:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
    2011-07-31 21:20 . 2004-08-04 03:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2011-07-31 21:19 . 2004-08-04 04:56 90624 ----a-w- c:\windows\system32\kswdmcap.ax
    2011-07-31 21:19 . 2004-08-04 04:56 28672 ----a-w- c:\windows\system32\vidcap.ax
    2011-07-31 21:19 . 2004-08-04 04:56 61952 ----a-w- c:\windows\system32\kstvtune.ax
    2011-07-31 21:18 . 2004-08-04 04:56 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2011-07-31 21:18 . 2004-08-04 04:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
    2011-07-31 21:18 . 2004-08-04 03:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2011-07-31 21:18 . 2004-08-04 04:56 20992 ----a-w- c:\windows\system32\dshowext.ax
    2011-07-31 21:18 . 2004-08-04 04:56 43008 ----a-w- c:\windows\system32\ksxbar.ax
    2011-07-31 20:36 . 2011-07-31 20:38 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Deployment
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-12-15 160592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
    "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-12-15 160592]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
    backup=c:\windows\pss\LaunchU3.exe.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
    backup=c:\windows\pss\RAMASST.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
    CFSServ.exe -NoClient [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
    2005-01-10 14:35 73728 ----a-w- c:\progra~1\DOWNLO~1\PESTPA~1\CookiePatrol.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2005-05-31 12:33 122941 ----a-w- c:\windows\system32\dla\tfswctrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
    2003-12-03 16:43 1052672 ----a-w- c:\program files\PureEdge\Viewer 6.0\masqform.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
    2004-05-25 21:35 28672 ----a-w- c:\program files\Notebook Maximizer\maximizer_startup.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
    2006-01-02 03:53 98304 ----a-w- c:\progra~1\DOWNLO~1\PESTPA~1\PPControl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrolCL]
    2004-12-15 23:00 855040 ----a-w- c:\progra~1\DOWNLO~1\PESTPA~1\PestPatrolCL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
    2005-03-18 00:37 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
    2006-01-02 03:53 148480 ----a-w- c:\progra~1\DOWNLO~1\PESTPA~1\PPMemCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
    2006-09-05 09:18 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
    2006-09-15 23:06 335872 ----a-w- c:\windows\system32\WDBtnMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Swupdtmr"=2 (0x2)
    "Retrospect Helper"=2 (0x2)
    "PACSPTISVR"=3 (0x3)
    "nmservice"=2 (0x2)
    "nmraapache"=3 (0x3)
    "MSCSPTISRV"=3 (0x3)
    "gusvc"=3 (0x3)
    "gupdate1c9f536c5212976"=2 (0x2)
    "ACS"=2 (0x2)
    "DVD-RAM_Service"=2 (0x2)
    "RetroWDSvc"=2 (0x2)
    "RetroLauncher"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
    "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
    "c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
    "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1700:TCP"= 1700:TCP:MioNet Remote Drive Access
    "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/5/2011 10:27 AM 136360]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/16/2010 2:06 PM 80896]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [4/8/2011 4:03 PM 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/11/2011 11:20 PM 27064]
    S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2/8/2007 5:38 AM 15576]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ANTIVIRSCHEDULERSERVICE
    *NewlyCreated* - ANTIVIRSERVICE
    *NewlyCreated* - AVGIO
    *NewlyCreated* - AVGNTFLT
    *NewlyCreated* - AVIPBB
    *NewlyCreated* - JAVAQUICKSTARTERSERVICE
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-15 c:\windows\Tasks\disketchShakeIcon.job
    - c:\program files\NCH Software\Disketch\disketch.exe [2011-05-15 00:45]
    .
    2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3119454931-2476218117-819753718-1003Core.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-31 20:38]
    .
    2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3119454931-2476218117-819753718-1003UA.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-31 20:38]
    .
    2011-08-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3119454931-2476218117-819753718-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-07-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3119454931-2476218117-819753718-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com/
    mSearch Bar = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchURL = hxxp://www.google.com/
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
    IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - hxxp://www.sidestep.com/get/k00722/sb02d.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
    MSConfigStartUp-NDSTray - NDSTray.exe
    MSConfigStartUp-Pure Networks Port Magic - c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    AddRemove-Notebook_Maximizer - c:\windows\iun6002.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-05 15:42
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(636)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2011-08-05 15:47:14
    ComboFix-quarantined-files.txt 2011-08-05 19:47
    .
    Pre-Run: 4,080,709,632 bytes free
    Post-Run: 4,282,564,608 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - CF684F03EAE73F8BE40F9EA6CAAA2BF8
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :
      :Files  
      C:\AOL Instant Messenger\AIM.exe 
      C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\swupdate\newpackage.bin
      C:\Program Files\MSN Messenger\msimg32.dll 
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =============================================
    Go ahead and run this. Will check Combofix log in the morning.
     
  8. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Old Timer

    Ran as instructed...asked to reboot which I did....no folder or log file in c:\_OTMoveIt\MovedFiles.Thanks.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please search for the log.
     
  10. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Old Tmer

    Ran it 5 more times and each time as I indicated before the computer rebooted and there was no moved files folder in the Old Timers folder on my desktop nor are there any logs. I did notice an "unable to interpret" the colon by itself at the top of your paste box so I ran it without it also and still no logs.If you want me to type out the exact
    result I can do that since no log is getting produced in the respective folder where the program is, Thx.
     
  11. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Sorry My Error

    Sorry as I was looking in the wrong folder.My apologies! Here is the log from the first time I ran it. Thx!

    All processes killed
    Error: Unable to interpret <:> in the current context!
    ========== FILES ==========
    C:\AOL Instant Messenger\AIM.exe moved successfully.
    C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\swupdate\newpackage.bin moved successfully.
    DllUnregisterServer procedure not found in C:\Program Files\MSN Messenger\msimg32.dll
    C:\Program Files\MSN Messenger\msimg32.dll moved successfully.
    File/Folder [purity] not found.
    File/Folder [emptytemp] not found.
    File/Folder [start explorer] not found.
    File/Folder [Reboot] not found.

    OTM by OldTimer - Version 3.1.18.0 log created on 08062011_142623
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run the Eset scan again and post a new log. This is only a partial log and it appears there was an error when it ran.

    Are you having any malware realted problem now?
     
  13. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Hello-I ran Malware Bytes and ESET in safe mode with networking. Nothing found on Malware Bytes. ESET log below so don't notice really any malware related problems now.BTW, do I just delete the quarantined files in the ESET folder?Thanks for your help!

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6528
    # api_version=3.0.2
    # EOSSerial=27cc40415cd62b48b95d24eab259ac33
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-08-05 07:10:04
    # local_time=2011-08-05 03:10:04 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=1797 16775141 100 93 0 48151248 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=104947
    # found=3
    # cleaned=0
    # scan_time=13507
    C:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\swupdate\newpackage.bin probably a variant of Win32/StartPage.HSZAKFT trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6528
    # api_version=3.0.2
    # EOSSerial=27cc40415cd62b48b95d24eab259ac33
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-08-09 09:59:19
    # local_time=2011-08-09 05:59:19 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=1797 16775126 100 93 0 48509801 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=84408
    # found=2
    # cleaned=2
    # scan_time=10712
    C:\_OTM\MovedFiles\08062011_142623\C_AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C
    C:\_OTM\MovedFiles\08062011_142623\C_Documents and Settings\All Users\Application Data\AOL\ACS\1.0\swupdate\newpackage.bin probably a variant of Win32/StartPage.HSZAKFT trojan (deleted - quarantined) 00000000000000000000000000000000 C
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Nothing new in the Eset scan. Entries have been previously handled.

    Please give me an update on the system.
     
  15. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Well, the system seems okay.Can you tell me if I am running unneeded processes taking up resources or is that better asked in a different forum?Can I run Revo uninstaller pro"windows cleaner" and/or "junk files cleaner" or do you recommend something else like CClean?I got rid of windowwasher so wondered if you new of a good freebie replacement?Thank you!
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You don't need a 'cleaner'- you can do it yourself:

    To remove entries from the Startup Menu using the msconfig utility:
    • Click on Start> Run> type in msconfig> enter>
      [​IMG]
    • Click on Selective Startup
    • Choose the Startup tab:
      [​IMG]
      All images courtesy NetSquirrel
    • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
    • Uncheck any processes you do not need to start on boot.
    • Click on Apply> OK when finished.
    NOTE:
    When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.
    ===========================================
    The only processes that have to be checked on the Startup menu are:
    Antivirus
    Firewall is using 3rd party FW like Zone Alarm or Comodo
    Touchpad process is on laptop
    Network if using Pure Network/Cisco.
    Nothing else! You can go into All Program when you want to run a program.
    ==========================================
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
     
  17. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Thanks!

    Appreciate the help!
     
  18. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Qoobot

    Have a folder that I can't delete called "Qoobot".Inside it is another folder called "Backenv". When I click on either folder it says "Cannot delete:access denied....Make sure the disk is not full or write-protected and that the file is not in use". Any ideas? Thanks!
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You've run ComboFix at some point. Qoobox is a folder where Combofix puts the quarantined files. Backenv is one of them. If you uninstalled Combofix as instructed, this logs should be gone. Don't try to view what's in there, just delete it. Empty your Recycle Bin and reboot your computer.

    Spelling Qoobot has been corrected to Qoobox.
     
  20. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Hello,

    Thanks for the response. I did attempt to uninstall "combofix" several times using your
    nomenclature and received the error message "Windows cannot find "Combofix".Make sure you typed the name correctly, and then try again. To search for a file, click the Start button
    and then click Search." I once again tried to delete the "Qoobox" folder and received the
    message "Cannot delete BackEnv:Access is denied. Make sure the disk is not full or write
    protected and that the file is not currently in use." Also ran "otcLEANIT BY OLDTIMER" and
    the undeletable folder is still there.Please advise.

    RE: msconfig..you stated..
    "The only processes that have to be checked on the Startup menu are:
    Antivirus
    Firewall is using 3rd party FW like Zone Alarm or Comodo
    Touchpad process is on laptop
    Network if using Pure Network/Cisco.
    Nothing else! You can go into All Program when you want to run a program."

    I disabled pad.exe which is Toshiba Touch and Launch and the touchpad still worked. There
    are two other Toshiba program files there but wasn't sure if they were for the touchpad
    although since they indicate "TP" in the file, my guess is are for the touchpad. They are:
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTPenh.exe

    Why are there a bunch of entries in msconfig startup that are associated with programs I
    thought were removed.How do I get rid of these? Here are the specific entries:
    Removed Programs:
    Cooke Patrol ...program: Pest Patrol
    PP Control...program: Pest Control
    PP Mem Check...program: Pest Patrol
    Unnamed File...program: Pest Control/downloads
    Maximizer Startup Program: Notebook Maximizer
    masqform ..program: PureEdge
    justsched:..program: Java Updater

    Other:
    CFSSErv
    tfswctrl
    dumpprep 0 -k
    RAMASST

    Cleaned up add/remove programs but there is no "remove" button for Google Talk plugin.I even used REvo Uninstaller Pro for cleanup but it would not delete the files.How do
    I remove it?

    Thanks!
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You asked to have your logs 'evaluated', giving no information about what your problems were. You tan Malwarebytes for some unknown reason and when malware was found decided you wanted the logs checked

    Then you want me to 'tweak' you system and I told you this is not a tweaking forum. Sluggish systems can have many causes and if you search TechSpot, you will find information about that.

    I asked for the OTM log, which you eventually found, then you only left a part of it..

    You ran Malwarebytes and ESET in safe mode with networking. which were not the instructions: All scans should be run in Normal Mode unless instructed otherwise or unless the system can't boot into Normal Mode.

    The correct order to use for uninstalling is:
    1. Check if program has it's own uninstaller. If it does, use that.
    2. If program does not have own uninstaller, remove in Add/Remove Programs.

    Revo and Windows Installer Cleanup Utility are not uninstallers! They should only be use to 1. remove files that are left over after a program is uninstalled or 2. If the program appears in Add/Remove Programs but will not uninstall from there.

    Using Revo exclusively to do this job can damage the uninstaller which sounds like what happened to you. I suggest you download Combofix again and then uninstall it properly:

    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

      Because you didn't uninstall them correctly, because you didn't check to make sure they were no longer on Startup. because you didn't delete the program folders after the uninstall.

      Some of the processes you see might be Active X entries for addons. Check Manage Addons in Tools and disable any you don't want to run.

      If is also possible that an entry has a Service that is set to Automatically start. You can check that as follows:
      Click on Start> Run> type in services.msc> enter> Find the Service and double click to open. Set the Startup Type to Manual.

      You have most likely damaged the files the need to be used in programs to uninstall them by using Revo instead of the proper methods. In some cases, it might be necessary for you to download the program again and then uninstall it like I mentioned.

      Google is a good search engine. Instead to deleting or unchecking a process when you don't know what it does or if it need to start on boot, do a search. The information can easily be found.

      Since the malware problem has been resolved, I am going to close this thread.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...