TechSpot

Server error

By heyhi
Dec 4, 2010
  1. I had some virus,might have been from click patatoe, but anyways...I ran abunch of diffrent scans, search n destry, antimalware,avast, few more and each had there own virus come up. I removed them.. On ie and aim im getten a server error ,but but firefox works. What can I do?
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    Thanks alot for ur help. I already have avast , when i started the computer a pop up came up saying threat detected so i scaned that file using anti malware, Il throw that log in here any way thats the first log. avast showed no threats, and sorry i couldnt copy n paste so i atached
     

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Why can't you copy and paste?
     
  5. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    I have no clue, I copy and when go to paste, paste doesn't come up highlighted,but i atached the files they can be opened with notepad
     
  6. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    can any 1 help with this
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'll review the logs when they are pasted in.
     
  8. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5214

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    12/4/2010 10:17:52 PM
    mbam-log-2010-12-04 (22-17-52).txt

    Scan type: Quick scan
    Objects scanned: 1
    Time elapsed: 15 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 1

    Memory Processes Infected:
    c:\documents and settings\all users\application data\resultbar\resultbar113.exe (Adware.ResultBar) -> 440 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultBar Service (Adware.ResultBar) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\documents and settings\all users\application data\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.

    Files Infected:
    c:\documents and settings\all users\application data\resultbar\resultbar113.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
     
  9. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5246

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    12/4/2010 11:49:14 PM
    mbam-log-2010-12-04 (23-49-14).txt

    Scan type: Quick scan
    Objects scanned: 126966
    Time elapsed: 5 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 14
    Registry Values Infected: 5
    Registry Data Items Infected: 0
    Folders Infected: 7
    Files Infected: 9

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\ere94fe5o32 (Trojan.FakeAV) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MP3TUBE_TOOLBAR_UPDATER_SERVICE (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESULTBAR_SERVICE (Adware.ResultBar) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790477B1765F5A36AD96 (Malware.Trace) -> Value: SRS_IT_E8790477B1765F5A36AD96 -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0} (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    c:\documents and settings\KA\application data\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome.manifest (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\install.rdf (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome\resultbar.jar (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences\prefs.js (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\resultbar\resultbar.dll (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\resultbar\resultbar.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mp3tube toolbar\mp3tubesvc.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    c:\program files\mp3tube toolbar\mp3tubevideotomp3.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
     
  10. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-05 00:36:01
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST9402112A rev.3.06
    Running: u7tbe80u.exe; Driver: C:\DOCUME~1\KA\LOCALS~1\Temp\ugtdipow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8323BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA83239D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA8323B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
     
  11. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    DDS (Ver_10-12-05.01) - NTFSx86
    Run by KA at 0:39:59.37 on Sun 12/05/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.901 [GMT -5:00]

    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\KA\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://espn.go.com/nfl/
    uSearch Page =
    uSearch Bar =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:23012
    mSearchAssistant =
    uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} -
    uURLSearchHooks: H - No File
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    uURLSearchHooks: H - No File
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - AOL Toolbar Launcher
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {61539ecd-cc67-4437-a03c-9aaccbd14326} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} -
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Wisdom-soft ScreenHunter 5.1 Free] 0
    uRun: [CLICK] C:\CLICK
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
    IE: &Search
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
    IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922}
    Trusted Zone: intuit.com\ttlc
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\ka\applic~1\mozilla\firefox\profiles\ostsccu7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=01-05-2010&tb_mrud=01-05-2010
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://buymixtapes.com/newsongs.php
    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Extension: Spell Checker: gaurangnshah@gmail.com - c:\docume~1\ka\applic~1\mozilla\firefox\profiles\ostsccu7.default\extensions\gaurangnshah@gmail.com
    FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\docume~1\ka\applic~1\mozilla\firefox\profiles\ostsccu7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

    ---- FIREFOX POLICIES ----
    FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - user.js: keyword.enabled - 1

    ============= SERVICES / DRIVERS ===============

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-10-29 28552]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-26 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-26 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-26 40384]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-12 10448]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-20 88176]
    R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2010-12-3 278528]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2010-12-3 57440]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-17 136176]
    S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2010-12-3 1710944]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-26 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-26 40384]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe --> c:\program files\magix\common\database\bin\fbserver.exe [?]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2010-12-3 360529]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

    =============== Created Last 30 ================

    2010-12-05 04:02:37 -------- d-----w- c:\program files\Blockbuster
    2010-12-03 05:05:27 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
    2010-12-01 11:56:58 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Sunbelt Software
    2010-12-01 02:47:38 -------- d-----w- c:\program files\Bazooka Scanner
    2010-11-30 02:13:27 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-11-30 02:13:22 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-11-26 22:26:46 -------- d-----w- c:\program files\MPEGTOWAV
    2010-11-26 05:50:45 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Conduit
    2010-11-26 05:50:08 -------- d-----w- c:\program files\uTorrent
    2010-11-26 05:49:44 -------- d-----w- c:\docume~1\ka\applic~1\uTorrent
    2010-11-21 07:40:00 -------- d-----w- c:\program files\Xvid
    2010-11-21 00:51:52 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\DefaultDomain_Path_2jjdwwwbej4fajitudmutkjkc2soxwl5
    2010-11-18 04:59:01 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
    2010-11-18 04:59:01 8704 ----a-w- c:\windows\system32\kbdjpn.dll
    2010-11-18 04:59:01 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
    2010-11-18 04:59:01 8192 ----a-w- c:\windows\system32\kbdkor.dll
    2010-11-18 04:59:01 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
    2010-11-18 04:59:01 6144 ----a-w- c:\windows\system32\kbd101c.dll
    2010-11-18 04:59:01 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
    2010-11-18 04:59:01 5632 ----a-w- c:\windows\system32\kbd103.dll
    2010-11-18 04:58:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2010-11-18 04:58:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
    2010-11-18 04:58:54 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2010-11-18 04:58:54 6144 ----a-w- c:\windows\system32\kbd106.dll
    2010-11-18 04:44:19 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Temp
    2010-11-18 04:44:03 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Google
    2010-11-18 04:43:19 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Deployment
    2010-11-13 00:26:26 545 ----a-w- c:\windows\UC.PIF
    2010-11-13 00:26:26 545 ----a-w- c:\windows\RAR.PIF
    2010-11-13 00:26:26 545 ----a-w- c:\windows\PKZIP.PIF
    2010-11-13 00:26:26 545 ----a-w- c:\windows\PKUNZIP.PIF
    2010-11-13 00:26:26 545 ----a-w- c:\windows\NOCLOSE.PIF
    2010-11-13 00:26:26 545 ----a-w- c:\windows\LHA.PIF
    2010-11-13 00:26:26 545 ----a-w- c:\windows\ARJ.PIF
    2010-11-13 00:26:26 -------- d-----w- c:\docume~1\ka\applic~1\GHISLER
    2010-11-10 07:50:18 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\AVNEX_Ltd._(CY)
    2010-11-10 07:46:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avnex
    2010-11-10 00:40:53 -------- d-----w- c:\program files\Microsoft ActiveSync

    ==================== Find3M ====================

    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec
    2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr

    ============= FINISH: 0:40:20.81 ===============
     
  12. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-05.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/19/2009 6:48:59 PM
    System Uptime: 12/5/2010 12:30:47 AM (0 hours ago)

    Motherboard: Acer | | Garda-910
    Processor: Intel(R) Celeron(R) M processor 1.50GHz | U1 | 1496/100mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 37 GiB total, 22.607 GiB free.
    D: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: NETGEAR WNA1100 Wireless-N 150 USB Adapter
    Device ID: USB\VID_0846&PID_9030\12345
    Manufacturer: Netgear Inc.
    Name: NETGEAR WNA1100 Wireless-N 150 USB Adapter
    PNP Device ID: USB\VID_0846&PID_9030\12345
    Service: AR9271

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Atheros AR5005G Wireless Network Adapter
    Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&AD1B67F&0&28F0
    Manufacturer: Atheros
    Name: Atheros AR5005G Wireless Network Adapter
    PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&AD1B67F&0&28F0
    Service: AR5211

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_006A1025&REV_10\4&AD1B67F&0&38F0
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_006A1025&REV_10\4&AD1B67F&0&38F0
    Service: RTL8023xp

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Modem
    Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_006A1025&REV_03\3&B1BFB68&0&F3
    Manufacturer:
    Name: PCI Modem
    PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_006A1025&REV_03\3&B1BFB68&0&F3
    Service:

    ==== System Restore Points ===================

    RP415: 11/14/2010 1:45:40 PM - System Checkpoint
    RP416: 11/22/2010 5:14:29 AM - Revo Uninstaller's restore point - blinkx beat
    RP417: 11/22/2010 5:15:34 AM - Revo Uninstaller's restore point - blinkx beat
    RP418: 11/22/2010 5:16:42 AM - Revo Uninstaller's restore point - Homepage Protection Service
    RP419: 11/22/2010 5:17:58 AM - Revo Uninstaller's restore point - ShopperReports
    RP420: 11/22/2010 5:18:39 AM - Revo Uninstaller's restore point - Google Chrome Frame
    RP421: 11/22/2010 5:19:56 AM - Revo Uninstaller's restore point - Mp3Tube Toolbar
    RP422: 11/22/2010 5:20:39 AM - Revo Uninstaller's restore point - ResultBar 1.0 build 113
    RP423: 11/22/2010 11:59:56 AM - Revo Uninstaller's restore point - Kilmist Registry Editor 2.5
    RP424: 11/22/2010 12:00:19 PM - Removed Kilmist Registry Editor 2.5
    RP425: 11/22/2010 12:02:13 PM - Revo Uninstaller's restore point - AV Music Morpher Gold
    RP426: 11/22/2010 12:03:22 PM - Revo Uninstaller's restore point - Magic Button
    RP427: 11/22/2010 12:04:39 PM - Revo Uninstaller's restore point - Total Commander (Remove or Repair)
    RP428: 11/24/2010 2:35:26 AM - Revo Uninstaller's restore point - Clean Disk Security 7.84
    RP429: 11/30/2010 2:44:30 AM - Revo Uninstaller's restore point - K-Lite Codec Pack 6.6.0 (Basic)
    RP430: 11/30/2010 2:44:50 AM - Revo Uninstaller's restore point - Wisdom-soft Set up ScreenHunter 5.1 Free
    RP431: 11/30/2010 2:45:38 AM - Revo Uninstaller's restore point - uTorrentBar Toolbar
    RP432: 11/30/2010 2:46:36 AM - Revo Uninstaller's restore point - RealPlayer
    RP433: 11/30/2010 5:30:18 AM - Revo Uninstaller's restore point - Xvid 1.2.1 final uninstall
    RP434: 11/30/2010 5:31:37 AM - Revo Uninstaller's restore point - ClickPotato
    RP435: 11/30/2010 9:51:36 PM - Revo Uninstaller's restore point - Bazooka Scanner
    RP436: 11/30/2010 9:53:00 PM - Revo Uninstaller's restore point - DivX Codec
    RP437: 11/30/2010 9:53:53 PM - Revo Uninstaller's restore point - DivX Converter
    RP438: 11/30/2010 9:54:42 PM - Revo Uninstaller's restore point - DivX Plus DirectShow Filters
    RP439: 11/30/2010 10:27:39 PM - Revo Uninstaller's restore point - Windows Internet Explorer 8
    RP440: 11/30/2010 11:39:59 PM - Revo Uninstaller's restore point - avast! Free Antivirus
    RP441: 12/1/2010 6:51:52 AM - Revo Uninstaller's restore point - Spyware Doctor 8.0
    RP442: 12/1/2010 6:40:08 PM - Software Distribution Service 3.0
    RP443: 12/1/2010 11:52:31 PM - Revo Uninstaller's restore point - ClickPotato
    RP444: 12/2/2010 9:11:03 PM - Installed NETGEAR WNA1100 wireless USB 2.0 adapter
    RP445: 12/2/2010 9:49:44 PM - Removed NETGEAR WNA1100 wireless USB 2.0 adapter
    RP446: 12/3/2010 12:03:58 AM - Installed NETGEAR WNA1100 wireless USB 2.0 adapter
    RP447: 12/4/2010 1:01:33 AM - Installed ESET NOD32 Antivirus
    RP448: 12/4/2010 1:03:29 AM - Installed ESET NOD32 Antivirus
    RP449: 12/4/2010 1:06:40 AM - Installed ESET NOD32 Antivirus
    RP450: 12/4/2010 4:59:27 AM - Removed ESET NOD32 Antivirus

    ==== Installed Programs ======================

    µTorrent
    7-Zip 4.65
    AAC Decoder
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0
    Advanced SystemCare 3
    AIM 7
    Atheros Driver Installation Program
    Atheros Wireless LAN
    AutoUpdate
    Bonjour
    DivX Player
    DivX Plus Web Player
    DivX Version Checker
    eReg
    Firebird SQL Server - MAGIX Edition
    Full Tilt Poker
    Google Update Helper
    H.264 Decoder
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver for Mobile
    iTunes
    Java(TM) 6 Update 14
    K-Lite Codec Pack 6.6.0 (Basic)
    LimeWire 4.18.8
    Logitech SetPoint 6.15
    Malwarebytes' Anti-Malware
    McAfee SiteAdvisor
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MKV Splitter
    Mozilla Firefox (3.0.14)
    MPEG To Wav Converter version 1.2
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    NETGEAR WNA1100 wireless USB 2.0 adapter
    QuickTime
    Realtek AC'97 Audio
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Revo Uninstaller 1.83
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Spybot - Search & Destroy
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    12/4/2010 11:59:49 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    12/4/2010 11:59:28 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    12/4/2010 11:51:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
    12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
    12/4/2010 11:34:01 PM, error: Service Control Manager [7031] - The WSWNA1100 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/4/2010 10:17:51 PM, error: Service Control Manager [7034] - The ResultBar Service service terminated unexpectedly. It has done this 1 time(s).
    12/4/2010 1:01:31 AM, error: Service Control Manager [7000] - The epfwtdir service failed to start due to the following error: A device attached to the system is not functioning.
    12/2/2010 9:05:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.68 for the Network Card with network address 0014A4858B1C has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    12/1/2010 8:36:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
    12/1/2010 8:36:10 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
    12/1/2010 8:35:09 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
    12/1/2010 8:24:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service.
    12/1/2010 7:23:05 AM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
    12/1/2010 7:23:05 AM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
    12/1/2010 11:33:37 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.
    12/1/2010 10:07:57 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014A4858B1C. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    11/30/2010 9:31:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    11/29/2010 2:47:05 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.

    ==== End Of File ===========================
     
  13. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    first log............Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5214

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    12/4/2010 10:17:52 PM
    mbam-log-2010-12-04 (22-17-52).txt

    Scan type: Quick scan
    Objects scanned: 1
    Time elapsed: 15 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 1

    Memory Processes Infected:
    c:\documents and settings\all users\application data\resultbar\resultbar113.exe (Adware.ResultBar) -> 440 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultBar Service (Adware.ResultBar) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\documents and settings\all users\application data\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.

    Files Infected:
    c:\documents and settings\all users\application data\resultbar\resultbar113.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
     
  14. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5246

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    12/4/2010 11:49:14 PM
    mbam-log-2010-12-04 (23-49-14).txt

    Scan type: Quick scan
    Objects scanned: 126966
    Time elapsed: 5 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 14
    Registry Values Infected: 5
    Registry Data Items Infected: 0
    Folders Infected: 7
    Files Infected: 9

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\ere94fe5o32 (Trojan.FakeAV) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MP3TUBE_TOOLBAR_UPDATER_SERVICE (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESULTBAR_SERVICE (Adware.ResultBar) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790477B1765F5A36AD96 (Malware.Trace) -> Value: SRS_IT_E8790477B1765F5A36AD96 -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0} (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    c:\documents and settings\KA\application data\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome.manifest (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\install.rdf (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome\resultbar.jar (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences\prefs.js (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\resultbar\resultbar.dll (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\resultbar\resultbar.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mp3tube toolbar\mp3tubesvc.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    c:\program files\mp3tube toolbar\mp3tubevideotomp3.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
     
  15. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-05 00:36:01
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST9402112A rev.3.06
    Running: u7tbe80u.exe; Driver: C:\DOCUME~1\KA\LOCALS~1\Temp\ugtdipow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8323BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA83239D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA8323B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
     
  16. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    first log............Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5214

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    12/4/2010 10:17:52 PM
    mbam-log-2010-12-04 (22-17-52).txt

    Scan type: Quick scan
    Objects scanned: 1
    Time elapsed: 15 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 1

    Memory Processes Infected:
    c:\documents and settings\all users\application data\resultbar\resultbar113.exe (Adware.ResultBar) -> 440 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultBar Service (Adware.ResultBar) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\documents and settings\all users\application data\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.

    Files Infected:
    c:\documents and settings\all users\application data\resultbar\resultbar113.exe (Adware.ResultBar) -> Quarantined and deleted successfully.


    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5246

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    12/4/2010 11:49:14 PM
    mbam-log-2010-12-04 (23-49-14).txt

    Scan type: Quick scan
    Objects scanned: 126966
    Time elapsed: 5 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 14
    Registry Values Infected: 5
    Registry Data Items Infected: 0
    Folders Infected: 7
    Files Infected: 9

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B 58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\ere94fe5o32 (Trojan.FakeAV) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Resu ltBar (Adware.ResultBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MP3TUBE_TOOLBA R_UPDATER_SERVICE (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESULTBAR_SERV ICE (Adware.ResultBar) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790477B1765F5A36AD96 (Malware.Trace) -> Value: SRS_IT_E8790477B1765F5A36AD96 -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0} (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    c:\documents and settings\KA\application data\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome.manifest (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\install.rdf (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome\resultbar.jar (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences\prefs.js (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\resultbar\resultbar.dll (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\resultbar\resultbar.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\mp3tube toolbar\mp3tubesvc.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    c:\program files\mp3tube toolbar\mp3tubevideotomp3.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-05 00:36:01
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST9402112A rev.3.06
    Running: u7tbe80u.exe; Driver: C:\DOCUME~1\KA\LOCALS~1\Temp\ugtdipow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8323BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA83239D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA8323B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----




    DDS (Ver_10-12-05.01) - NTFSx86
    Run by KA at 0:39:59.37 on Sun 12/05/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.901 [GMT -5:00]

    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\KA\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://espn.go.com/nfl/
    uSearch Page =
    uSearch Bar =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:23012
    mSearchAssistant =
    uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} -
    uURLSearchHooks: H - No File
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    uURLSearchHooks: H - No File
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - AOL Toolbar Launcher
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {61539ecd-cc67-4437-a03c-9aaccbd14326} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} -
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Wisdom-soft ScreenHunter 5.1 Free] 0
    uRun: [CLICK] C:\CLICK
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
    IE: &Search
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
    IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922}
    Trusted Zone: intuit.com\ttlc
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\ka\applic~1\mozilla\firefox\profiles\ostsccu7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=01-05-2010&tb_mrud=01-05-2010
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://buymixtapes.com/newsongs.php
    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Extension: Spell Checker: gaurangnshah@gmail.com - c:\docume~1\ka\applic~1\mozilla\firefox\profiles\ostsccu7.default\extension s\gaurangnshah@gmail.com
    FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\docume~1\ka\applic~1\mozilla\firefox\profiles\ostsccu7.default\extension s\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

    ---- FIREFOX POLICIES ----
    FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - user.js: keyword.enabled - 1

    ============= SERVICES / DRIVERS ===============

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-10-29 28552]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-26 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-26 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-26 40384]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-12 10448]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-20 88176]
    R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2010-12-3 278528]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2010-12-3 57440]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-17 136176]
    S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2010-12-3 1710944]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-26 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-26 40384]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe --> c:\program files\magix\common\database\bin\fbserver.exe [?]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2010-12-3 360529]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

    =============== Created Last 30 ================

    2010-12-05 04:02:37 -------- d-----w- c:\program files\Blockbuster
    2010-12-03 05:05:27 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
    2010-12-01 11:56:58 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Sunbelt Software
    2010-12-01 02:47:38 -------- d-----w- c:\program files\Bazooka Scanner
    2010-11-30 02:13:27 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-11-30 02:13:22 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-11-26 22:26:46 -------- d-----w- c:\program files\MPEGTOWAV
    2010-11-26 05:50:45 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Conduit
    2010-11-26 05:50:08 -------- d-----w- c:\program files\uTorrent
    2010-11-26 05:49:44 -------- d-----w- c:\docume~1\ka\applic~1\uTorrent
    2010-11-21 07:40:00 -------- d-----w- c:\program files\Xvid
    2010-11-21 00:51:52 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\DefaultDomain_Path_2jjdwwwbej4fajitudmutkj kc2soxwl5
    2010-11-18 04:59:01 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
    2010-11-18 04:59:01 8704 ----a-w- c:\windows\system32\kbdjpn.dll
    2010-11-18 04:59:01 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
    2010-11-18 04:59:01 8192 ----a-w- c:\windows\system32\kbdkor.dll
    2010-11-18 04:59:01 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
    2010-11-18 04:59:01 6144 ----a-w- c:\windows\system32\kbd101c.dll
    2010-11-18 04:59:01 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
    2010-11-18 04:59:01 5632 ----a-w- c:\windows\system32\kbd103.dll
    2010-11-18 04:58:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2010-11-18 04:58:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
    2010-11-18 04:58:54 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2010-11-18 04:58:54 6144 ----a-w- c:\windows\system32\kbd106.dll
    2010-11-18 04:44:19 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Temp
    2010-11-18 04:44:03 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Google
    2010-11-18 04:43:19 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Deployment
    2010-11-13 00:26:26 545 ----a-w- c:\windows\UC.PIF
    2010-11-13 00:26:26 545 ----a-w- c:\windows\RAR.PIF
    2010-11-13 00:26:26 545 ----a-w- c:\windows\PKZIP.PIF
    2010-11-13 00:26:26 545 ----a-w- c:\windows\PKUNZIP.PIF
    2010-11-13 00:26:26 545 ----a-w- c:\windows\NOCLOSE.PIF
    2010-11-13 00:26:26 545 ----a-w- c:\windows\LHA.PIF
    2010-11-13 00:26:26 545 ----a-w- c:\windows\ARJ.PIF
    2010-11-13 00:26:26 -------- d-----w- c:\docume~1\ka\applic~1\GHISLER
    2010-11-10 07:50:18 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\AVNEX_Ltd._(CY)
    2010-11-10 07:46:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avnex
    2010-11-10 00:40:53 -------- d-----w- c:\program files\Microsoft ActiveSync

    ==================== Find3M ====================

    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec
    2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr

    ============= FINISH: 0:40:20.81 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-05.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/19/2009 6:48:59 PM
    System Uptime: 12/5/2010 12:30:47 AM (0 hours ago)

    Motherboard: Acer | | Garda-910
    Processor: Intel(R) Celeron(R) M processor 1.50GHz | U1 | 1496/100mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 37 GiB total, 22.607 GiB free.
    D: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: NETGEAR WNA1100 Wireless-N 150 USB Adapter
    Device ID: USB\VID_0846&PID_9030\12345
    Manufacturer: Netgear Inc.
    Name: NETGEAR WNA1100 Wireless-N 150 USB Adapter
    PNP Device ID: USB\VID_0846&PID_9030\12345
    Service: AR9271

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Atheros AR5005G Wireless Network Adapter
    Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&AD1B67F&0&28F0
    Manufacturer: Atheros
    Name: Atheros AR5005G Wireless Network Adapter
    PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&AD1B67F&0&28F0
    Service: AR5211

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_006A1025&REV_10\4&AD1B67F&0&38F0
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_006A1025&REV_10\4&AD1B67F&0&38F0
    Service: RTL8023xp

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Modem
    Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_006A1025&REV_03\3&B1BFB68&0&F3
    Manufacturer:
    Name: PCI Modem
    PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_006A1025&REV_03\3&B1BFB68&0&F3
    Service:

    ==== System Restore Points ===================

    RP415: 11/14/2010 1:45:40 PM - System Checkpoint
    RP416: 11/22/2010 5:14:29 AM - Revo Uninstaller's restore point - blinkx beat
    RP417: 11/22/2010 5:15:34 AM - Revo Uninstaller's restore point - blinkx beat
    RP418: 11/22/2010 5:16:42 AM - Revo Uninstaller's restore point - Homepage Protection Service
    RP419: 11/22/2010 5:17:58 AM - Revo Uninstaller's restore point - ShopperReports
    RP420: 11/22/2010 5:18:39 AM - Revo Uninstaller's restore point - Google Chrome Frame
    RP421: 11/22/2010 5:19:56 AM - Revo Uninstaller's restore point - Mp3Tube Toolbar
    RP422: 11/22/2010 5:20:39 AM - Revo Uninstaller's restore point - ResultBar 1.0 build 113
    RP423: 11/22/2010 11:59:56 AM - Revo Uninstaller's restore point - Kilmist Registry Editor 2.5
    RP424: 11/22/2010 12:00:19 PM - Removed Kilmist Registry Editor 2.5
    RP425: 11/22/2010 12:02:13 PM - Revo Uninstaller's restore point - AV Music Morpher Gold
    RP426: 11/22/2010 12:03:22 PM - Revo Uninstaller's restore point - Magic Button
    RP427: 11/22/2010 12:04:39 PM - Revo Uninstaller's restore point - Total Commander (Remove or Repair)
    RP428: 11/24/2010 2:35:26 AM - Revo Uninstaller's restore point - Clean Disk Security 7.84
    RP429: 11/30/2010 2:44:30 AM - Revo Uninstaller's restore point - K-Lite Codec Pack 6.6.0 (Basic)
    RP430: 11/30/2010 2:44:50 AM - Revo Uninstaller's restore point - Wisdom-soft Set up ScreenHunter 5.1 Free
    RP431: 11/30/2010 2:45:38 AM - Revo Uninstaller's restore point - uTorrentBar Toolbar
    RP432: 11/30/2010 2:46:36 AM - Revo Uninstaller's restore point - RealPlayer
    RP433: 11/30/2010 5:30:18 AM - Revo Uninstaller's restore point - Xvid 1.2.1 final uninstall
    RP434: 11/30/2010 5:31:37 AM - Revo Uninstaller's restore point - ClickPotato
    RP435: 11/30/2010 9:51:36 PM - Revo Uninstaller's restore point - Bazooka Scanner
    RP436: 11/30/2010 9:53:00 PM - Revo Uninstaller's restore point - DivX Codec
    RP437: 11/30/2010 9:53:53 PM - Revo Uninstaller's restore point - DivX Converter
    RP438: 11/30/2010 9:54:42 PM - Revo Uninstaller's restore point - DivX Plus DirectShow Filters
    RP439: 11/30/2010 10:27:39 PM - Revo Uninstaller's restore point - Windows Internet Explorer 8
    RP440: 11/30/2010 11:39:59 PM - Revo Uninstaller's restore point - avast! Free Antivirus
    RP441: 12/1/2010 6:51:52 AM - Revo Uninstaller's restore point - Spyware Doctor 8.0
    RP442: 12/1/2010 6:40:08 PM - Software Distribution Service 3.0
    RP443: 12/1/2010 11:52:31 PM - Revo Uninstaller's restore point - ClickPotato
    RP444: 12/2/2010 9:11:03 PM - Installed NETGEAR WNA1100 wireless USB 2.0 adapter
    RP445: 12/2/2010 9:49:44 PM - Removed NETGEAR WNA1100 wireless USB 2.0 adapter
    RP446: 12/3/2010 12:03:58 AM - Installed NETGEAR WNA1100 wireless USB 2.0 adapter
    RP447: 12/4/2010 1:01:33 AM - Installed ESET NOD32 Antivirus
    RP448: 12/4/2010 1:03:29 AM - Installed ESET NOD32 Antivirus
    RP449: 12/4/2010 1:06:40 AM - Installed ESET NOD32 Antivirus
    RP450: 12/4/2010 4:59:27 AM - Removed ESET NOD32 Antivirus

    ==== Installed Programs ======================

    µTorrent
    7-Zip 4.65
    AAC Decoder
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0
    Advanced SystemCare 3
    AIM 7
    Atheros Driver Installation Program
    Atheros Wireless LAN
    AutoUpdate
    Bonjour
    DivX Player
    DivX Plus Web Player
    DivX Version Checker
    eReg
    Firebird SQL Server - MAGIX Edition
    Full Tilt Poker
    Google Update Helper
    H.264 Decoder
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver for Mobile
    iTunes
    Java(TM) 6 Update 14
    K-Lite Codec Pack 6.6.0 (Basic)
    LimeWire 4.18.8
    Logitech SetPoint 6.15
    Malwarebytes' Anti-Malware
    McAfee SiteAdvisor
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MKV Splitter
    Mozilla Firefox (3.0.14)
    MPEG To Wav Converter version 1.2
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    NETGEAR WNA1100 wireless USB 2.0 adapter
    QuickTime
    Realtek AC'97 Audio
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Revo Uninstaller 1.83
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Spybot - Search & Destroy
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    12/4/2010 11:59:49 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    12/4/2010 11:59:28 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    12/4/2010 11:51:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
    12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
    12/4/2010 11:34:01 PM, error: Service Control Manager [7031] - The WSWNA1100 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/4/2010 10:17:51 PM, error: Service Control Manager [7034] - The ResultBar Service service terminated unexpectedly. It has done this 1 time(s).
    12/4/2010 1:01:31 AM, error: Service Control Manager [7000] - The epfwtdir service failed to start due to the following error: A device attached to the system is not functioning.
    12/2/2010 9:05:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.68 for the Network Card with network address 0014A4858B1C has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    12/1/2010 8:36:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
    12/1/2010 8:36:10 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
    12/1/2010 8:35:09 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
    12/1/2010 8:24:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service.
    12/1/2010 7:23:05 AM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
    12/1/2010 7:23:05 AM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
    12/1/2010 11:33:37 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.
    12/1/2010 10:07:57 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014A4858B1C. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    11/30/2010 9:31:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    11/29/2010 2:47:05 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
     
  17. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    Please sir , I beg of you. I need ur help so bad. Please oh please help me
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Why are there 2 totally different Malwarebytes logs run and hour apart?

    P2P or 'file sharing' Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall uTorrent and LimeWire for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.

    What is the server error? What are you trying to do what you get the error?

    Please run the following:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ====================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Most of what 'm seeing so far is adware. Most was removed in MBAM. So please give me some information of this server error. I have script written for you to run through Combofix after you do the scan.
     
  19. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    Thanks alot for ur help. This started happening out of nowhere my computer started acting up with popups and such, My antivirus wouldnt update,ie wouldnt connect online , and aim wouldnt connect online but firefox did. After I ran a few scans the anti virus updated, but ie and aim still wouldnt connect to a server.

    Now after I ran the combofix it all works,but when prompted to download window recovery combofix had a message that said im nt connected online and I was connected online, I ran the scan anyway n this is what I got.....The est came out clean

    ComboFix 10-12-08.04 - KA 12/09/2010 21:49:58.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.809 [GMT -5:00]
    Running from: c:\documents and settings\KA\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
    .

    2010-12-09 00:48 . 2010-12-09 00:48 -------- d-----w- c:\program files\ESET
    2010-12-07 12:49 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-12-07 12:49 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2010-12-07 12:49 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
    2010-12-07 12:49 . 2010-11-24 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-12-07 12:49 . 2010-06-08 17:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
    2010-12-07 12:49 . 2010-06-08 17:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-12-05 18:33 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2010-12-05 18:33 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-12-05 04:02 . 2010-12-05 04:02 -------- d-----w- c:\program files\Blockbuster
    2010-12-05 03:34 . 2010-12-05 03:34 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-12-03 05:05 . 2009-01-30 22:13 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
    2010-12-01 11:56 . 2010-12-01 11:56 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Sunbelt Software
    2010-12-01 02:47 . 2010-12-01 04:30 -------- d-----w- c:\program files\Bazooka Scanner
    2010-11-30 02:13 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-11-30 02:13 . 2010-12-07 12:50 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-11-29 07:22 . 2010-11-30 07:47 -------- d-----w- c:\program files\Real
    2010-11-26 22:26 . 2010-11-26 22:26 -------- d-----w- c:\program files\MPEGTOWAV
    2010-11-26 05:50 . 2010-11-30 07:45 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Conduit
    2010-11-26 05:50 . 2010-11-26 05:50 -------- d-----w- c:\program files\uTorrent
    2010-11-26 05:49 . 2010-12-07 18:27 -------- d-----w- c:\documents and settings\KA\Application Data\uTorrent
    2010-11-26 05:47 . 2010-11-26 05:47 -------- d-----w- c:\documents and settings\All Users~
    2010-11-21 07:40 . 2010-11-30 10:27 -------- d-----w- c:\program files\Xvid
    2010-11-21 00:51 . 2010-11-21 00:51 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\DefaultDomain_Path_2jjdwwwbej4fajitudmutkjkc2soxwl5
    2010-11-18 04:59 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
    2010-11-18 04:59 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
    2010-11-18 04:59 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
    2010-11-18 04:59 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
    2010-11-18 04:59 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
    2010-11-18 04:59 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
    2010-11-18 04:59 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
    2010-11-18 04:59 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
    2010-11-18 04:58 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2010-11-18 04:58 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
    2010-11-18 04:58 . 2008-04-14 01:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2010-11-18 04:58 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\kbd106.dll
    2010-11-18 04:49 . 2010-11-18 04:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-11-18 04:44 . 2010-11-26 05:50 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Temp
    2010-11-18 04:44 . 2010-11-18 04:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-11-18 04:44 . 2010-11-22 10:18 -------- d-----w- c:\program files\Google
    2010-11-18 04:44 . 2010-11-22 10:18 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Google
    2010-11-18 04:43 . 2010-11-18 04:44 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Deployment
    2010-11-14 22:24 . 2010-12-10 00:32 -------- d-----w- c:\documents and settings\KA\Application Data\U3
    2010-11-13 00:26 . 2010-11-13 00:26 -------- d-----w- c:\documents and settings\KA\Application Data\GHISLER
    2010-11-13 00:26 . 2010-07-07 12:55 545 ----a-w- c:\windows\UC.PIF
    2010-11-13 00:26 . 2010-07-07 12:55 545 ----a-w- c:\windows\RAR.PIF
    2010-11-13 00:26 . 2010-07-07 12:55 545 ----a-w- c:\windows\PKZIP.PIF
    2010-11-13 00:26 . 2010-07-07 12:55 545 ----a-w- c:\windows\PKUNZIP.PIF
    2010-11-13 00:26 . 2010-07-07 12:55 545 ----a-w- c:\windows\NOCLOSE.PIF
    2010-11-13 00:26 . 2010-07-07 12:55 545 ----a-w- c:\windows\LHA.PIF
    2010-11-13 00:26 . 2010-07-07 12:55 545 ----a-w- c:\windows\ARJ.PIF
    2010-11-10 07:50 . 2010-11-10 07:50 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\AVNEX_Ltd._(CY)
    2010-11-10 07:46 . 2010-11-10 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avnex

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-02 02:50 . 2010-03-27 13:22 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2010-11-29 22:42 . 2009-11-19 08:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-29 22:42 . 2009-11-19 08:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-18 16:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2010-12-3 4562944]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-05-30 16:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\aol\\1264685876\\ee\\aolsoftware.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13227:TCP"= 13227:TCP:BitComet 13227 TCP
    "13227:UDP"= 13227:UDP:BitComet 13227 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/29/2009 8:36 PM 28552]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2010 6:26 PM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2010 6:26 PM 17744]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/12/2010 4:11 AM 10448]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/20/2009 6:38 PM 88176]
    R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [12/3/2010 12:04 AM 278528]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/3/2010 12:04 AM 57440]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/17/2010 11:44 PM 136176]
    S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12/3/2010 12:04 AM 1710944]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [12/3/2010 12:04 AM 360529]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 04:44]

    2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 04:44]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://espn.go.com/nfl/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:23012
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    Trusted Zone: intuit.com\ttlc
    FF - ProfilePath - c:\documents and settings\KA\Application Data\Mozilla\Firefox\Profiles\ostsccu7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=01-05-2010&tb_mrud=01-05-2010
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.netflix.com/WiHome?lnkctr=mhWN
    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Extension: Spell Checker: gaurangnshah@gmail.com - c:\documents and settings\KA\Application Data\Mozilla\Firefox\Profiles\ostsccu7.default\extensions\gaurangnshah@gmail.com
    FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\KA\Application Data\Mozilla\Firefox\Profiles\ostsccu7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor

    ---- FIREFOX POLICIES ----
    FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - user.js: keyword.enabled - 1
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
    HKLM-Run-jswtrayutil - c:\program files\NETGEAR\WNA1100\jswtrayutil.exe
    AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe
    AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files\DivX\DivXPlayerUninstall.exe
    AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\program files\DivX\DivXWebPlayerUninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-09 21:54
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,c8,c7,59,66,b5,a7,46,95,6f,72,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,c8,c7,59,66,b5,a7,46,95,6f,72,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(852)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\windows\system32\athgina.dll

    - - - - - - - > 'explorer.exe'(3092)
    c:\docume~1\KA\LOCALS~1\Temp\catchme.dll
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    .
    Completion time: 2010-12-09 21:57:03
    ComboFix-quarantined-files.txt 2010-12-10 02:56

    Pre-Run: 25,082,978,304 bytes free
    Post-Run: 25,075,994,624 bytes free

    - - End Of File - - E9E4C00ED429B15348CF7B2EEBC80077


    U say I have adware,, is it bad? What does that do?
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're using 3 file sharing programs- what do you expect! Yoiu have files and data throughout your system!
    LimeWire, uTorrent, BitComet
    =================================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
    Code:
    KillAll::
    File::
    c:\program files\lavasoft\ad-aware\kernexplorer.sys
    c:\program files\magix\common\database\bin\fbserver.exe
    c:\windows\UC.PIF
    c:\windows\RAR.PIF
    c:\windows\PKZIP.PIF
    c:\windows\PKUNZIP.PIF
    c:\windows\NOCLOSE.PIF
    c:\windows\LHA.PIF
    c:\windows\ARJ.PIF
    
    Folder::
    c:\program files\uTorrent
    c:\documents and settings\KA\Application Data\uTorrent
    c:\documents and settings\All Users~
    c:\program files\Xvid
    c:\documents and settings\KA\Local Settings\Application Data\DefaultDomain_Path_2jjdwwwbej4fajitudmutkjkc2soxwl5
    DDS::
    uSearch Page =
    uSearch Bar =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:23012
    mSearchAssistant =
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    TB: {61539ecd-cc67-4437-a03c-9aaccbd14326} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
    uRun: [Wisdom-soft ScreenHunter 5.1 Free] 0
    uRun: [CLICK] C:\CLICK
    
    Extra::
    File::
    c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    Firefox::
    Firefox-:- Proifile - c:\docume~1\ka\applic~1\mozilla\firefox\profiles\ostsccu7.default\
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=-
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
    "13227:TCP"=-
    "13227:UDP"=-
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    
    Driver::
    Lavasoft Kernexplorer
    FirebirdServerMAGIXInstance
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    The Java is out of date. Remove v6u14 and install current v6u22: Check this site .Java Updates

    Uninstall Advanced SystemCare 3:It's a bad program and so are the sites you download it from.

    Please post the Eset log. Repeat the scan if you need to but I want to see the log. It produces a log whether if finds any malware entries or not.
     
  21. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    ESETSmartInstaller@High as downloader log:
    Can not open internetESETSmartInstaller@High as downloader log:
    Can not open internetesets_scanner_update returned -1 esets_gle=41221
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6415
    # api_version=3.0.2
    # EOSSerial=e75d9cb1f226704f94b3cf8ec286cd67
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2010-12-13 07:57:43
    # local_time=2010-12-13 02:57:43 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=770 16774141 100 100 173768 227629724 0 0
    # compatibility_mode=1280 16777215 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 331667 331667 0 0
    # scanned=4351
    # found=0
    # cleaned=0
    # scan_time=96
     
  22. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    Thanks again for ur help. Erased system care, and can't find bit torrent to erase it.I also tryed to uninstal Jave, It wouldnt let me get to the file so I upgraded it.


    ComboFix 10-12-13.02 - KA 12/13/2010 15:15:19.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.785 [GMT -5:00]
    Running from: c:\documents and settings\KA\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\KA\Desktop\CFScript.txt.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\program files\lavasoft\ad-aware\kernexplorer.sys"
    "c:\program files\magix\common\database\bin\fbserver.exe"
    "c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll"
    "c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll"
    "c:\program files\viewpoint\viewpoint media player\npViewpoint.dll"
    "c:\windows\ARJ.PIF"
    "c:\windows\LHA.PIF"
    "c:\windows\NOCLOSE.PIF"
    "c:\windows\PKUNZIP.PIF"
    "c:\windows\PKZIP.PIF"
    "c:\windows\RAR.PIF"
    "c:\windows\UC.PIF"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\KA\Application Data\uTorrent
    c:\documents and settings\KA\Application Data\uTorrent\apps.btapp
    c:\documents and settings\KA\Application Data\uTorrent\apps\DADC6E156485529178AD96DD503321DE39C1BED5.btapp
    c:\documents and settings\KA\Application Data\uTorrent\dht.dat
    c:\documents and settings\KA\Application Data\uTorrent\dht.dat.old
    c:\documents and settings\KA\Application Data\uTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1
    c:\documents and settings\KA\Application Data\uTorrent\dlimagecache\2D78C93EC367E6C1D9894103FA04B3BE5B20A84E
    c:\documents and settings\KA\Application Data\uTorrent\dlimagecache\32F529521A3DEC709F97F761F192AABF29BDC408
    c:\documents and settings\KA\Application Data\uTorrent\dlimagecache\BBEEC0395D21A2A7F91889D7C7509F3D5D46FC05
    c:\documents and settings\KA\Application Data\uTorrent\NFC Championshipgame - Saints at Bears.1.torrent
    c:\documents and settings\KA\Application Data\uTorrent\NFC Championshipgame - Saints at Bears.torrent
    c:\documents and settings\KA\Application Data\uTorrent\NFL 2010 WK14 Philadelphia Eagles at Dallas Cowboys.torrent
    c:\documents and settings\KA\Application Data\uTorrent\NFL.2010.wk14.Washington.Redskins.at.NY.Giants.720p.HDTV.x264.torrent
    c:\documents and settings\KA\Application Data\uTorrent\resume.dat
    c:\documents and settings\KA\Application Data\uTorrent\resume.dat.old
    c:\documents and settings\KA\Application Data\uTorrent\rss.dat
    c:\documents and settings\KA\Application Data\uTorrent\rss.dat.old
    c:\documents and settings\KA\Application Data\uTorrent\settings.dat
    c:\documents and settings\KA\Application Data\uTorrent\settings.dat.old
    c:\documents and settings\KA\Local Settings\Application Data\DefaultDomain_Path_2jjdwwwbej4fajitudmutkjkc2soxwl5
    c:\documents and settings\KA\Local Settings\Application Data\DefaultDomain_Path_2jjdwwwbej4fajitudmutkjkc2soxwl5\1.0.0.0\user.config
    c:\program files\uTorrent
    c:\program files\uTorrent\uTorrent.exe
    c:\windows\ARJ.PIF
    c:\windows\LHA.PIF
    c:\windows\NOCLOSE.PIF
    c:\windows\PKUNZIP.PIF
    c:\windows\PKZIP.PIF
    c:\windows\RAR.PIF
    c:\windows\UC.PIF

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_FIREBIRDSERVERMAGIXINSTANCE
    -------\Legacy_LAVASOFT_KERNEXPLORER
    -------\Service_FirebirdServerMAGIXInstance
    -------\Service_Lavasoft Kernexplorer


    ((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
    .

    2010-12-13 20:06 . 2010-12-13 20:06 -------- d-----w- c:\program files\Common Files\Java
    2010-12-13 20:06 . 2010-09-15 09:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-12-13 20:06 . 2010-09-15 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-09 00:48 . 2010-12-09 00:48 -------- d-----w- c:\program files\ESET
    2010-12-07 12:49 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-12-07 12:49 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2010-12-07 12:49 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
    2010-12-07 12:49 . 2010-11-24 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-12-07 12:49 . 2010-06-08 17:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
    2010-12-07 12:49 . 2010-06-08 17:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-12-05 18:33 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2010-12-05 18:33 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-12-05 03:34 . 2010-12-05 03:34 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-12-03 05:05 . 2009-01-30 22:13 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
    2010-12-01 11:56 . 2010-12-01 11:56 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Sunbelt Software
    2010-11-30 02:13 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-11-30 02:13 . 2010-12-07 12:50 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-11-29 07:22 . 2010-11-30 07:47 -------- d-----w- c:\program files\Real
    2010-11-26 22:26 . 2010-11-26 22:26 -------- d-----w- c:\program files\MPEGTOWAV
    2010-11-26 05:50 . 2010-11-30 07:45 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Conduit
    2010-11-26 05:47 . 2010-11-26 05:47 -------- d-----w- c:\documents and settings\All Users~
    2010-11-18 04:59 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
    2010-11-18 04:59 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
    2010-11-18 04:59 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
    2010-11-18 04:59 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
    2010-11-18 04:59 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
    2010-11-18 04:59 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
    2010-11-18 04:59 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
    2010-11-18 04:59 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
    2010-11-18 04:58 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2010-11-18 04:58 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
    2010-11-18 04:58 . 2008-04-14 01:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2010-11-18 04:58 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\kbd106.dll
    2010-11-18 04:49 . 2010-11-18 04:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-11-18 04:44 . 2010-11-26 05:50 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Temp
    2010-11-18 04:44 . 2010-11-18 04:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-11-18 04:44 . 2010-11-22 10:18 -------- d-----w- c:\program files\Google
    2010-11-18 04:44 . 2010-11-22 10:18 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Google
    2010-11-18 04:43 . 2010-11-18 04:44 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Deployment
    2010-11-14 22:24 . 2010-12-10 00:32 -------- d-----w- c:\documents and settings\KA\Application Data\U3

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-02 02:50 . 2010-03-27 13:22 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2010-11-29 22:42 . 2009-11-19 08:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-29 22:42 . 2009-11-19 08:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-18 16:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 07:29 . 2009-06-22 16:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2010-12-3 4562944]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-05-30 16:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\aol\\1264685876\\ee\\aolsoftware.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13227:TCP"= 13227:TCP:BitComet 13227 TCP
    "13227:UDP"= 13227:UDP:BitComet 13227 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/29/2009 8:36 PM 28552]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2010 6:26 PM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2010 6:26 PM 17744]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/12/2010 4:11 AM 10448]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/20/2009 6:38 PM 88176]
    R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [12/3/2010 12:04 AM 278528]
    R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12/3/2010 12:04 AM 1710944]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/3/2010 12:04 AM 57440]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/17/2010 11:44 PM 136176]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [12/3/2010 12:04 AM 360529]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 04:44]

    2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 04:44]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://espn.go.com/nfl/
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    Trusted Zone: intuit.com\ttlc
    FF - ProfilePath - c:\documents and settings\KA\Application Data\Mozilla\Firefox\Profiles\ostsccu7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=01-05-2010&tb_mrud=01-05-2010
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.netflix.com/WiHome?lnkctr=mhWN
    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Spell Checker: gaurangnshah@gmail.com - %profile%\extensions\gaurangnshah@gmail.com
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - user.js: keyword.enabled - 1
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
    AddRemove-{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31} - c:\program files\Full Tilt Poker\uninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-13 15:27
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1092)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\windows\system32\athgina.dll
    c:\windows\system32\COMRes.dll

    - - - - - - - > 'explorer.exe'(2912)
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\acs.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-13 15:34:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-13 20:34
    ComboFix2.txt 2010-12-10 02:57

    Pre-Run: 21,941,743,616 bytes free
    Post-Run: 21,791,199,232 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - C4404A5F642E012FF4A673D736A0F59A
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're still running LimeWire and BitComent. You have globally open ports in the firewall for BitComent. That means that any account that signs on to the system has BitComent allowed through the firewall. I removed the Torrent files with the script> not much point in that:

    P2P or 'file sharing' Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall Bit Comet & LimeWire for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.
    ============================================
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  24. heyhi

    heyhi TS Rookie Topic Starter Posts: 25

    Again thanks for taking ur time to help me. I cant find where to uninstall bitcoment, I never used it or remember downloading it.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:15:54 PM, on 12/16/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
    C:\program files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\KA\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/nfl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
    O3 - Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe

    --
    End of file - 7391 bytes
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome. You're almost finished!

    Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:

    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
    O3 - Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


    Close all Windows except HijackThis and click on "Fix Checked"
    ========================================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
    Code:
    File:: 
    DDS::
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
    "13227:TCP"=-
    "13227:UDP"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Please let me know if the problem has been resolved and I'll have you remove the cleaning tools and their logs.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...