Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: pc running very slow, malware found


(!)

1wozk's Avatar
1wozk 1wozk is offline
Member with 96 posts.
THREAD STARTER
 
Join Date: May 2008
Experience: Intermediate
08-Apr-2009, 12:26 AM #1
pc running very slow, malware found
Hi my pc is still running very slow after running malware bytes which found some malware which was put in the virus vault so i thought but still experincing problems,I also ran avg which didnt pick anything up, I then used highjack this and the logs for all these are below.
thanks
warren
LOGS

highjack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:07:08, on 08/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...8&gct=&gc=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [Disk Monitor] "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O15 - Trusted Zone: http://www.worldwinner.com
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47...abblecubes.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://uk.midas.games.yahoo.net/midasa.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - http://www3.authentium.com/bt/wbiw/bin/wizard.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48...t/brickout.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v47...itairerush.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166606521953
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbde...ivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Regi...18/flashax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate1c9b3aee63047d8) (gupdate1c9b3aee63047d8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe

--
End of file - 10370 bytes

avg log

"Scan ""Scan whole computer"" was finished."
"No infection was found during this scan"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"04 April 2009, 21:41:25"
"Scan finished:";"04 April 2009, 22:59:54 (1 hour(s) 18 minute(s) 29 second(s))"
"Total object scanned:";"500255"
"User who launched the scan:";"warren keen"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat";"Found Tracking cookie.Mediaplex";"Healed"
"C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\ad.yieldmana ger.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\ad.yieldmana ger.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\ad.yieldmana ger.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\doubleclick. net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\atdmt.com.b3 e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\mediaplex.co m.323e9a10";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\mediaplex.co m.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\mediaplex.co m.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\revsci.net.4 4927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite";"Found Tracking cookie.Yieldmanager";"Healed"
"C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\revsci.net.2 df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\revsci.net.b 8d48360";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\revsci.net.e 9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Cookies\warren_keen@2o7[2].txt";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Cookies\warren_keen@2o7[2].txt:\2o7.net.87f47d84";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Cookies\warren_keen@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\warren keen\Cookies\warren_keen@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"

malwarebytes log 1st scan

Malwarebytes' Anti-Malware 1.35
Database version: 1940
Windows 5.1.2600 Service Pack 2

04/04/2009 20:43:06
mbam-log-2009-04-04 (20-43-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 182175
Time elapsed: 57 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76f3 0661-76c7-48cd-b18e-64f388ae030b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.Out lookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.Outloo kAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014235.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014236.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014241.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014243.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014245.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014250.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014251.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014252.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014253.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014254.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014255.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014257.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014258.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014259.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014260.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014261.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014262.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014263.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014264.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014265.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014266.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014267.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014268.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\f49f4daa.dat (Trojan.Koobface) -> Quarantined and deleted successfully.

malwarebytes 2nd scan

Malwarebytes' Anti-Malware 1.35
Database version: 1943
Windows 5.1.2600 Service Pack 2

06/04/2009 05:56:13
mbam-log-2009-04-06 (05-56-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 192822
Time elapsed: 1 hour(s), 19 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP125\A0016858.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP125\A0016859.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
1wozk's Avatar
1wozk 1wozk is offline
Member with 96 posts.
THREAD STARTER
 
Join Date: May 2008
Experience: Intermediate
08-Apr-2009, 12:39 AM #2
Hi just to add to this when i try to do a windows update it fails everytime.
blitzkreig's Avatar
blitzkreig blitzkreig is offline blitzkreig has a Profile Picture
blitzkreig has a Photo Album
Computer Specs
Member with 824 posts.
 
Join Date: Mar 2009
Location: Mumbai, India
Experience: still learning
08-Apr-2009, 01:22 AM #3
Ok,
Have you tried using super-atispyware free edition?
If not download this, run a scan and do a removal i.e if the program detects anything duh..
U seem to have been infected with common adware and trojans
1wozk's Avatar
1wozk 1wozk is offline
Member with 96 posts.
THREAD STARTER
 
Join Date: May 2008
Experience: Intermediate
08-Apr-2009, 02:47 PM #4
Hi i used super spyware and the log is below it found some spyware but nothing to serious, i also done a scan with free fixer and that log is below too.
thanks warren

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/08/2009 at 08:47 AM

Application Version : 4.26.1000

Core Rules Database Version : 3834
Trace Rules Database Version: 1790

Scan type : Complete Scan
Total Scan Time : 02:05:49

Memory items scanned : 430
Memory threats detected : 0
Registry items scanned : 5597
Registry threats detected : 0
File items scanned : 114465
File threats detected : 13

Adware.Tracking Cookie
C:\Documents and Settings\warren keen\Cookies\warren_keen@serving-sys[2].txt
C:\Documents and Settings\warren keen\Cookies\warren_keen@bs.serving-sys[2].txt
C:\Documents and Settings\warren keen\Cookies\warren_keen@doubleclick[1].txt
C:\Documents and Settings\warren keen\Cookies\warren_keen@adrevolver[2].txt
C:\Documents and Settings\warren keen\Cookies\warren_keen@revsci[2].txt
C:\Documents and Settings\warren keen\Cookies\warren_keen@atdmt[1].txt
C:\Documents and Settings\warren keen\Cookies\warren_keen@adbrite[2].txt
C:\Documents and Settings\warren keen\Cookies\warren_keen@media.adrevolver[1].txt
C:\Documents and Settings\warren keen\Cookies\warren_keen@atdmt[2].txt
C:\Documents and Settings\warren keen\Cookies\warren_keen@revsci[1].txt
C:\Documents and Settings\warren keen\Cookies\warren_keen@ad.yieldmanager[1].txt
C:\Documents and Settings\warren keen\Cookies\warren_keen@media.adrevolver[2].txt
C:\Documents and Settings\warren keen\Cookies\warren_keen@bs.serving-sys[1].txt


FreeFixer v0.37 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 2
Log dated 2009-04-08 08:07


BootExecute (1 whitelisted)
C:\WINDOWS\system32\stera.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)
C:\WINDOWS\system32\SsiEfr.exe (file is missing)

Winlogon Notify (9 whitelisted)
!SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
avgrsstarter - C:\WINDOWS\system32\avgrsstx.dll
dimsntfy - (no file specified)
WgaLogon - C:\WINDOWS\system32\WgaLogon.dll

Browser Helper Objects
{02478D38-C3F9-4EFB-9B51-7695ECA05670}, &Yahoo! Toolbar Helper, C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}, Adobe PDF Link Helper, C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA}, RealPlayer Download and Record Plugin for Internet Explorer, C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}, AVG Safe Search, C:\Program Files\AVG\AVG8\avgssie.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}, UberButton Class, C:\Program Files\Yahoo!\Common\yiesrvc.dll
{65D886A2-7CA7-479B-BB95-14D1EFB7946A}, YahooTaggedBM Class, C:\Program Files\Yahoo!\Common\YIeTagBm.dll
{A057A204-BACC-4D26-9990-79A187E2698E}, AVG Security Toolbar, C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
{AA58ED58-01DD-4d91-8333-CF10577473F7}, Google Toolbar Helper, C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}, Google Toolbar Notifier BHO, C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}, Google Dictionary Compression sdch, C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}, , No file specified
{DBC80044-A445-435b-BC74-9C25C1C588A9}, Java(tm) Plug-In 2 SSV Helper, C:\Program Files\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}, JQSIEStartDetectorImpl Class, C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}, SidebarAutoLaunch Class, C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}, SingleInstance Class, C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

Internet Explorer toolbars (2 whitelisted)
HKLM\..\Toolbar\Locked - - No file specified
HKLM\..\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
HKCU\..\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
HKCU\..\Toolbar\WebBrowser\{F2CF5485-4E02-4F68-819C-B92DE9277049} - &Links - C:\WINDOWS\system32\ieframe.dll
HKCU\..\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
HKCU\..\Toolbar\WebBrowser\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - - No file specified
HKCU\..\Toolbar\WebBrowser\{71576546-354D-41C9-AAE8-31F2EC22BF0D} - - No file specified
HKCU\..\Toolbar\WebBrowser\{724D43A0-0D85-11D4-9908-00400523E39A} - - No file specified
HKCU\..\Toolbar\WebBrowser\ITBar7Height - - No file specified

Basic Internet Explorer settings
HKCU\..\Main, Start Page = http://www.yahoo.com/
HKLM\..\Main, Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
HKLM\..\Search, SearchAssistant = http://www.google.com/ie

Registry Startups (1 whitelisted)
HKLM\..\Run, LXCECATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
HKLM\..\Run, EzPrint = "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
HKLM\..\Run, Disk Monitor = "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe"
HKLM\..\Run, AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKLM\..\Run, Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\..\Run, SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM\..\Run, SoundMan = SOUNDMAN.EXE
HKLM\..\Run, Logitech Utility = Logi_MwX.Exe
HKLM\..\Run, VTTimer = VTTimer.exe
HKCU\..\Run, DriverMax = "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent

Processes (16 whitelisted)
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\FreeFixer\freefixer.exe

Application modules (67 whitelisted)
C:\WINDOWS\system32\ieframe.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\Normaliz.dll

Services (34 whitelisted)
avg8emc, AVG8 E-mail Scanner, c:\progra~1\avg\avg8\avgemc.exe
avg8wd, AVG8 WatchDog, c:\progra~1\avg\avg8\avgwdsvc.exe
Brother XP spl Service, BrSplService, c:\windows\system32\brsvc01a.exe
gupdate1c9b3aee63047d8, Google Update Service (gupdate1c9b3aee63047d8), c:\program files\google\update\googleupdate.exe
JavaQuickStarterService, Java Quick Starter, c:\program files\java\jre6\bin\jqs.exe

Shell services (4 whitelisted)
WPDShServiceObj, {AAA288BA-9A4C-45B0-95D7-94D524869DB5}, C:\WINDOWS\system32\WPDShServiceObj.dll

Drivers (27 whitelisted)
AvgLdx86, AVG AVI Loader Driver x86, C:\WINDOWS\system32\drivers\avgldx86.sys
AvgTdiX, AVG8 Network Redirector, C:\WINDOWS\system32\drivers\avgtdix.sys
PxHelp20, PxHelp20, C:\WINDOWS\system32\drivers\pxhelp20.sys
SASDIFSV, SASDIFSV, c:\program files\superantispyware\sasdifsv.sys
SASKUTIL, SASKUTIL, c:\program files\superantispyware\saskutil.sys
tmcomm, tmcomm, c:\windows\system32\drivers\tmcomm.sys
ubsbm, Unibrain 1394 SBM Driver, C:\WINDOWS\system32\drivers\ubsbm.sys
ubumapi, Unibrain 1394 FireAPI Driver, C:\WINDOWS\system32\drivers\ubumapi.sys
viaagp1, VIA AGP Filter, C:\WINDOWS\system32\drivers\viaagp1.sys
videX32, , C:\WINDOWS\system32\drivers\videx32.sys
WudfPf, Windows Driver Foundation - User-mode Driver Framework Platform Driver, C:\WINDOWS\system32\drivers\wudfpf.sys
WhitPhil's Avatar
Computer Specs
Trusted Advisor - Gone but never forgotten with 8,684 posts.
 
Join Date: Oct 2000
Location: Whitby, Ontario
08-Apr-2009, 03:01 PM #5
I have asked that a Gold Shield step in and complete the disinfection exercise.
1wozk's Avatar
1wozk 1wozk is offline
Member with 96 posts.
THREAD STARTER
 
Join Date: May 2008
Experience: Intermediate
08-Apr-2009, 03:04 PM #6
Ok thanks for your quick response and i look forward to hopefully sorting this problem out.
warren
1wozk's Avatar
1wozk 1wozk is offline
Member with 96 posts.
THREAD STARTER
 
Join Date: May 2008
Experience: Intermediate
08-Apr-2009, 03:08 PM #7
Just to add more info on this matter i am listing a log file from bazooka below to, I have also highlighted in that log what bazooka warns me about which is the terror site.

****************************************
Bazooka Scanner v1.13.03
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
support@kephyr.com
Log created 20:05:32.
OS: Windows NT 5.1
Database version: 3.300000
Database format version: 1.020000
Database date: 20071118
Current date: 2009-04-08 20:05


****************************************
Result when scanning:

Exploit searchterror.com 344.777.002 c:\tmp.txt
c:\tmp.txt
http://www.kephyr.com/spywarescanner...om/index.phtml


****************************************
Auto start entries:

****************************************
Run entries:
LXCECATS rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LXCECATS

EzPrint "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\EzPrint

Disk Monitor "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Disk Monitor

AVG8_TRAY C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AVG8_TRAY

Adobe Reader Speed Launcher "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher

SunJavaUpdateSched "C:\Program Files\Java\jre6\bin\jusched.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpd ateSched

SoundMan SOUNDMAN.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SoundMan

Logitech Utility Logi_MwX.Exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Logitech Utility

VTTimer VTTimer.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\VTTimer

DriverMax "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\DriverMax


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{02478D38-C3F9-4EFB-9B51-7695ECA05670} not set C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} AcroIEHelperStub C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{3049C3E9-B461-4BC5-8870-4C09146192CA} not set C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} WormRadar.com IESiteBlocker.NavFilter C:\Program Files\AVG\AVG8\avgssie.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} not set C:\Program Files\Yahoo!\Common\yiesrvc.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}

{65D886A2-7CA7-479B-BB95-14D1EFB7946A} not set C:\Program Files\Yahoo!\Common\YIeTagBm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}

{A057A204-BACC-4D26-9990-79A187E2698E} not set C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}

{AA58ED58-01DD-4d91-8333-CF10577473F7} not set C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} not set C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} Google Dictionary Compression sdch C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}

{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} not set C:\Program Files\WOT\WOT.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}

{DBC80044-A445-435b-BC74-9C25C1C588A9} not set C:\Program Files\Java\jre6\bin\jp2ssv.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} JQSIEStartDetectorImpl C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} not set C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} not set C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}


****************************************
Toolbars:

Locked Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\Locked\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked

{EF99BD32-C1FB-11D2-892F-0090271D4F88} C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{EF99BD32-C1FB-11D2-892F-0090271D4F88} C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{2318C2B1-4965-11D4-9B18-009027A5CD4F} C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

ITBar7Layout Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\ITBar7Layout\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Layout

{F2CF5485-4E02-4F68-819C-B92DE9277049} C:\WINDOWS\system32\ieframe.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F2CF5485-4E02-4F68-819C-B92DE9277049}

{A057A204-BACC-4D26-9990-79A187E2698E} C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E}

{C107F7A0-B489-11d2-B2FE-005004055BFB} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{C107F7A0-B489-11d2-B2FE-005004055BFB}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C107F7A0-B489-11d2-B2FE-005004055BFB}

{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

{EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\system32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\system32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
SMSS.EXE
CSRSS.EXE
WINLOGON.EXE
SERVICES.EXE
LSASS.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
BRSVC01A.EXE
BRSS01A.EXE
SPOOLSV.EXE
AVGWDSVC.EXE
JQS.EXE
GoogleUpdate.exe
SVCHOST.EXE
AVGEMC.EXE
AVGRSX.EXE
AVGNSX.EXE
AVGCSRVX.EXE
EXPLORER.EXE
ALG.EXE
EZPRINT.EXE
Disk_Monitor.exe
AVGTRAY.EXE
JUSCHED.EXE
SOUNDMAN.EXE
VTTimer.exe
DEVICES.EXE
LXCECOMS.EXE
wuauclt.exe
FIREFOX.EXE
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://uk.yahoo.com/?fr=fp-yie8
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Search Bar http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

Default_Search_URL http://toolbar.ask.com/toolbarv/askR...8&gct=&gc=1&q=
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\Default_Search_URL

SearchAssistant http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPre fix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\w ww

http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

Default_Page_URL http://uk.yahoo.com/?fr=fp-yie8
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Search Page http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst

SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch


****************************************
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,312 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
08-Apr-2009, 05:24 PM #8
Hi, 1wozk

Welcome.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  4. Double click on combofix.exe & follow the prompts.
  5. If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.
  6. Install the Recovery Console upon request.
  7. When finished, it will produce a report for you.
  8. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
__________________
Unanswered threads for 5 days will no longer be part of my subscriptions.

Last edited by JSntgRvr; 09-Apr-2009 at 12:08 AM.. Reason: Malwarebytes already ran
blitzkreig's Avatar
blitzkreig blitzkreig is offline blitzkreig has a Profile Picture
blitzkreig has a Photo Album
Computer Specs
Member with 824 posts.
 
Join Date: Mar 2009
Location: Mumbai, India
Experience: still learning
08-Apr-2009, 10:37 PM #9
hello 1wozk,
You know what, my pc was infected with malware too, but I decided to back-up my important data onto another drive and I formatted my C partition, the speed is breathtaking, trust me.
1wozk's Avatar
1wozk 1wozk is offline
Member with 96 posts.
THREAD STARTER
 
Join Date: May 2008
Experience: Intermediate
09-Apr-2009, 01:02 AM #10
Hi thanks for your response i already have malware bytes and the log is above aswell as highjack this, I am having a problem with combo fix my windows can not open it keeps saying it cant open it and asks if i want to search online to find something which will open it so if possible you know why its not opening it for me please.
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,312 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
09-Apr-2009, 02:13 AM #11
Hi, 1wozk

Download OTScanit2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanit2 on your desktop. OTScanit2 can be detected as malware by your firewall and Ativirus. Chose Ignore on any warning alert.
  1. Close any open browsers.
  2. Open the OTScanit2 folder and double-click on OTScanit2.exe to start the program.
  3. Leave all settings as they appear as default, except for the following:
  4. Under Drivers, select "All".
  5. Under Rootkit Search, select Yes
  6. Under additional Scan select the following:
    1. Reg - ControlSets
    2. Reg - Disabled MS Config Items
    3. Reg - File Associations
    4. Reg - Security Center Settings
    5. Reg - Tcpip Persistent Routes
  7. Now click the Run Scan button on the toolbar.
  8. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  9. When the scan is complete Notepad will open with the report file loaded in it.
  10. Save that notepad file
Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, rather attach it to it).
1wozk's Avatar
1wozk 1wozk is offline
Member with 96 posts.
THREAD STARTER
 
Join Date: May 2008
Experience: Intermediate
09-Apr-2009, 02:52 AM #12
Hi i have followed your instructions but when i try to post you the log it says it is to long
1wozk's Avatar
1wozk 1wozk is offline
Member with 96 posts.
THREAD STARTER
 
Join Date: May 2008
Experience: Intermediate
09-Apr-2009, 02:54 AM #13
i am going to send you bits of the log so you get it
1wozk's Avatar
1wozk 1wozk is offline
Member with 96 posts.
THREAD STARTER
 
Join Date: May 2008
Experience: Intermediate
09-Apr-2009, 02:58 AM #14
[code]
OTScanIt2 logfile created on: 09/04/2009 07:41:54 - Run 1
OTScanIt2 by OldTimer - Version 1.0.12.2 Folder = C:\Documents and Settings\warren keen\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 81.39% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 3700 4096;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 44.09 Gb Free Space | 59.17% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OEM-V9ZGBAT0XF7
Current User Name: warren keen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
agentsvr.exe -> %SystemRoot%\msagent\AgentSvr.exe -> [2006/10/12 11:09:54 | 00,256,512 | ---- | M] (Microsoft Corporation)
avgcsrvx.exe -> %ProgramFiles%\AVG\AVG8\avgcsrvx.exe -> [2009/04/04 21:38:26 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcsrvx.exe -> %ProgramFiles%\AVG\AVG8\avgcsrvx.exe -> [2009/04/04 21:38:26 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2009/04/04 21:38:18 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> %ProgramFiles%\AVG\AVG8\avgnsx.exe -> [2009/04/04 21:38:26 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> [2009/04/04 21:38:26 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2009/04/04 21:38:16 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.)
brss01a.exe -> %SystemRoot%\System32\brss01a.exe -> [2001/12/12 16:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd)
brsvc01a.exe -> %SystemRoot%\System32\brsvc01a.exe -> [2002/04/11 16:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd)
disk_monitor.exe -> %ProgramFiles%\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe -> [2003/06/18 10:57:40 | 00,466,944 | ---- | M] (Neodio Corp.)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2007/06/13 11:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation)
ezprint.exe -> %ProgramFiles%\Lexmark 4300 Series\ezprint.exe -> [2005/07/26 13:17:18 | 00,094,208 | ---- | M] (Lexmark International Inc.)
googleupdate.exe -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2009/04/02 17:19:42 | 00,133,104 | ---- | M] (Google Inc.)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/04/07 10:51:56 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/04/07 10:51:56 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
lxcecoms.exe -> %SystemRoot%\system32\lxcecoms.exe -> [2005/07/06 11:14:12 | 00,471,040 | ---- | M] (Lexmark International, Inc.)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/04/08 13:39:08 | 00,493,568 | ---- | M] (OldTimer Tools)
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> [2007/04/16 15:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.)
vttimer.exe -> %SystemRoot%\system32\VTTimer.exe -> [2005/03/08 03:33:28 | 00,053,248 | ---- | M] (S3 Graphics, Inc.)
winword.exe -> %ProgramFiles%\Microsoft Office\Office\WINWORD.EXE -> [1999/03/17 22:38:10 | 08,798,260 | R--- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2009/04/04 21:38:18 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2009/04/04 21:38:16 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\brsvc01a.exe -> [2002/04/11 16:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(gupdate1c9b3aee63047d8) Google Update Service (gupdate1c9b3aee63047d8) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2009/04/02 17:19:42 | 00,133,104 | ---- | M] (Google Inc.)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/02/20 17:08:34 | 00,137,200 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/04 07:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/04/07 10:51:56 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(lxce_device) lxce_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\lxcecoms.exe -> [2005/07/06 11:14:12 | 00,471,040 | ---- | M] (Lexmark International, Inc.)
(uploadmgr) Upload Manager [Win32_Shared | Auto | Stopped] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/04 07:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation)
(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,312 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
09-Apr-2009, 03:01 AM #15
Click on Reply then scroll down to Manage Attachments. Browse and Upload the report. Submit the reply.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑