1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

pc running very slow, malware found

Discussion in 'Virus & Other Malware Removal' started by 1wozk, Apr 8, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. 1wozk

    1wozk Thread Starter

    Joined:
    May 6, 2008
    Messages:
    96
    Hi my pc is still running very slow after running malware bytes which found some malware which was put in the virus vault so i thought but still experincing problems,I also ran avg which didnt pick anything up, I then used highjack this and the logs for all these are below.
    thanks
    warren
    LOGS

    highjack this

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 05:07:08, on 08/04/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Innovative Solutions\DriverMax\devices.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fp-yie8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [Disk Monitor] "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
    O15 - Trusted Zone: http://www.worldwinner.com
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://uk.midas.games.yahoo.net/midasa.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - http://www3.authentium.com/bt/wbiw/bin/wizard.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
    O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166606521953
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Google Update Service (gupdate1c9b3aee63047d8) (gupdate1c9b3aee63047d8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe

    --
    End of file - 10370 bytes

    avg log

    "Scan ""Scan whole computer"" was finished."
    "No infection was found during this scan"
    "Folders selected for scanning:";"Scan whole computer"
    "Scan started:";"04 April 2009, 21:41:25"
    "Scan finished:";"04 April 2009, 22:59:54 (1 hour(s) 18 minute(s) 29 second(s))"
    "Total object scanned:";"500255"
    "User who launched the scan:";"warren keen"

    "Warnings"
    "File";"Infection";"Result"
    "C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat";"Found Tracking cookie.Mediaplex";"Healed"
    "C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
    "C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
    "C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
    "C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
    "C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
    "C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
    "C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
    "C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
    "C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
    "C:\Documents and Settings\angela keen\Application Data\Opera\Opera\profile\cookies4.dat:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\mediaplex.com.323e9a10";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite";"Found Tracking cookie.Yieldmanager";"Healed"
    "C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\revsci.net.b8d48360";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Application Data\Mozilla\Firefox\Profiles\va529s2u.default\cookies.sqlite:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Cookies\warren_keen@2o7[2].txt";"Found Tracking cookie.2o7";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Cookies\warren_keen@2o7[2].txt:\2o7.net.87f47d84";"Found Tracking cookie.2o7";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Cookies\warren_keen@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
    "C:\Documents and Settings\warren keen\Cookies\warren_keen@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"

    malwarebytes log 1st scan

    Malwarebytes' Anti-Malware 1.35
    Database version: 1940
    Windows 5.1.2600 Service Pack 2

    04/04/2009 20:43:06
    mbam-log-2009-04-04 (20-43-05).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 182175
    Time elapsed: 57 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 21
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 27

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76f30661-76c7-48cd-b18e-64f388ae030b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014235.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014236.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014241.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014243.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014245.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014250.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014251.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014252.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014253.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014254.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014255.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014257.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014258.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014259.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014260.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014261.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014262.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014263.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014264.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014265.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014266.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014267.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP113\A0014268.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\f49f4daa.dat (Trojan.Koobface) -> Quarantined and deleted successfully.

    malwarebytes 2nd scan

    Malwarebytes' Anti-Malware 1.35
    Database version: 1943
    Windows 5.1.2600 Service Pack 2

    06/04/2009 05:56:13
    mbam-log-2009-04-06 (05-56-13).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 192822
    Time elapsed: 1 hour(s), 19 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP125\A0016858.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7B0895D1-BDF9-4A3B-98CD-84F9D76DD6E5}\RP125\A0016859.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
     
  2. 1wozk

    1wozk Thread Starter

    Joined:
    May 6, 2008
    Messages:
    96
    Hi just to add to this when i try to do a windows update it fails everytime.
     
  3. blitzkreig

    blitzkreig

    Joined:
    Mar 5, 2009
    Messages:
    824
    Ok,
    Have you tried using super-atispyware free edition?
    If not download this, run a scan and do a removal i.e if the program detects anything duh..
    U seem to have been infected with common adware and trojans
     
  4. 1wozk

    1wozk Thread Starter

    Joined:
    May 6, 2008
    Messages:
    96
    Hi i used super spyware and the log is below it found some spyware but nothing to serious, i also done a scan with free fixer and that log is below too.
    thanks warren

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 04/08/2009 at 08:47 AM

    Application Version : 4.26.1000

    Core Rules Database Version : 3834
    Trace Rules Database Version: 1790

    Scan type : Complete Scan
    Total Scan Time : 02:05:49

    Memory items scanned : 430
    Memory threats detected : 0
    Registry items scanned : 5597
    Registry threats detected : 0
    File items scanned : 114465
    File threats detected : 13

    Adware.Tracking Cookie
    C:\Documents and Settings\warren keen\Cookies\warren_keen@serving-sys[2].txt
    C:\Documents and Settings\warren keen\Cookies\[email protected][2].txt
    C:\Documents and Settings\warren keen\Cookies\warren_keen@doubleclick[1].txt
    C:\Documents and Settings\warren keen\Cookies\warren_keen@adrevolver[2].txt
    C:\Documents and Settings\warren keen\Cookies\warren_keen@revsci[2].txt
    C:\Documents and Settings\warren keen\Cookies\warren_keen@atdmt[1].txt
    C:\Documents and Settings\warren keen\Cookies\warren_keen@adbrite[2].txt
    C:\Documents and Settings\warren keen\Cookies\[email protected][1].txt
    C:\Documents and Settings\warren keen\Cookies\warren_keen@atdmt[2].txt
    C:\Documents and Settings\warren keen\Cookies\warren_keen@revsci[1].txt
    C:\Documents and Settings\warren keen\Cookies\[email protected][1].txt
    C:\Documents and Settings\warren keen\Cookies\[email protected][2].txt
    C:\Documents and Settings\warren keen\Cookies\[email protected][1].txt


    FreeFixer v0.37 log
    http://www.freefixer.com/
    Operating system: Windows XP Service Pack 2
    Log dated 2009-04-08 08:07


    BootExecute (1 whitelisted)
    C:\WINDOWS\system32\stera.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)
    C:\WINDOWS\system32\SsiEfr.exe (file is missing)

    Winlogon Notify (9 whitelisted)
    !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    avgrsstarter - C:\WINDOWS\system32\avgrsstx.dll
    dimsntfy - (no file specified)
    WgaLogon - C:\WINDOWS\system32\WgaLogon.dll

    Browser Helper Objects
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}, &Yahoo! Toolbar Helper, C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}, Adobe PDF Link Helper, C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    {3049C3E9-B461-4BC5-8870-4C09146192CA}, RealPlayer Download and Record Plugin for Internet Explorer, C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}, AVG Safe Search, C:\Program Files\AVG\AVG8\avgssie.dll
    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}, UberButton Class, C:\Program Files\Yahoo!\Common\yiesrvc.dll
    {65D886A2-7CA7-479B-BB95-14D1EFB7946A}, YahooTaggedBM Class, C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    {A057A204-BACC-4D26-9990-79A187E2698E}, AVG Security Toolbar, C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    {AA58ED58-01DD-4d91-8333-CF10577473F7}, Google Toolbar Helper, C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}, Google Toolbar Notifier BHO, C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}, Google Dictionary Compression sdch, C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    {C920E44A-7F78-4E64-BDD7-A57026E7FEB7}, , No file specified
    {DBC80044-A445-435b-BC74-9C25C1C588A9}, Java(tm) Plug-In 2 SSV Helper, C:\Program Files\Java\jre6\bin\jp2ssv.dll
    {E7E6F031-17CE-4C07-BC86-EABFE594F69C}, JQSIEStartDetectorImpl Class, C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}, SidebarAutoLaunch Class, C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}, SingleInstance Class, C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

    Internet Explorer toolbars (2 whitelisted)
    HKLM\..\Toolbar\Locked - - No file specified
    HKLM\..\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    HKCU\..\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    HKCU\..\Toolbar\WebBrowser\{F2CF5485-4E02-4F68-819C-B92DE9277049} - &Links - C:\WINDOWS\system32\ieframe.dll
    HKCU\..\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    HKCU\..\Toolbar\WebBrowser\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - - No file specified
    HKCU\..\Toolbar\WebBrowser\{71576546-354D-41C9-AAE8-31F2EC22BF0D} - - No file specified
    HKCU\..\Toolbar\WebBrowser\{724D43A0-0D85-11D4-9908-00400523E39A} - - No file specified
    HKCU\..\Toolbar\WebBrowser\ITBar7Height - - No file specified

    Basic Internet Explorer settings
    HKCU\..\Main, Start Page = http://www.yahoo.com/
    HKLM\..\Main, Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
    HKLM\..\Search, SearchAssistant = http://www.google.com/ie

    Registry Startups (1 whitelisted)
    HKLM\..\Run, LXCECATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    HKLM\..\Run, EzPrint = "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    HKLM\..\Run, Disk Monitor = "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe"
    HKLM\..\Run, AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
    HKLM\..\Run, Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    HKLM\..\Run, SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"
    HKLM\..\Run, SoundMan = SOUNDMAN.EXE
    HKLM\..\Run, Logitech Utility = Logi_MwX.Exe
    HKLM\..\Run, VTTimer = VTTimer.exe
    HKCU\..\Run, DriverMax = "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent

    Processes (16 whitelisted)
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Innovative Solutions\DriverMax\devices.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\FreeFixer\freefixer.exe

    Application modules (67 whitelisted)
    C:\WINDOWS\system32\ieframe.dll
    C:\WINDOWS\system32\iertutil.dll
    C:\WINDOWS\system32\Normaliz.dll

    Services (34 whitelisted)
    avg8emc, AVG8 E-mail Scanner, c:\progra~1\avg\avg8\avgemc.exe
    avg8wd, AVG8 WatchDog, c:\progra~1\avg\avg8\avgwdsvc.exe
    Brother XP spl Service, BrSplService, c:\windows\system32\brsvc01a.exe
    gupdate1c9b3aee63047d8, Google Update Service (gupdate1c9b3aee63047d8), c:\program files\google\update\googleupdate.exe
    JavaQuickStarterService, Java Quick Starter, c:\program files\java\jre6\bin\jqs.exe

    Shell services (4 whitelisted)
    WPDShServiceObj, {AAA288BA-9A4C-45B0-95D7-94D524869DB5}, C:\WINDOWS\system32\WPDShServiceObj.dll

    Drivers (27 whitelisted)
    AvgLdx86, AVG AVI Loader Driver x86, C:\WINDOWS\system32\drivers\avgldx86.sys
    AvgTdiX, AVG8 Network Redirector, C:\WINDOWS\system32\drivers\avgtdix.sys
    PxHelp20, PxHelp20, C:\WINDOWS\system32\drivers\pxhelp20.sys
    SASDIFSV, SASDIFSV, c:\program files\superantispyware\sasdifsv.sys
    SASKUTIL, SASKUTIL, c:\program files\superantispyware\saskutil.sys
    tmcomm, tmcomm, c:\windows\system32\drivers\tmcomm.sys
    ubsbm, Unibrain 1394 SBM Driver, C:\WINDOWS\system32\drivers\ubsbm.sys
    ubumapi, Unibrain 1394 FireAPI Driver, C:\WINDOWS\system32\drivers\ubumapi.sys
    viaagp1, VIA AGP Filter, C:\WINDOWS\system32\drivers\viaagp1.sys
    videX32, , C:\WINDOWS\system32\drivers\videx32.sys
    WudfPf, Windows Driver Foundation - User-mode Driver Framework Platform Driver, C:\WINDOWS\system32\drivers\wudfpf.sys
     
  5. WhitPhil

    WhitPhil Gone but never forgotten Trusted Advisor

    Joined:
    Oct 4, 2000
    Messages:
    8,684
    I have asked that a Gold Shield step in and complete the disinfection exercise.
     
  6. 1wozk

    1wozk Thread Starter

    Joined:
    May 6, 2008
    Messages:
    96
    Ok thanks for your quick response and i look forward to hopefully sorting this problem out.
    warren
     
  7. 1wozk

    1wozk Thread Starter

    Joined:
    May 6, 2008
    Messages:
    96
    Just to add more info on this matter i am listing a log file from bazooka below to, I have also highlighted in that log what bazooka warns me about which is the terror site.

    ****************************************
    Bazooka Scanner v1.13.03
    http://www.kephyr.com/spywarescanner/
    http://www.kephyr.com/spywarescanner/library/
    [email protected]
    Log created 20:05:32.
    OS: Windows NT 5.1
    Database version: 3.300000
    Database format version: 1.020000
    Database date: 20071118
    Current date: 2009-04-08 20:05


    ****************************************
    Result when scanning:

    Exploit searchterror.com 344.777.002 c:\tmp.txt
    c:\tmp.txt
    http://www.kephyr.com/spywarescanner/library/exploit-searchterror.com/index.phtml


    ****************************************
    Auto start entries:

    ****************************************
    Run entries:
    LXCECATS rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LXCECATS

    EzPrint "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\EzPrint

    Disk Monitor "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe"
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Disk Monitor

    AVG8_TRAY C:\PROGRA~1\AVG\AVG8\avgtray.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AVG8_TRAY

    Adobe Reader Speed Launcher "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher

    SunJavaUpdateSched "C:\Program Files\Java\jre6\bin\jusched.exe"
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched

    SoundMan SOUNDMAN.EXE
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SoundMan

    Logitech Utility Logi_MwX.Exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Logitech Utility

    VTTimer VTTimer.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\VTTimer

    DriverMax "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\DriverMax


    Go here to analyse the run entries and the associated files:
    http://www.kephyr.com/filedb/index.php

    ****************************************
    Browser helper objects:

    {02478D38-C3F9-4EFB-9B51-7695ECA05670} not set C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} AcroIEHelperStub C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

    {3049C3E9-B461-4BC5-8870-4C09146192CA} not set C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}

    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} WormRadar.com IESiteBlocker.NavFilter C:\Program Files\AVG\AVG8\avgssie.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} not set C:\Program Files\Yahoo!\Common\yiesrvc.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}

    {65D886A2-7CA7-479B-BB95-14D1EFB7946A} not set C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}

    {A057A204-BACC-4D26-9990-79A187E2698E} not set C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}

    {AA58ED58-01DD-4d91-8333-CF10577473F7} not set C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} not set C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

    {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} Google Dictionary Compression sdch C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}

    {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} not set C:\Program Files\WOT\WOT.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}

    {DBC80044-A445-435b-BC74-9C25C1C588A9} not set C:\Program Files\Java\jre6\bin\jp2ssv.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} JQSIEStartDetectorImpl C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

    {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} not set C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}

    {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} not set C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}


    ****************************************
    Toolbars:

    Locked Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\Locked\InprocServer32

    System error message: The system cannot find the file specified.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked

    {EF99BD32-C1FB-11D2-892F-0090271D4F88} C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    {01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

    {0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

    {EF99BD32-C1FB-11D2-892F-0090271D4F88} C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    {2318C2B1-4965-11D4-9B18-009027A5CD4F} C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

    ITBar7Layout Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\ITBar7Layout\InprocServer32

    System error message: The system cannot find the file specified.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Layout

    {F2CF5485-4E02-4F68-819C-B92DE9277049} C:\WINDOWS\system32\ieframe.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F2CF5485-4E02-4F68-819C-B92DE9277049}

    {A057A204-BACC-4D26-9990-79A187E2698E} C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E}

    {C107F7A0-B489-11d2-B2FE-005004055BFB} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{C107F7A0-B489-11d2-B2FE-005004055BFB}\InprocServer32

    System error message: The system cannot find the file specified.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C107F7A0-B489-11d2-B2FE-005004055BFB}

    {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} C:\WINDOWS\system32\SHELL32.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

    {EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\system32\shdocvw.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

    {EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\system32\shdocvw.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}


    ****************************************
    All processes:

    [System Process]
    System
    SMSS.EXE
    CSRSS.EXE
    WINLOGON.EXE
    SERVICES.EXE
    LSASS.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    BRSVC01A.EXE
    BRSS01A.EXE
    SPOOLSV.EXE
    AVGWDSVC.EXE
    JQS.EXE
    GoogleUpdate.exe
    SVCHOST.EXE
    AVGEMC.EXE
    AVGRSX.EXE
    AVGNSX.EXE
    AVGCSRVX.EXE
    EXPLORER.EXE
    ALG.EXE
    EZPRINT.EXE
    Disk_Monitor.exe
    AVGTRAY.EXE
    JUSCHED.EXE
    SOUNDMAN.EXE
    VTTimer.exe
    DEVICES.EXE
    LXCECOMS.EXE
    wuauclt.exe
    FIREFOX.EXE
    spywarescanner.exe

    Go here to analyse the running processes:
    http://www.kephyr.com/filedb/index.php

    ****************************************
    Internet Explorer Settings:

    Default_Page_URL http://uk.yahoo.com/?fr=fp-yie8
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

    Default_Search_URL http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

    Search Bar http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

    Search Page http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

    Start Page http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

    Default_Search_URL http://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\Default_Search_URL

    SearchAssistant http://www.google.com/ie
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

    CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

    http://
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

    www http://
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

    http://home.microsoft.com/access/autosearch.asp?p=%s
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

    Default_Page_URL http://uk.yahoo.com/?fr=fp-yie8
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

    Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

    Start Page http://www.yahoo.com/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

    Use Search Asst no
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst

    SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant

    CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch


    ****************************************
     
  8. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Hi, 1wozk :)

    Welcome.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      -----------------------------------------------------------​
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
        -----------------------------------------------------------​
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      -----------------------------------------------------------​
    4. Double click on combofix.exe & follow the prompts.
    5. If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.
    6. Install the Recovery Console upon request.
    7. When finished, it will produce a report for you.
    8. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
  9. blitzkreig

    blitzkreig

    Joined:
    Mar 5, 2009
    Messages:
    824
    hello 1wozk,
    You know what, my pc was infected with malware too, but I decided to back-up my important data onto another drive and I formatted my C partition, the speed is breathtaking, trust me. :)
     
  10. 1wozk

    1wozk Thread Starter

    Joined:
    May 6, 2008
    Messages:
    96
    Hi thanks for your response i already have malware bytes and the log is above aswell as highjack this, I am having a problem with combo fix my windows can not open it keeps saying it cant open it and asks if i want to search online to find something which will open it so if possible you know why its not opening it for me please.
     
  11. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Hi, 1wozk :)

    Download OTScanit2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanit2 on your desktop. OTScanit2 can be detected as malware by your firewall and Ativirus. Chose Ignore on any warning alert.
    1. Close any open browsers.
    2. Open the OTScanit2 folder and double-click on OTScanit2.exe to start the program.
    3. Leave all settings as they appear as default, except for the following:
    4. Under Drivers, select "All".
    5. Under Rootkit Search, select Yes
    6. Under additional Scan select the following:
      • Reg - ControlSets
      • Reg - Disabled MS Config Items
      • Reg - File Associations
      • Reg - Security Center Settings
      • Reg - Tcpip Persistent Routes
    7. Now click the Run Scan button on the toolbar.
    8. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    9. When the scan is complete Notepad will open with the report file loaded in it.
    10. Save that notepad file
    Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, rather attach it to it).
     
  12. 1wozk

    1wozk Thread Starter

    Joined:
    May 6, 2008
    Messages:
    96
    Hi i have followed your instructions but when i try to post you the log it says it is to long
     
  13. 1wozk

    1wozk Thread Starter

    Joined:
    May 6, 2008
    Messages:
    96
    i am going to send you bits of the log so you get it
     
  14. 1wozk

    1wozk Thread Starter

    Joined:
    May 6, 2008
    Messages:
    96
    Code:
    OTScanIt2 logfile created on: 09/04/2009 07:41:54 - Run 1
    OTScanIt2 by OldTimer - Version 1.0.12.2     Folder = C:\Documents and Settings\warren keen\Desktop\OTScanIt2
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
     
    1.97 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 81.39% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
    Paging file location(s): C:\pagefile.sys 3700 4096;
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.51 Gb Total Space | 44.09 Gb Free Space | 59.17% Space Free | Partition Type: FAT32
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: OEM-V9ZGBAT0XF7
    Current User Name: warren keen
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Whitelist: On
    File Age = 30 Days
     
    [Processes - Safe List]
    agentsvr.exe -> %SystemRoot%\msagent\AgentSvr.exe -> [2006/10/12 11:09:54 | 00,256,512 | ---- | M] (Microsoft Corporation)
    avgcsrvx.exe -> %ProgramFiles%\AVG\AVG8\avgcsrvx.exe -> [2009/04/04 21:38:26 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgcsrvx.exe -> %ProgramFiles%\AVG\AVG8\avgcsrvx.exe -> [2009/04/04 21:38:26 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2009/04/04 21:38:18 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgnsx.exe -> %ProgramFiles%\AVG\AVG8\avgnsx.exe -> [2009/04/04 21:38:26 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> [2009/04/04 21:38:26 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2009/04/04 21:38:16 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.)
    brss01a.exe -> %SystemRoot%\System32\brss01a.exe -> [2001/12/12 16:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd)
    brsvc01a.exe -> %SystemRoot%\System32\brsvc01a.exe -> [2002/04/11 16:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd)
    disk_monitor.exe -> %ProgramFiles%\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe -> [2003/06/18 10:57:40 | 00,466,944 | ---- | M] (Neodio Corp.)
    explorer.exe -> %SystemRoot%\Explorer.EXE -> [2007/06/13 11:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation)
    ezprint.exe -> %ProgramFiles%\Lexmark 4300 Series\ezprint.exe -> [2005/07/26 13:17:18 | 00,094,208 | ---- | M] (Lexmark International Inc.)
    googleupdate.exe -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2009/04/02 17:19:42 | 00,133,104 | ---- | M] (Google Inc.)
    jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/04/07 10:51:56 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
    jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/04/07 10:51:56 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
    lxcecoms.exe -> %SystemRoot%\system32\lxcecoms.exe -> [2005/07/06 11:14:12 | 00,471,040 | ---- | M] (Lexmark International, Inc.)
    otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/04/08 13:39:08 | 00,493,568 | ---- | M] (OldTimer Tools)
    soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> [2007/04/16 15:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.)
    vttimer.exe -> %SystemRoot%\system32\VTTimer.exe -> [2005/03/08 03:33:28 | 00,053,248 | ---- | M] (S3 Graphics, Inc.)
    winword.exe -> %ProgramFiles%\Microsoft Office\Office\WINWORD.EXE -> [1999/03/17 22:38:10 | 08,798,260 | R--- | M] (Microsoft Corporation)
     
    [Win32 Services - Safe List]
    (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
    (avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2009/04/04 21:38:18 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.)
    (avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2009/04/04 21:38:16 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.)
    (Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\brsvc01a.exe -> [2002/04/11 16:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd)
    (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
    (gupdate1c9b3aee63047d8) Google Update Service (gupdate1c9b3aee63047d8) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2009/04/02 17:19:42 | 00,133,104 | ---- | M] (Google Inc.)
    (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/02/20 17:08:34 | 00,137,200 | ---- | M] (Google)
    (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/04 07:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation)
    (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/04/07 10:51:56 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
    (lxce_device) lxce_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\lxcecoms.exe -> [2005/07/06 11:14:12 | 00,471,040 | ---- | M] (Lexmark International, Inc.)
    (uploadmgr) Upload Manager [Win32_Shared | Auto | Stopped] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/04 07:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation)
    (WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)
    (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
     
  15. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Click on Reply then scroll down to Manage Attachments. Browse and Upload the report. Submit the reply.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/816871