Inactive Checking if computer is clean

L

Lordoftomato

Posts: 17   +0
Hi all, thank you for volunteering your time. I am currently trying to fix an issue for my mom on her computer. She was saying her Skype program wouldn't show up after clicking the icon. I tried Skype after running the scans and it appears to work now. However, I wanted to double check with a pro to see if her computer was cleaned fully.

Here are my logs after the 5 steps:

1)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

12/16/2011 11:43:26 PM
mbam-log-2011-12-16 (23-43-26).txt

Scan type: Quick scan
Objects scanned: 130510
Time elapsed: 25 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 51
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{d12f94fa-fc9a-41f7-b808-7fbb419dd7a6} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4c2bfec9-f03c-4f74-932e-5723e603b4ac} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6c773ca2-f142-4b2c-981a-fd3b1bec1578} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7ef05eff-0e62-4040-8d81-73a10d8de60f} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d158174c-004b-4a2e-9410-5442c10c60d2} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{23a2b2b7-21de-4b88-afba-5a918abbf463} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23a2b2b7-21de-4b88-afba-5a918abbf463} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7f05ee4-0426-454f-8013-c41e3596e9e9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a7f05ee4-0426-454f-8013-c41e3596e9e9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e5d5d4a1-17f0-41d7-b1c6-0979f91e6f46} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e5d5d4a1-17f0-41d7-b1c6-0979f91e6f46} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubar.tool.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage.1 (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage.2 (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage.3 (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage.4 (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage.5 (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubarx.bandie (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubarx.bandie.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubarx.toolband (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubarx.toolband.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\barbroker.bdbroker (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\barbroker.bdbroker.1 (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7a33ce9e-4f33-4b4e-b263-6aeeab6c3dc2} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5becd27b-dcf5-4def-b066-486a47245c03} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7a33ce9e-4f33-4b4e-b263-6aeeab6c3dc2} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3a8c9d89-3271-45f4-98c0-56b0f5a16172} (Adware.Baidu) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2923508c-9425-4a61-b9ce-a98239055916} (Adware.Baidu) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f9bc0421-bb5c-447d-8547-bb45afa80a4d} (Adware.Baidu) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d89001b-5b5b-4e76-a1f5-638e49db7a58} (Adware.Baidu) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fa677cc1-d6fa-4b55-825d-6c493f56ed84} (Adware.Baidu) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe575a61-09bd-4f3a-b8b5-b55b813b44ec} (Adware.Baidu) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11cc93e4-0be6-4f8f-82aa-d577fb955b05} (Adware.Baidu) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11cc93e4-0be6-4f8f-82aa-d577fb955b05} (Adware.Baidu) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c7c530b2-4611-4bcf-da92-40b25fd75a5a} (Adware.Baidu) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7c530b2-4611-4bcf-da92-40b25fd75a5a} (Adware.Baidu) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c7c530b2-4611-4bcf-da92-40b25fd75a5a} (Adware.Baidu) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7c530b2-4611-4bcf-da92-40b25fd75a5a} (Adware.Baidu) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c7c530b2-4611-4bcf-da92-40b25fd75a5a} (Adware.Baidu) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fbedba6c-44a2-43b9-bd49-20eb6e0c4e86} (Adware.Baidu) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduBarX (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubar.tool (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Baidu (Adware.Baidu) -> Quarantined and deleted successfully.
C:\Program Files\Baidu\Toolbar (Adware.Baidu) -> Quarantined and deleted successfully.
C:\Program Files\Baidu\Toolbar\BaiduBarX_Tmp (Adware.Baidu) -> Quarantined and deleted successfully.
C:\Program Files\Baidu\{C7C530B2-4611-4BCF-DA92-40B25FD75A5A} (Adware.Baidu) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Baidu\Toolbar\BaiduBarX.dll (Trojan.Cinmus) -> Quarantined and deleted successfully.
C:\Program Files\Baidu\Toolbar\BarBroker.exe (Adware.Baidu) -> Quarantined and deleted successfully.
C:\Program Files\Baidu\Toolbar\BarBroker_CloseIEUpdate.exe (Adware.Baidu) -> Quarantined and deleted successfully.
C:\Program Files\Baidu\Toolbar\rc.dll (Adware.Baidu) -> Quarantined and deleted successfully.
C:\Program Files\Baidu\Toolbar\BaiduBarX_Tmp\BaiduBarX.dll (Adware.Baidu) -> Quarantined and deleted successfully.
C:\Program Files\Baidu\Toolbar\BaiduBarX_Tmp\BarBroker.exe (Adware.Baidu) -> Quarantined and deleted successfully.
C:\Program Files\Baidu\{C7C530B2-4611-4BCF-DA92-40B25FD75A5A}\AddressBar.dll (Adware.Baidu) -> Quarantined and deleted successfully.
C:\Program Files\Baidu\{C7C530B2-4611-4BCF-DA92-40B25FD75A5A}\ASBarBroker.exe (Adware.Baidu) -> Quarantined and deleted successfully.

2)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-17 11:22:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01
Running: olj44ikv.exe; Driver: C:\Users\SUIRAO~1\AppData\Local\Temp\uwriqpoc.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 [826B9EB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [826B9EB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [826B9EB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\a7te1jlj \Device\Scsi\a7te1jlj1Port2Path0Target0Lun0 8618C1F8
Device \Driver\a7te1jlj \Device\Scsi\a7te1jlj1 8618C1F8
Device \FileSystem\Ntfs \Ntfs 8489B1F8

AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

3)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_29
Run by Sui Rao at 11:53:58 on 2011-12-17
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Sui Rao\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\conime.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WLANExt.exe
C:\Users\Sui Rao\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sui Rao\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sui Rao\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Sui Rao\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: ÏÔʾïýÂó(Xmlbar)¹¤¾ßÌõ: {6b896adb-4a82-46e2-858c-13134782ce34} - c:\program files\xmlbar\tv downloader\iebar\xbietb.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Google Update] "c:\users\sui rao\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [PPAP] "c:\program files\common files\pplivenetwork\PPAP.exe" -background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [kwmusic] "c:\program files\kwmusic\Kwmusic.exe" /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pptv.lnk - c:\program files\pplive\pptv\PPLive.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=Chinese Simplified&ver=1.0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: ïýÂó&XmlbarËÑË÷ - http://www.xmlbar.com/iebar/iemenu.php?lang=Chinese Simplified&ver=1.0
IE: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files\xmlbar\flv downloader\FLVDownloader(xmlbar).exe
IE: {8B6AE613-809E-49bc-A150-3EE7338F5C03} - c:\program files\xmlbar\tv downloader\TVDownloader(xmlbar).exe
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{025454E4-6DBC-4E0A-857B-B02E7EF2E601} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} : DhcpNameServer = 192.168.0.1 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: AVGRSSTX.DLL,c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sui rao\appdata\roaming\mozilla\firefox\profiles\f7p0bbt9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=&mid=b51fd66d71c2096d105c75e9af687b77-fadd0351fab1780a86f4e922a2c3e3657e23fef0&ds=AVG&v=9.0.0.18.1&lang=zh-cn&pr=fr&d=2011-12-13%2017%3A26%3A33&sap=ku&q=
FF - component: c:\programdata\avg secure search\9.0.0.18\components\toolbarhomewmp.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\internet explorer\pplite\plugin\npplugin2.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\sui rao\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\programdata\avg secure search\9.0.0.18
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-17 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-17 29712]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-17 243152]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-17 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-16 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 167264]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]
.
=============== Created Last 30 ================
.
2011-12-14 01:27:09 -------- d-----w- c:\programdata\AVG Secure Search
2011-12-14 01:27:04 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-12-14 01:27:02 -------- d-----w- c:\program files\AVG Secure Search
.
==================== Find3M ====================
.
2011-10-12 07:58:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 13:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 11:56:58.19 ===============

4)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 66.307 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
ArcSoft TotalMedia Backup
AVG Free 9.0
Brother HL-2140
Camera Assistant Software for Toshiba
CCleaner
CD/DVD Drive Acoustic Silencer
CNTV ÍøÒ³µã²¥¼ÓËÙÆ÷1.0.2.0
DivX Setup
DVD MovieFactory for TOSHIBA
Final Media Player 2010
Google Chrome ä¯ÀÀÆ÷
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Intel? Matrix Storage Manager
InterActual Player
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 6 Update 6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft XML Parser
Mozilla Firefox (3.6.24)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetZero Internet Access Installer
NVIDIA PhysX
OGA Notifier 2.0.0048.0
OpenAL
ParetoLogic DriverCure
Picasa 3
Portal
PPTV Downloader(xmlbar)(remove only)
PPTV V3.0.6.0006
QuickBooks Financial Center
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skype? 5.5
Steam
Synaptics Pointing Device Driver
System Requirements Lab
System Requirements Lab CYRI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
VLC media player 1.1.3
Windows Media Encoder 9 Series
Xvid 1.2.1 final uninstall
ïýÂóµçÊӾ粥·ÅÏÂÔØÆ÷(xmlbar)(½öÒƳý)
ïýÂó×ÛºÏÊÓƵÏÂÔØ(xmlbar)(½öÒƳý)
ѸÀ׿´¿´²¥·ÅÆ÷
¿áÎÒK¸è
¿áÎÒÒôÀֺР2011
.
==== Event Viewer Messages From Past Week ========
.
12/17/2011 10:48:08 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/17/2011 10:44:37 AM, Error: Microsoft-Windows-WMPNSS-Service [14329] - Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.
12/16/2011 9:45:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
12/16/2011 9:43:49 PM, Error: Service Control Manager [7022] - The TPM Base Services service hung on starting.
12/16/2011 9:41:55 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
12/16/2011 9:38:30 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
12/12/2011 6:04:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the service.
12/12/2011 6:03:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service.
12/12/2011 5:49:06 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/12/2011 5:49:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
12/12/2011 5:44:11 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 0022FA1E3F94 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
12/11/2011 6:57:52 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.109 for the Network Card with network address 0022FA1E3F94 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/11/2011 6:52:03 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.111 for the Network Card with network address 001E33966F2C has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/10/2011 2:10:58 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 0022FA1E3F94 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
Welcome to TechSpot! So far, the system looks pretty good. There are entries that our scans can't read:
CNTV ÍøÒ³µã²¥¼ÓËÙÆ÷1.0.2.0
Google Chrome ä¯ÀÀÆ÷
ïýÂóµçÊӾ粥·ÅÏÂÔØÆ÷(xmlbar)(½öÒƳý)
ïýÂó×ÛºÏÊÓƵÏÂÔØ(xmlbar)(½öÒƳý)
ѸÀ׿´¿´²¥·ÅÆ÷
¿áÎÒK¸è
¿áÎÒÒôÀֺР2011
Noting some other content, these are Chinese?
I cannot verify the entries as good or bad if I can't read them.
=================================
You have probably noticed the abundance of adware removed in Malwarebytes. I don't know where you got that version though because it's way out of date. Unless you purchase the program, leaving it on the system won't accomplish anything because it gives no real time protection.Please uninstall the version that is on the system now
------------------------------
malwarebytesgc8.png

Malwarebytes' Anti-Malware
  • Please download Malwarebytes' Anti-Malware from from HERE
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    [o] Update Malwarebytes' Anti-Malware
    [o] and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please attach this log with your reply
    Note: on opening Notepad, click on Format> make sure Word Wrap is unchecked.
    [o] If you accidentally close it, the log file is saved here and will be named like this:
    [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
========================
Then do this online virus scan:
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=====================================
I advise removing these plug-ins from Firefox:> Tools> Options> Plugins:
ClickPotatoLiteSA.dll
Viewpoint Media Player

Click Potato is a big source of malware. And the Viewpoint Media Player gets installed bundled with a non-related download, without the knowledge or permission of the user.

Viewpoint is also on the OS and should be removed in Add/Remove Programs, followed by using Windows Explorer to access My Computer> Local Drive(C)> Programs> do a right click> Delete on the the Viewpoint folder.

Did she have any other problems in addition to the Skype problem> such as files, programs or icons that appeared to be missing?
==================================
Please leave logs for new Mbam scan and Eset in the next reply.
==================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
Here is the Malwarebytes full scan, I will post ESET scan when its finished


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8392

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

12/18/2011 9:57:48 AM
mbam-log-2011-12-18 (09-57-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 312430
Time elapsed: 2 hour(s), 2 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ASBarBroker.BDBroker.1 (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ASBarBroker.BDBroker (Adware.Funshion) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Sui Rao\downloads\xvidsetup (1).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Sui Rao\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
 
eset scan

C:\Users\Sui Rao\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\53c8c5da-35a7cb20 multiple threats
C:\Users\Sui Rao\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\34a3fab-2278c78f multiple threats
C:\Users\Sui Rao\Downloads\fyzip-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Users\Sui Rao\Downloads\HA_TotalRecorder_52_szl (1).rar Win32/Adware.WSearch application
C:\Users\Sui Rao\Downloads\HA_TotalRecorder_52_szl.rar Win32/Adware.WSearch application
 
Holiday Notice! I will not be working on the threads Sat. Dec. 24 or Sunday Dec. 25. I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that.

Please do not send a PM during those days.
==============================
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system. Also open Firefox> Tools> Options plugins and remove Javav6u6 from there
You do have the current version but you also have an outdated version: Java(TM) 6 Update 6. Some of the malware has gotten into the Java cache because of this.
To clear the Java Plug-in cache:

  • [1]. Click Start > Control Panel.
    [2]. Double-click the Java icon in the control panel.
    java.png
    The Java Control Panel appears.
    plugin_cache1.jpg

    [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
    plugin_cache2.jpg

    [4] Click Delete Files.The Delete Temporary Files dialog box appears.
    plugin_cache3.jpg

    [5]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [6]. Click Apply> OK on Temporary Files Settings window.
Images courtesy java.com
=====================================
For the Eset entries:
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    : File
C:\Users\Sui Rao\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\53c8c5da-35a7cb20 
C:\Users\Sui Rao\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\34a3fab-2278c78f 
C:\Users\Sui Rao\Downloads\fyzip-setup.exe 
C:\Users\Sui Rao\Downloads\HA_TotalRecorder_52_szl (1).rar 
C:\Users\Sui Rao\Downloads\HA_TotalRecorder_52_szl.rar 

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
====================================
Please turn your attention to this- from the current Mbam log:
Description: Added by the Adware-BDSearch Parasite of Chinese origin hailing from funshion.com and detected as Adware-BDSearch or Adware-Baidu. Identified by Malwarebytes' Anti-Malware as Adware.Funshion.

I previously brought your attention to characters the scans can't read, mentioning there appeared to be related to a Chinese program, but you did not address the issue. It is likely that some of the malware is coming from those programs and you will have to uninstall them.
====================================
The system is not clean and is still actively getting new malware. Much of it is adware, possibly because there is not enough security:

Download Security Check by screen317 from one of these links:
Link1
Link 2
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===================================
I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:
Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    ***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=====================================
I think the Cookies will need to be reset- lets check that:
  • Please download SuperAntiSpyware from HERE
  • Launch SuperAntiSpyware and click on 'Check for updates'.
  • Wait for the updates to be installed
  • On the main screen click on 'Scan your computer'.
  • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
  • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
  • Make sure everything found has a checkmark next to it,then press 'Next'.
  • Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.
=============================================
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
=====================================
Please include the following logs in your next reply:
OTM
Security Check
Combofix
SuperAntispyware
CK Scanner
 

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
2K
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
3K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
4K
Broni
Broni

Latest posts

Back