Solved Please evaluate logs.Thanks!

MrEd · Aug 2, 2011

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7350

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

8/1/2011 8:25:42 PM
mbam-log-2011-08-01 (20-25-42).txt

Scan type: Quick scan
Objects scanned: 169136
Time elapsed: 14 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D714A94F-123A-45CC-8F03-040BCAF82AD6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE02D.DLL (Adware.SideStep) -> Value: SBCIE02D.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\crgyrvyj (Trojan.FakeAlert.N) -> Value: crgyrvyj -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\babycakes\application data\errorsmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\documents and settings\babycakes\application data\errorsmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\documents and settings\babycakes\application data\errorsmart\registry backups (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\errorsmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\errorsmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\downloaded program files\SbCIe02d.dll (Adware.SideStep) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{7b02ef0b-a410-4938-8480-9ba26420a627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bb65b0fb-5712-401b-b616-e69ac55e2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\babycakes\application data\errorsmart\registry backups\2008-04-13_12-28-02.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\documents and settings\babycakes\application data\errorsmart\registry backups\2008-09-11_03-45-46.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
-------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-02 18:07:24
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK4026GAX rev.PA100U
Running: wd3vg6xk.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pgldipow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Owner at 18:22:57 on 2011-08-02
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.229 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = hxxp://www.google.com/
mSearchAssistant = hxxp://www.google.com/
mCustomizeSearch = hxxp://www.google.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: X1IEHook Class: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Powermarks: {e166b4a2-83e7-11d3-b4fd-004005a47aaa} - c:\progra~1\powerm~1.5\iec.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Window Washer] c:\program files\window washer\webroot\washer\wwDisp.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe" -s
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam software\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Search - ?p=ZK
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Display All Images with Full Quality - "c:\program files\netzero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\netzero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - hxxp://www.sidestep.com/get/k00722/sb02d.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-12 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-3-5 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-12 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-12 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-12 297752]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-4-8 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-1 41272]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-6-11 27064]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2007-2-8 15576]
.
=============== Created Last 30 ================
.
2011-08-01 23:28:21 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-08-01 23:27:48 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-08-01 23:26:59 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-01 23:26:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-01 23:26:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 23:26:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-31 22:24:23 -------- d-----w- c:\documents and settings\owner\local settings\application data\LogiShrd
2011-07-31 22:19:10 539160 ----a-w- c:\windows\system32\LVUI2.dll
2011-07-31 22:19:01 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2011-07-31 22:18:48 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2011-07-31 22:18:46 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-07-31 22:18:03 34068 ----a-w- c:\windows\system32\Repository.reg
2011-07-31 22:18:03 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2011-07-31 22:18:02 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-07-31 22:16:39 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2011-07-31 21:43:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-31 21:21:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-07-31 21:21:19 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2011-07-31 21:21:11 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2011-07-31 21:21:10 16384 ----a-w- c:\windows\system32\ipsink.ax
2011-07-31 21:21:02 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2011-07-31 21:20:54 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2011-07-31 21:20:45 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2011-07-31 21:20:38 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2011-07-31 21:20:04 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-07-31 21:20:04 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-07-31 21:19:03 90624 ----a-w- c:\windows\system32\kswdmcap.ax
2011-07-31 21:19:03 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-07-31 21:19:00 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-07-31 21:18:55 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-07-31 21:18:55 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-07-31 21:18:55 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-07-31 21:18:53 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-07-31 21:18:52 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-07-31 20:36:59 -------- d-----w- c:\documents and settings\owner\local settings\application data\Deployment
.
==================== Find3M ====================
.
.
============= FINISH: 18:24:36.23 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/30/2005 7:41:12 PM
System Uptime: 8/2/2011 3:40:57 PM (3 hours ago)
.
Motherboard: TOSHIBA | | Satellite L25
Processor: Intel(R) Celeron(R) M processor 1.50GHz | U23 | 1496/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 0.879 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5005G Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_7094144F&REV_01\4&13826118&0&20A4
Manufacturer: Atheros
Name: Atheros AR5005G Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_7094144F&REV_01\4&13826118&0&20A4
Service: AR5211
.
Class GUID:
Description: PCI Modem
Device ID: PCI\VEN_1002&DEV_4378&SUBSYS_FF311179&REV_02\3&13C0B0C5&0&A6
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_1002&DEV_4378&SUBSYS_FF311179&REV_02\3&13C0B0C5&0&A6
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (ATW)
Device ID: ROOT\NET\0000
Manufacturer: America Online, Inc.
Name: WAN Miniport (ATW)
PNP Device ID: ROOT\NET\0000
Service: wanatw
.
==== System Restore Points ===================
.
RP800: 5/12/2011 12:12:47 PM - System Checkpoint
RP801: 5/14/2011 8:16:16 PM - Removed Safari
RP802: 5/14/2011 8:20:03 PM - Removed Splash PRO
RP803: 5/16/2011 9:00:15 PM - System Checkpoint
RP804: 5/19/2011 11:11:47 PM - Installed Bluesoleil2.6.0.8 Release 070517
RP805: 5/22/2011 2:55:37 PM - System Checkpoint
RP806: 5/27/2011 3:41:38 PM - System Checkpoint
RP807: 6/3/2011 8:53:33 PM - System Checkpoint
RP808: 6/7/2011 3:41:58 PM - System Checkpoint
RP809: 6/10/2011 11:43:32 PM - B4 Latest Direct X and Media Player
RP810: 6/10/2011 11:55:26 PM - Installed DirectX
RP811: 6/11/2011 12:09:30 AM - B4 Media Player
RP812: 6/11/2011 11:23:30 PM - Revo Uninstaller Pro's restore point - ePrompter
RP813: 6/11/2011 11:26:55 PM - Revo Uninstaller Pro's restore point - ePrompter
RP814: 7/31/2011 6:15:48 PM - Logitech Webcam Software v12.10.1110
RP815: 8/1/2011 7:28:00 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
AI RoboForm (All Users)
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AuctionSieve
AVG 8.5
Bluesoleil2.6.0.8 Release 070517
Bonjour
CD/DVD Drive Acoustic Silencer
CleanUp!
Conexant AC-Link Audio
Critical Update for Windows Media Player 11 (KB959772)
Disketch CD Label Software
Dropbox
DVD-RAM Driver
Google Chrome
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
ICS Viewer 6.0
InterVideo WinDVD for TOSHIBA
iRider
J2SE Runtime Environment 5.0 Update 2
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware version 1.51.1.1800
Media Player Classic - Home Cinema v1.5.1.2903
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6 Service Pack 2 (KB973686)
Notebook Maximizer
OpenMG Limited Patch 4.6-06-09-04-01
OpenMG Secure Module 4.6.00
PC-Linq
PDF Manual NW-S600/S700F Series
Picasa 3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
RealUpgrade 1.1
Retrospect 6.5
Revo Uninstaller Pro 2.5.3
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sonic DLA
Sonic RecordNow!
SonicStage 4.1
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
Toshiba Hotkey Utility
TOSHIBA PC Diagnostic Tool
Toshiba Q4 Retail Demo ScreenSaver
Toshiba Registration
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
Toshiba Touchpad Utility
Toshiba Utility
TOSHIBA Zooming Utility
Touch and Launch
U3Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC_MergeModuleToMSI
Viewpoint Media Player
WebFldrs XP
Window Washer 5
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Mail
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
8/1/2011 7:54:34 PM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================

Bobbye · Aug 2, 2011

Evaluate for what? That's another way of asking what problems you're having.

MrEd · Aug 2, 2011

sluggish performance

Hello...well since I had 17 items of Malware and my system is sluggish, I was wondering if you detected anything on these logs? PCI modem loads request to install at startupt Do I need that? Can I stop it from asking to install it? .Thought maybe my setup might be bad with a bunch of unwanted processes running etc. so wondered if you could assist with tweaking?Should I run Combofix as I saw you advise some others? Thanks!

Bobbye · Aug 4, 2011

This is not a "tweaking" forum. We have a heavy load handling the malware! It is very time consuming to go through of the logs for each thread. There are many tutorials for slow system- both on TechSpot and the internet. I will leave that search up to you.

What I am trying to learn is what the problem was that you thought you needed malware help. Why did you run Malwarebytes in the first place that found all those entries to make you think we needed to check the logs? For instance, Mbam shows entries for several rogue programs. Those programs would have been causing problems for you>> what were they? Alerts? Errors? etc.

The modem problem should be asked in the hardware forum.
==========================================
Update Alerts!
1. Adobe Acrobat 5.0> Update ASAP. Current version is v10. Adobe Reader site Uninstall any earlier updates as they are vulnerabilities.
2. AVG 8.5> I'm not sure this is still supported. Current version is AVG 2011
3. J2SE Runtime Environment 5.0 Update 2 > Update ASAK. Current version is v6u26.Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
=============================================
4. You have no security except for the questionable AVG. You should also have at least 2 antimalware programs.
5. Recommend uninstall Window Washer by Webroot
======================================================
6.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
[o] Double click on the

on your desktop.
Check 'Yes I accept terms of use.'
Click Start button
Accept any security warnings from your browser.
Uncheck 'Remove found threats'
Check 'Scan archives/
Leave remaining settings as is.
Press the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
When the scan completes, press List of found threats
Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
Push the Back button
Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
===============================================
Now you can run Combofix
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

Double click combofix.exe & follow the prompts.
ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
.Close any open browsers.
.Double click combofix.exe

& follow the prompts to run.
When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
==================================================
Please leave logs for Eset and Combofix in your next reply.

Bobbye · Aug 4, 2011

I am reasonably sure you will have malware in the Java cache due to outdated program. Empty now:
To clear the Java Plug-in cache:

[1]. Click Start > Control Panel.
[2]. Double-click the Java icon in the control panel.

The Java Control Panel appears.

[3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.

[4] Click Delete Files.The Delete Temporary Files dialog box appears.

[5]. Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
[6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
==================================================

MrEd · Aug 5, 2011

Thanks! Here are the requested logs!

Hello-I also uninstalled Windowwasher. Thanks for all your help!

Esetscan

C:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\swupdate\newpackage.bin probably a variant of Win32/StartPage.HSZAKFT trojan
C:\Program Files\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
--------------------------------------------
Combofix

ComboFix 11-08-05.02 - Owner 08/05/2011 15:31:20.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.164 [GMT -4:00]
Running from: c:\program downloads\Combofix 8-5-11\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Babycakes\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\windows\iun6002.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-05 15:15 . 2011-08-05 15:15 -------- d-----w- c:\program files\ESET
2011-08-05 15:06 . 2011-08-05 15:05 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-05 15:06 . 2011-08-05 15:05 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-05 14:27 . 2011-07-20 15:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-05 14:27 . 2011-07-20 15:30 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-05 14:27 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-08-05 14:27 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-08-05 14:26 . 2011-08-05 14:26 -------- d-----w- c:\program files\Avira
2011-08-05 14:26 . 2011-08-05 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-08-05 14:12 . 2011-08-05 14:12 -------- d-----w- c:\documents and settings\Owner\Application Data\VS Revo Group
2011-08-01 23:28 . 2011-08-01 23:28 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-08-01 23:27 . 2011-08-01 23:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-08-01 23:26 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-01 23:26 . 2011-08-01 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-01 23:26 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 23:26 . 2011-08-01 23:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-31 22:24 . 2011-07-31 22:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LogiShrd
2011-07-31 22:19 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2.dll
2011-07-31 22:19 . 2009-10-07 08:43 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2011-07-31 22:18 . 2009-10-07 08:49 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2011-07-31 22:18 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-07-31 22:18 . 2009-10-07 08:43 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2011-07-31 22:18 . 2009-10-07 08:24 34068 ----a-w- c:\windows\system32\Repository.reg
2011-07-31 22:18 . 2009-10-07 08:47 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-07-31 22:16 . 2009-10-07 08:49 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2011-07-31 22:13 . 2011-07-31 22:22 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-07-31 22:13 . 2011-07-31 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2011-07-31 22:13 . 2011-08-01 16:17 -------- d-----w- c:\program files\Logitech
2011-07-31 21:43 . 2011-07-31 21:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-31 21:21 . 2004-08-04 02:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-07-31 21:21 . 2004-08-04 03:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2011-07-31 21:21 . 2004-08-04 03:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2011-07-31 21:21 . 2004-08-04 04:56 16384 ----a-w- c:\windows\system32\ipsink.ax
2011-07-31 21:21 . 2004-08-04 03:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2011-07-31 21:20 . 2004-08-04 03:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2011-07-31 21:20 . 2004-08-04 03:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2011-07-31 21:20 . 2004-08-04 03:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2011-07-31 21:20 . 2004-08-04 03:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-07-31 21:20 . 2004-08-04 03:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-07-31 21:19 . 2004-08-04 04:56 90624 ----a-w- c:\windows\system32\kswdmcap.ax
2011-07-31 21:19 . 2004-08-04 04:56 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-07-31 21:19 . 2004-08-04 04:56 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-07-31 21:18 . 2004-08-04 04:56 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-07-31 21:18 . 2004-08-04 04:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-07-31 21:18 . 2004-08-04 03:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-07-31 21:18 . 2004-08-04 04:56 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-07-31 21:18 . 2004-08-04 04:56 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-07-31 20:36 . 2011-07-31 20:38 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-12-15 160592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-12-15 160592]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=c:\windows\pss\LaunchU3.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
2005-01-10 14:35 73728 ----a-w- c:\progra~1\DOWNLO~1\PESTPA~1\CookiePatrol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-05-31 12:33 122941 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
2003-12-03 16:43 1052672 ----a-w- c:\program files\PureEdge\Viewer 6.0\masqform.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
2004-05-25 21:35 28672 ----a-w- c:\program files\Notebook Maximizer\maximizer_startup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
2006-01-02 03:53 98304 ----a-w- c:\progra~1\DOWNLO~1\PESTPA~1\PPControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrolCL]
2004-12-15 23:00 855040 ----a-w- c:\progra~1\DOWNLO~1\PESTPA~1\PestPatrolCL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
2005-03-18 00:37 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
2006-01-02 03:53 148480 ----a-w- c:\progra~1\DOWNLO~1\PESTPA~1\PPMemCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-09-05 09:18 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2006-09-15 23:06 335872 ----a-w- c:\windows\system32\WDBtnMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Swupdtmr"=2 (0x2)
"Retrospect Helper"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"nmservice"=2 (0x2)
"nmraapache"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c9f536c5212976"=2 (0x2)
"ACS"=2 (0x2)
"DVD-RAM_Service"=2 (0x2)
"RetroWDSvc"=2 (0x2)
"RetroLauncher"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/5/2011 10:27 AM 136360]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/16/2010 2:06 PM 80896]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [4/8/2011 4:03 PM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/11/2011 11:20 PM 27064]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2/8/2007 5:38 AM 15576]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-15 c:\windows\Tasks\disketchShakeIcon.job
- c:\program files\NCH Software\Disketch\disketch.exe [2011-05-15 00:45]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3119454931-2476218117-819753718-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-31 20:38]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3119454931-2476218117-819753718-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-31 20:38]
.
2011-08-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3119454931-2476218117-819753718-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-07-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3119454931-2476218117-819753718-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - hxxp://www.sidestep.com/get/k00722/sb02d.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-Pure Networks Port Magic - c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Notebook_Maximizer - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-05 15:42
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-08-05 15:47:14
ComboFix-quarantined-files.txt 2011-08-05 19:47
.
Pre-Run: 4,080,709,632 bytes free
Post-Run: 4,282,564,608 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - CF684F03EAE73F8BE40F9EA6CAAA2BF8

Bobbye · Aug 5, 2011

Please download OTMovit by Old Timer and save to your desktop.

Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

:
:Files  
C:\AOL Instant Messenger\AIM.exe 
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\swupdate\newpackage.bin
C:\Program Files\MSN Messenger\msimg32.dll 
[purity]
[emptytemp]
[start explorer]
[Reboot]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=============================================
Go ahead and run this. Will check Combofix log in the morning.

MrEd · Aug 6, 2011

Old Timer

Ran as instructed...asked to reboot which I did....no folder or log file in c:\_OTMoveIt\MovedFiles.Thanks.

Bobbye · Aug 8, 2011

# A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

Please search for the log.

MrEd · Aug 9, 2011

Old Tmer

twotix said:
Ran as instructed...asked to reboot which I did....no folder or log file in c:\_OTMoveIt\MovedFiles.Thanks.

Ran it 5 more times and each time as I indicated before the computer rebooted and there was no moved files folder in the Old Timers folder on my desktop nor are there any logs. I did notice an "unable to interpret" the colon by itself at the top of your paste box so I ran it without it also and still no logs.If you want me to type out the exact
result I can do that since no log is getting produced in the respective folder where the program is, Thx.

MrEd · Aug 9, 2011

Sorry My Error

Sorry as I was looking in the wrong folder.My apologies! Here is the log from the first time I ran it. Thx!

All processes killed
Error: Unable to interpret <:> in the current context!
========== FILES ==========
C:\AOL Instant Messenger\AIM.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\swupdate\newpackage.bin moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\MSN Messenger\msimg32.dll
C:\Program Files\MSN Messenger\msimg32.dll moved successfully.
File/Folder [purity] not found.
File/Folder [emptytemp] not found.
File/Folder [start explorer] not found.
File/Folder [Reboot] not found.

OTM by OldTimer - Version 3.1.18.0 log created on 08062011_142623

Bobbye · Aug 9, 2011

Please run the Eset scan again and post a new log. This is only a partial log and it appears there was an error when it ran.

Are you having any malware realted problem now?

MrEd · Aug 9, 2011

Hello-I ran Malware Bytes and ESET in safe mode with networking. Nothing found on Malware Bytes. ESET log below so don't notice really any malware related problems now.BTW, do I just delete the quarantined files in the ESET folder?Thanks for your help!

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=27cc40415cd62b48b95d24eab259ac33
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-05 07:10:04
# local_time=2011-08-05 03:10:04 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1797 16775141 100 93 0 48151248 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=104947
# found=3
# cleaned=0
# scan_time=13507
C:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\swupdate\newpackage.bin probably a variant of Win32/StartPage.HSZAKFT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=27cc40415cd62b48b95d24eab259ac33
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-09 09:59:19
# local_time=2011-08-09 05:59:19 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1797 16775126 100 93 0 48509801 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=84408
# found=2
# cleaned=2
# scan_time=10712
C:\_OTM\MovedFiles\08062011_142623\C_AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTM\MovedFiles\08062011_142623\C_Documents and Settings\All Users\Application Data\AOL\ACS\1.0\swupdate\newpackage.bin probably a variant of Win32/StartPage.HSZAKFT trojan (deleted - quarantined) 00000000000000000000000000000000 C

Bobbye · Aug 9, 2011

Nothing new in the Eset scan. Entries have been previously handled.

Please give me an update on the system.

MrEd · Aug 10, 2011

Well, the system seems okay.Can you tell me if I am running unneeded processes taking up resources or is that better asked in a different forum?Can I run Revo uninstaller pro"windows cleaner" and/or "junk files cleaner" or do you recommend something else like CClean?I got rid of windowwasher so wondered if you new of a good freebie replacement?Thank you!

Bobbye · Aug 11, 2011

You don't need a 'cleaner'- you can do it yourself:

To remove entries from the Startup Menu using the msconfig utility:

Click on Start> Run> type in msconfig> enter>
Click on Selective Startup
Choose the Startup tab:

All images courtesy NetSquirrel
To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
Uncheck any processes you do not need to start on boot.
Click on Apply> OK when finished.

NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.
===========================================
The only processes that have to be checked on the Startup menu are:
Antivirus
Firewall is using 3rd party FW like Zone Alarm or Comodo
Touchpad process is on laptop
Network if using Pure Network/Cisco.
Nothing else! You can go into All Program when you want to run a program.
==========================================
Removing all of the tools we used and the files and folders they created

Uninstall ComboFix and all Backups of the files it deleted
Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Download OTCleanIt by OldTimer and save it to your Desktop.
Double click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
Go to Start > All Programs > Accessories > System Tools
Click "System Restore".
Choose "Create a Restore Point" on the first screen then click "Next".
Give the Restore Point a name> click "Create".
Go back and follow the path to > System Tools.
[*]Choose Disc Cleanup
[*]Click "OK" to select the partition or drive you want.
[*]Click the "More Options" Tab.
[*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

MrEd · Aug 17, 2011

Thanks!

Appreciate the help!

MrEd · Aug 17, 2011

Qoobot

Have a folder that I can't delete called "Qoobot".Inside it is another folder called "Backenv". When I click on either folder it says "Cannot delete:access denied....Make sure the disk is not full or write-protected and that the file is not in use". Any ideas? Thanks!

Bobbye · Aug 18, 2011

You've run ComboFix at some point. Qoobox is a folder where Combofix puts the quarantined files. Backenv is one of them. If you uninstalled Combofix as instructed, this logs should be gone. Don't try to view what's in there, just delete it. Empty your Recycle Bin and reboot your computer.

Spelling Qoobot has been corrected to Qoobox.

MrEd · Aug 19, 2011

Hello,

Thanks for the response. I did attempt to uninstall "combofix" several times using your
nomenclature and received the error message "Windows cannot find "Combofix".Make sure you typed the name correctly, and then try again. To search for a file, click the Start button
and then click Search." I once again tried to delete the "Qoobox" folder and received the
message "Cannot delete BackEnv:Access is denied. Make sure the disk is not full or write
protected and that the file is not currently in use." Also ran "otcLEANIT BY OLDTIMER" and
the undeletable folder is still there.Please advise.

RE: msconfig..you stated..
"The only processes that have to be checked on the Startup menu are:
Antivirus
Firewall is using 3rd party FW like Zone Alarm or Comodo
Touchpad process is on laptop
Network if using Pure Network/Cisco.
Nothing else! You can go into All Program when you want to run a program."

I disabled pad.exe which is Toshiba Touch and Launch and the touchpad still worked. There
are two other Toshiba program files there but wasn't sure if they were for the touchpad
although since they indicate "TP" in the file, my guess is are for the touchpad. They are:
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTPenh.exe

Why are there a bunch of entries in msconfig startup that are associated with programs I
thought were removed.How do I get rid of these? Here are the specific entries:
Removed Programs:
Cooke Patrol ...program: Pest Patrol
PP Control...program: Pest Control
PP Mem Check...program: Pest Patrol
Unnamed File...program: Pest Control/downloads
Maximizer Startup Program: Notebook Maximizer
masqform ..program: PureEdge
justsched:..program: Java Updater

Other:
CFSSErv
tfswctrl
dumpprep 0 -k
RAMASST

Cleaned up add/remove programs but there is no "remove" button for Google Talk plugin.I even used REvo Uninstaller Pro for cleanup but it would not delete the files.How do
I remove it?

Thanks!

Bobbye · Aug 19, 2011

You asked to have your logs 'evaluated', giving no information about what your problems were. You tan Malwarebytes for some unknown reason and when malware was found decided you wanted the logs checked

Then you want me to 'tweak' you system and I told you this is not a tweaking forum. Sluggish systems can have many causes and if you search TechSpot, you will find information about that.

I asked for the OTM log, which you eventually found, then you only left a part of it..

You ran Malwarebytes and ESET in safe mode with networking. which were not the instructions: All scans should be run in Normal Mode unless instructed otherwise or unless the system can't boot into Normal Mode.

The correct order to use for uninstalling is:
1. Check if program has it's own uninstaller. If it does, use that.
2. If program does not have own uninstaller, remove in Add/Remove Programs.

Revo and Windows Installer Cleanup Utility are not uninstallers! They should only be use to 1. remove files that are left over after a program is uninstalled or 2. If the program appears in Add/Remove Programs but will not uninstall from there.

Using Revo exclusively to do this job can damage the uninstaller which sounds like what happened to you. I suggest you download Combofix again and then uninstall it properly:

Uninstall ComboFix and all Backups of the files it deleted

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Why are there a bunch of entries in msconfig startup that are associated with programs I thought were removed

Click to expand...

Because you didn't uninstall them correctly, because you didn't check to make sure they were no longer on Startup. because you didn't delete the program folders after the uninstall.

Some of the processes you see might be Active X entries for addons. Check Manage Addons in Tools and disable any you don't want to run.

If is also possible that an entry has a Service that is set to Automatically start. You can check that as follows:
Click on Start> Run> type in services.msc> enter> Find the Service and double click to open. Set the Startup Type to Manual.

You have most likely damaged the files the need to be used in programs to uninstall them by using Revo instead of the proper methods. In some cases, it might be necessary for you to download the program again and then uninstall it like I mentioned.

Google is a good search engine. Instead to deleting or unchecking a process when you don't know what it does or if it need to start on boot, do a search. The information can easily be found.

Since the malware problem has been resolved, I am going to close this thread.

Solved Please evaluate logs.Thanks!

Posts: 70 +0

Posts: 16,313 +36

Posts: 70 +0

Posts: 16,313 +36

Posts: 16,313 +36

Posts: 70 +0

Posts: 16,313 +36

Posts: 70 +0

Posts: 16,313 +36

Posts: 70 +0

Posts: 70 +0

Posts: 16,313 +36

Posts: 70 +0

Posts: 16,313 +36

Posts: 70 +0

Posts: 16,313 +36

Posts: 70 +0

Posts: 70 +0

Posts: 16,313 +36

Posts: 70 +0

Posts: 16,313 +36

Similar threads