Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser/PC Hanging


  • Please log in to reply

#1
akeem

akeem

    Member

  • Member
  • PipPip
  • 70 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:01, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Comodo\Comodo AntiVirus\CAVSubmit.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb10.hpwis.com/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZKfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\System32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: AJIIOKJTWAQR - Unknown owner - C:\DOCUME~1\OWNER~1.TRA\LOCALS~1\Temp\AJIIOKJTWAQR.exe (file missing)
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6426 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello akeem

Welcome to G2Go. :)
=====================
You have 2 antivirus programs running please uninstall one or the other Norton or Comodo.
=================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
akeem

akeem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
HI thanks for the response

Un installed comodo av

installed dss.exe when this program is nearly finished it comes up with this program has encountered a problem and needs to close, just before the creating logs section of the scan.
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
ok Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
akeem

akeem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
c.bat is not recognised as an internal or external command or operable program or batch file

is the message im getting
  • 0

#6
akeem

akeem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
working now
  • 0

#7
akeem

akeem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
just ran that scan for 10 hours is that right? well anyway had to restart pc to post this
  • 0

#8
akeem

akeem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
main.txt

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-21 10:40:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
23: 2008-04-21 08:00:30 UTC - RP129 - Deckard's System Scanner Restore Point
22: 2008-04-20 18:07:52 UTC - RP128 - ComboFix created restore point
21: 2008-04-20 15:45:32 UTC - RP127 - Deckard's System Scanner Restore Point
20: 2008-04-19 22:10:01 UTC - RP126 - System Checkpoint
19: 2008-04-18 21:19:06 UTC - RP125 - System Checkpoint


-- First Restore Point --
1: 2008-04-06 19:12:04 UTC - RP107 - Installed Windows XP KB923191.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-21 10:41:07
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.TRACEY\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O3 - Toolbar: (no name) - - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.micr...78f/wvc1dmo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O23 - Service: AJIIOKJTWAQR - Unknown owner - C:\DOCUME~1\OWNER~1.TRA\LOCALS~1\Temp\AJIIOKJTWAQR.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCore.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe


--
End of file - 5440 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080416-071806-657 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
backup-20080416-071946-987 O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
backup-20080416-071949-658 O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
backup-20080416-071951-231 O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
backup-20080416-071953-777 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
backup-20080416-072003-576 O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
backup-20080416-072004-308 O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
backup-20080416-180215-654 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
backup-20080416-180218-170 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
backup-20080416-180220-278 O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
backup-20080416-180221-436 O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
backup-20080416-180223-962 O23 - Service: AJIIOKJTWAQR - Unknown owner - C:\DOCUME~1\OWNER~1.TRA\LOCALS~1\Temp\AJIIOKJTWAQR.exe (file missing)
backup-20080416-180224-360 O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
backup-20080416-180225-327 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
backup-20080416-180226-288 O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
backup-20080416-180227-657 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
backup-20080416-180228-351 O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
backup-20080416-180229-930 O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
backup-20080416-180230-554 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20080416-180231-828 O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
backup-20080418-070049-189 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
backup-20080418-070049-250 O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
backup-20080418-070049-264 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20080418-070049-271 O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
backup-20080418-070049-279 O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZKfox000
backup-20080418-070049-478 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\System32\GPhotos.scr/200
backup-20080418-070049-517 O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
backup-20080418-070049-529 F3 - REG:win.ini: load=
backup-20080418-070049-855 F3 - REG:win.ini: run=
backup-20080418-071025-732 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

-- File Associations -----------------------------------------------------------

.txt - txtfile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 AJIIOKJTWAQR - c:\docume~1\owner~1.tra\locals~1\temp\ajiiokjtwaqr.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: SW\{2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer:
Name:
PNP Device ID: SW\{2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-04-21 10:00:00 486 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-04-21 09:46:04 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-04-17 07:02:22 372 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-20 18:34:07 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-20 18:33:57 68096 --a------ C:\WINDOWS\zip.exe
2008-04-20 18:33:57 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-20 18:33:57 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-20 18:33:57 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-20 18:33:57 98816 --a------ C:\WINDOWS\sed.exe
2008-04-20 18:33:57 80412 --a------ C:\WINDOWS\grep.exe
2008-04-20 18:33:57 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-19 22:37:13 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\WinBatch
2008-04-16 06:55:54 0 d-------- C:\Program Files\Defraggler
2008-04-15 18:55:49 0 d-------- C:\Documents and Settings\Owner.TRACEY\.housecall6.6
2008-04-15 18:43:52 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Sereniti
2008-04-14 18:58:08 0 d-------- C:\Program Files\Trend Micro
2008-04-14 18:48:01 0 d-------- C:\WINDOWS\BDOSCAN8
2008-04-14 07:06:01 0 d-------- C:\Program Files\RegCure
2008-04-13 20:14:41 0 d-------- C:\Program Files\RegistryFix
2008-04-13 15:04:36 0 d-------- C:\Program Files\PC Optimizer Pro
2008-04-13 14:49:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-13 14:47:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-13 14:47:15 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\SUPERAntiSpyware.com
2008-04-13 12:09:20 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-04-13 12:09:09 0 d-------- C:\Program Files\FireTune
2008-04-09 20:14:50 208896 --a------ C:\WINDOWS\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2008-04-09 20:14:40 0 d-------- C:\Documents and Settings\All Users\Application Data\BOC425
2008-04-08 21:28:40 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-08 20:05:27 0 d-------- C:\Program Files\CCleaner
2008-04-08 19:58:21 0 dr-h----- C:\Documents and Settings\Owner.TRACEY\Recent
2008-04-08 19:57:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-08 19:51:23 0 d-------- C:\Documents and Settings\Default User\Application Data\Starware337
2008-04-08 03:21:33 18 --ah----- C:\SYSREST
2008-04-07 21:14:52 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Auslogics
2008-04-07 21:14:33 0 d-------- C:\Program Files\Auslogics
2008-04-07 13:05:34 0 d-------- C:\Documents and Settings\Tracey L\Application Data\Mozilla
2008-04-07 07:25:46 179256 --a------ C:\Documents and Settings\Tracey L\~
2008-04-07 07:25:42 0 d-------- C:\Documents and Settings\Tracey L\Application Data\Microsoft
2008-04-07 07:25:40 0 d-------- C:\Documents and Settings\Tracey L\Favorites
2008-04-07 07:25:40 0 d-------- C:\Documents and Settings\Tracey L\Cookies
2008-04-07 07:25:40 0 d-------- C:\Documents and Settings\Tracey L\Application Data
2008-04-07 07:25:38 0 d-------- C:\Documents and Settings\Tracey L\Local Settings
2008-04-07 07:25:36 0 d-------- C:\Documents and Settings\Tracey L\SendTo
2008-04-07 07:25:36 0 d-------- C:\Documents and Settings\Tracey L\My Documents
2008-04-07 07:25:35 0 d-------- C:\Documents and Settings\Tracey L\UserData
2008-04-07 07:25:35 0 d-------- C:\Documents and Settings\Tracey L\Templates
2008-04-07 07:25:35 0 d-------- C:\Documents and Settings\Tracey L\Start Menu
2008-04-07 07:25:32 1048576 --ah----- C:\Documents and Settings\Tracey L\NTUSER.DAT
2008-04-06 21:19:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-06 20:22:35 0 d-------- C:\WINDOWS\Prefetch
2008-04-06 19:43:50 0 d-------- C:\Program Files\Yahoo!
2008-04-06 16:03:16 1572864 --a------ C:\Documents and Settings\Owner.TRACEY\ntuser.dat
2008-04-06 14:16:02 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\vlc
2008-04-05 23:36:11 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-05 19:59:34 0 d-------- C:\Program Files\FunWebProducts
2008-04-05 19:59:11 0 d-------- C:\Program Files\MyWebSearch
2008-04-05 18:44:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-04-05 18:43:06 216576 --a------ C:\WINDOWS\system32\monln.dll <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-04-05 18:41:03 0 d-------- C:\Program Files\Comodo
2008-04-05 10:10:33 0 d-------- C:\Program Files\SopCast
2008-04-05 04:43:18 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-05 00:08:12 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\TuneUp Software
2008-04-05 00:07:07 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-05 00:06:47 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-05 00:05:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 00:03:39 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\WinRAR
2008-04-04 23:48:12 0 d-------- C:\WINDOWS\system32\bits
2008-04-04 23:40:46 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-04 23:37:45 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-04 23:36:36 0 d-------- C:\Program Files\Spyware Doctor
2008-04-04 23:36:36 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\PC Tools
2008-04-04 23:33:41 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Google
2008-04-04 23:32:46 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Talkback
2008-04-04 23:31:18 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Mozilla
2008-04-04 23:29:01 0 d-------- C:\Program Files\Picasa2
2008-04-04 23:28:51 0 d-------- C:\WINDOWS\system32\runtime
2008-04-04 23:24:04 0 d-------- C:\Program Files\Norton Security Scan
2008-04-04 23:21:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-04 23:21:09 0 d-------- C:\Program Files\Google
2008-04-04 22:33:30 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-04 22:18:46 0 dr-hs---- C:\cmdcons
2008-04-04 22:18:19 0 d-------- C:\WINDOWS\setupupd
2008-04-04 22:02:52 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Leadertech
2008-04-04 22:02:52 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Lavasoft
2008-04-04 22:02:52 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\InterVideo
2008-04-04 22:02:52 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Identities
2008-04-04 22:02:52 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\HP
2008-04-04 22:02:52 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Help
2008-04-04 22:02:52 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Common Files
2008-04-04 22:02:52 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\AVG7
2008-04-04 22:02:52 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Apple Computer
2008-04-04 22:02:52 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\AdobeUM
2008-04-04 22:02:52 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Adobe
2008-04-04 22:02:52 179256 --a------ C:\Documents and Settings\Owner.TRACEY\~
2008-04-04 22:02:51 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\MGI
2008-04-04 22:02:51 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Macromedia
2008-04-04 22:02:50 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Sonic
2008-04-04 22:02:50 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\SampleView
2008-04-04 22:02:50 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Roxio
2008-04-04 22:02:50 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\MSN6
2008-04-04 22:02:50 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\mp3collection
2008-04-04 22:02:50 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Motive
2008-04-04 22:02:50 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Microsoft Web Folders
2008-04-04 22:02:49 0 dr------- C:\Documents and Settings\Owner.TRACEY\Favorites
2008-04-04 22:02:49 0 d-------- C:\Documents and Settings\Owner.TRACEY\Desktop
2008-04-04 22:02:49 0 d---s---- C:\Documents and Settings\Owner.TRACEY\Cookies
2008-04-04 22:02:49 0 dr-h----- C:\Documents and Settings\Owner.TRACEY\Application Data
2008-04-04 22:02:49 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Symantec
2008-04-04 22:02:49 0 d-------- C:\Documents and Settings\Owner.TRACEY\Application Data\Sun
2008-04-04 22:02:47 0 d--h----- C:\Documents and Settings\Owner.TRACEY\Local Settings
2008-04-04 22:02:46 0 d--h----- C:\Documents and Settings\Owner.TRACEY\Templates
2008-04-04 22:02:46 0 dr------- C:\Documents and Settings\Owner.TRACEY\Start Menu
2008-04-04 22:02:46 0 dr-h----- C:\Documents and Settings\Owner.TRACEY\SendTo
2008-04-04 22:02:46 0 d--h----- C:\Documents and Settings\Owner.TRACEY\PrintHood
2008-04-04 22:02:46 0 d--h----- C:\Documents and Settings\Owner.TRACEY\NetHood
2008-04-04 22:02:46 0 dr------- C:\Documents and Settings\Owner.TRACEY\My Documents
2008-04-04 22:02:45 0 d-------- C:\Documents and Settings\Owner.TRACEY\WINDOWS
2008-04-04 22:02:45 0 d---s---- C:\Documents and Settings\Owner.TRACEY\UserData
2008-04-04 21:53:42 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2008-04-04 21:53:39 1630208 --a------ C:\WINDOWS\system32\mplvw7.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-04-04 21:53:39 1150976 --a------ C:\WINDOWS\system32\mplvpx.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-04-04 21:53:39 1581056 --a------ C:\WINDOWS\system32\mplvm6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-04-04 21:53:39 1675264 --a------ C:\WINDOWS\system32\mplva6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-04-04 21:53:39 81920 --a------ C:\WINDOWS\system32\mplaw7.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-04-04 21:53:39 69632 --a------ C:\WINDOWS\system32\mplapx.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-04-04 21:53:39 69632 --a------ C:\WINDOWS\system32\mplam6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-04-04 21:53:39 81920 --a------ C:\WINDOWS\system32\mplaa6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-04-04 21:53:39 49152 --a------ C:\WINDOWS\system32\cpuinf32.dll <Not Verified; Intel Corporation; Intel CPUInfo>


-- Find3M Report ---------------------------------------------------------------

2008-04-18 05:49:19 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-16 07:20:13 0 d-------- C:\Program Files\Norton AntiVirus
2008-04-11 19:10:08 0 d-------- C:\Program Files\Mustek 1200 UB PLUS
2008-04-10 20:13:03 0 d-------- C:\Program Files\Messenger
2008-04-09 22:27:09 0 d-------- C:\Program Files\ScanSpyware v3.8.0.4
2008-04-06 13:40:15 0 d-------- C:\Program Files\Movie Maker
2008-04-06 13:37:01 0 d-------- C:\Program Files\Windows NT
2008-04-05 19:08:45 0 d-------- C:\Program Files\Easy Internet signup
2008-04-05 19:05:22 0 d-------- C:\Program Files\Common Files
2008-04-04 22:31:56 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-04 22:17:54 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-04 21:54:19 0 d-------- C:\Program Files\InterVideo
2008-04-04 21:54:18 0 d-------- C:\Program Files\Common Files\InterVideo
2008-04-04 21:54:08 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" [2006-11-07 15:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 22:25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe
"CamMonitor"=c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"IcoSet"=c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
"KBD"=C:\HP\KBD\KBD.EXE
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
"PS2"=C:\WINDOWS\system32\ps2.exe
"AlcxMonitor"=ALCXMNTR.EXE
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
"Reminder"="C:\Windows\Creator\Remind_XP.exe"
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe"
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"NAV CfgWiz"=c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-04-21 10:55:20 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.60GHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 247.48 MiB / 104.13 MiB
Pagefile Memory (total/avail): 606.41 MiB / 454.33 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.41 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 32.48 GiB total, 19.84 GiB free.
D: is Fixed (FAT32) - 4.77 GiB total, 0.57 GiB free.
E: is CDROM (CDFS)
F: is Removable (FAT)

\\.\PHYSICALDRIVE0 - WDC WD400EB-11CPF0 - 37.27 GiB - 2 partitions
\PARTITION0 - Unknown - 4.78 GiB - D:
\PARTITION1 (bootable) - Installable File System - 32.48 GiB - C:

\\.\PHYSICALDRIVE1 - Sony Eri Memory Stick USB Device - 909.93 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 911.94 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner.TRACEY\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TRACEY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner.TRACEY
LOGONSERVER=\\TRACEY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OWNER~1.TRA\LOCALS~1\Temp
TMP=C:\DOCUME~1\OWNER~1.TRA\LOCALS~1\Temp
USERDOMAIN=TRACEY
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner.TRACEY
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner.TRACEY (admin)
Tracey L.TRACEY (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Active Security Monitor 2.0.0.18 --> "C:\Program Files\AOL\Active Security Monitor\unins000.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
AusLogics Disk Defrag --> "C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
BOClean --> C:\WINDOWS\UNBOC.EXE
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Defraggler (remove only) --> "C:\Program Files\Defraggler\uninst.exe"
FireTune --> C:\WINDOWS\iun6002.exe "C:\Program Files\FireTune\irunin.ini"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Photos Screensaver --> MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Photo & Imaging 3.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Photosmart Cameras --> MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
HPIZ311 --> MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Security Scan --> MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}
NVIDIA GART Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PC Optimizer Pro ver.4.5.17 --> "C:\Program Files\PC Optimizer Pro\unins000.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
RegistryFix v6.2 --> "C:\Program Files\RegistryFix\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SopCast 3.0.1 --> C:\Program Files\SopCast\uninst.exe
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type597 / Error
Event Submitted/Written: 04/21/2008 10:41:51 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type596 / Error
Event Submitted/Written: 04/21/2008 10:39:37 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type595 / Error
Event Submitted/Written: 04/21/2008 10:39:32 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type588 / Error
Event Submitted/Written: 04/21/2008 09:01:40 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type587 / Error
Event Submitted/Written: 04/21/2008 09:01:25 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type766 / Warning
Event Submitted/Written: 04/21/2008 09:45:49 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 000C76DACE42. The IP address being used is 169.254.21.155.

Event Record #/Type765 / Warning
Event Submitted/Written: 04/21/2008 09:45:43 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000C76DACE42. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type741 / Warning
Event Submitted/Written: 04/20/2008 08:04:50 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 000C76DACE42. The IP address being used is 169.254.21.155.

Event Record #/Type740 / Warning
Event Submitted/Written: 04/20/2008 08:04:46 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000C76DACE42. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type715 / Error
Event Submitted/Written: 04/19/2008 07:03:31 AM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.0.3 on the
Network Card with network address 000C76DACE42.



-- End of Deckard's System Scanner: finished at 2008-04-21 10:55:20 ------------
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No 10 minutes maybe but not 10 hours.

Please go to Start>Run then coy and paste this into the Run box > "%userprofile%\desktop\dss.exe" /daft
then hit ok.
Click on the scan button.
Then place check next to the items in red.
Then click on Fix.
Then close that program.
===================
Then please uninstall these programs (if present)
Using the Control Panel>Add\Remove Programs.

My Web search bar
FunWebProducts
Registry Fix


then close out of the Control Panel.
==============================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\PROGRA~1\MYWEBS~1
    C:\Program Files\FunWebProducts
    C:\Documents and Settings\All Users\Start Menu\Programs\RegistryFix
    C:\Program Files\RegistryFix
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
====================================
Also post a new Hijackthis log along with the rest of the logs.
  • 0

#10
akeem

akeem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
C:\PROGRA~1\MYWEBS~1\SrchAstt\1.bin moved successfully.
C:\PROGRA~1\MYWEBS~1\SrchAstt moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Settings moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Notifier moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Message moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\icons moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\History moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Game moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Cache moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\Avatar moved successfully.
C:\PROGRA~1\MYWEBS~1\bar\1.bin moved successfully.
C:\PROGRA~1\MYWEBS~1\bar moved successfully.
C:\PROGRA~1\MYWEBS~1 moved successfully.
C:\Program Files\FunWebProducts\Shared\Cache moved successfully.
C:\Program Files\FunWebProducts\Shared moved successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images moved successfully.
C:\Program Files\FunWebProducts\ScreenSaver moved successfully.
C:\Program Files\FunWebProducts moved successfully.
File/Folder C:\Documents and Settings\All Users\Start Menu\Programs\RegistryFix not found.
C:\Program Files\RegistryFix\RegistryFixBackup moved successfully.
C:\Program Files\RegistryFix moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04222008_161844
----------------------------------------------------------------------------------------------------------------

the malware program is running for around 5 minutes then the system is shutting down, at this 5 minute point it found 58 items.

Edited by akeem, 22 April 2008 - 10:01 AM.

  • 0

#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok please try to run the program in Safe MOde.
Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Post the mbam log in your next reply.
  • 0

#12
akeem

akeem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Malwarebytes' Anti-Malware 1.11
Database version: 670

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 137326
Time elapsed: 1 hour(s), 37 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 66
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 29
Files Infected: 32

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Default User\Application Data\Starware337 (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\BrowserSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\ErrorSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\Games (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\Layouts (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\Manager (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\Movies (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\Recipes (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\RecipeSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\Reference (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\RelatedSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\ScreensaversMarketingSitePager (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\SearchAssistPlus (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\SearchMatch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\Toolbar (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\ToolbarLogo (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\ToolbarSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\TravelSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\Weather (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\Games\images (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\Games\images\active (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\Games\images\default (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\Movies\images (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\Movies\images\active (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\Movies\images\default (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\ScreensaversMarketingSitePager\images (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Starware337\SearchMatch\searchMatchPages (Adware.Starware) -> No action taken.

Files Infected:
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP114\A0024196.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP114\A0024197.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP114\A0024198.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP114\A0024199.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP114\A0024200.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP114\A0024201.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP114\A0024202.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP114\A0024203.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP114\A0024204.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP114\A0024205.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP114\A0024206.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP114\A0024207.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP114\A0025178.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP120\A0038294.DLL (Adware.MyWebSearch) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCHMON.EXE (Adware.MyWeb.FunWeb) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\_OTMoveIt\MovedFiles\04222008_161844\PROGRA~1\MYWEBS~1\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi you will have to rerun the Mbam program because it didn't fix anything.
Everything says no action Taken.
After the scan is done you will have to choose remove selected and then it will quarantine\delete averything.
Post that log and a new Hijackthis log and we will go from there.
  • 0

#14
akeem

akeem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

Hi you will have to rerun the Mbam program because it didn't fix anything.
Everything says no action Taken.
After the scan is done you will have to choose remove selected and then it will quarantine\delete averything.
Post that log and a new Hijackthis log and we will go from there.


ran it again in safe mode, then after a while the scan said it aborted!!!!!! hadn't found anything
  • 0

#15
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as an html document button:
  • Save the file to your desktop.
  • Attach that information in your next post.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP