Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need a lil help cleaning some unwanted software on my pc and some advice.


  • This topic is locked This topic is locked
10 replies to this topic

#1 theirishguy

theirishguy

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 02 September 2010 - 04:52 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:49:52 PM, on 9/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=...AKFQuzcmgglFFwQ
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMus.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMus.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMus.dll (file missing)
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...mp;n=2010081401
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca1d788772f23e) (gupdate1ca1d788772f23e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 8984 bytes

Fear is Imagination.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:30 AM

Posted 11 September 2010 - 07:51 AM

hi theirishguy,

Sorry for the delay, no shortage of posters. If you still need help post back.

How Can I Reduce My Risk to Malware?


#3 theirishguy

theirishguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 30 September 2010 - 07:48 PM

sorry about the delay on my part... i'm trying to get my dads pc fixed and i'm not over here a whole lot... for the time frame in between replies. here's another log (i had to use rsit to get this log due to not being able to download the hijackthis v2.0.4)



Logfile of random's system information tool 1.08 (written by random/random)
Run by Compaq_Owner at 2010-09-30 19:42:44
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 38 GB (54%) free of 70 GB
Total RAM: 222 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:43:26 PM, on 9/30/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=...AKFQuzcmgglFFwQ
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMus.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMus.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMus.dll (file missing)
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -update plugin
O4 - HKCU\..\RunOnce: [Uninstall_Survey] wscript //B
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...mp;n=2010081401
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca1d788772f23e) (gupdate1ca1d788772f23e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 8681 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ee802e8-c931-47ab-b570-aa8f791598ca}]
eMusic Toolbar - C:\Program Files\eMusic\tbeMus.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2005-10-11 720896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2005-10-11 720896]
{9ee802e8-c931-47ab-b570-aa8f791598ca} - eMusic Toolbar - C:\Program Files\eMusic\tbeMus.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-10-11 180269]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]
"EKIJ5000StatusMonitor"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2009-08-05 1626112]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2010-08-13 32849]
"AVGIDS"=C:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe [2010-01-26 1661448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2010-08-13 32849]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe [2010-08-17 232912]
"Uninstall_Survey"=wscript //B []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gamevance]
C:\Program Files\Gamevance\gamevance32.exe a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
C:\Program Files\Logitech\Logitech Vid\Vid.exe [2010-02-12 5933912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2005-05-10 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2010-08-13 32849]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-08 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-10-11 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
C:\PROGRA~1\COMPAQ~1\5577497\Program\COMPAQ~1.EXE [2005-10-11 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner.YOUR-27E1513D96^Start Menu^Programs^Startup^IMVU.lnk]
C:\DOCUME~1\COMPAQ~1.YOU\APPLIC~1\IMVUCL~1\IMVUQU~1.EXE --startup []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-08 46080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NofolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\Logitech\Logitech Vid\Vid.exe"="C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"

======List of files/folders created in the last 1 months======

2010-09-30 19:36:51 ----D---- C:\Documents and Settings\All Users\Application Data\AVG IDS
2010-09-30 19:33:35 ----A---- C:\WINDOWS\system32\MFC71ENU.DLL
2010-09-14 14:01:18 ----D---- C:\spoolerlogs
2010-09-11 15:35:39 ----D---- C:\Program Files\Alwil Software
2010-09-11 15:35:39 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-09-11 14:45:57 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2010-09-02 16:28:26 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2010-09-02 16:28:26 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2010-09-02 16:28:26 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2010-09-02 16:28:26 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)

======List of files/folders modified in the last 1 months======

2010-09-30 19:43:26 ----D---- C:\Program Files\Trend Micro
2010-09-30 19:42:29 ----D---- C:\WINDOWS\Prefetch
2010-09-30 19:36:58 ----SHD---- C:\WINDOWS\Installer
2010-09-30 19:36:53 ----D---- C:\WINDOWS\system32\drivers
2010-09-30 19:36:52 ----D---- C:\WINDOWS\system32
2010-09-30 19:34:00 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Microsoft
2010-09-30 19:34:00 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-09-30 19:29:10 ----D---- C:\WINDOWS
2010-09-30 19:13:16 ----D---- C:\Program Files\Mozilla Firefox
2010-09-30 16:17:27 ----D---- C:\WINDOWS\Temp
2010-09-28 00:58:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-21 02:20:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-21 02:18:59 ----D---- C:\Program Files
2010-09-19 16:25:28 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Adobe
2010-09-15 08:03:27 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-11 17:02:12 ----D---- C:\WINDOWS\?asks
2010-09-11 17:02:12 ----D---- C:\Program Files\Morpheus
2010-09-11 15:36:27 ----D---- C:\WINDOWS\WinSxS
2010-09-11 15:22:34 ----D---- C:\Program Files\AVG
2010-09-11 14:28:31 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-09-11 14:26:09 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-11 09:54:05 ----D---- C:\Documents and Settings\All Users\Application Data\yahoo!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 bb-run;Promise driver accelerator; C:\WINDOWS\system32\DRIVERS\bb-run.sys [2003-11-05 17408]
R0 ftsata2;ftsata2; C:\WINDOWS\system32\DRIVERS\ftsata2.sys [2005-04-14 175616]
R0 iaStor;Intel RAID Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-03-09 870912]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-04 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-01-26 20576]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 266552]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-06-30 1094848]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-08 1235968]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R4 AVGIDSDriver;AVGIDSDriver; \??\C:\Program Files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSDriver.sys []
R4 AVGIDSFilter;AVGIDSFilter; \??\C:\Program Files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSFilter.sys []
R4 AVGIDSShim;AVGIDSShim; \??\C:\Program Files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSShim.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2009-10-07 23832]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2009-10-07 114712]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2009-10-07 266008]
S3 LVUVC;Logitech Webcam 250(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2009-10-07 6756632]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-03-28 11480]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-03-28 171928]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-03-28 37016]
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-03-28 47192]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 18904]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-08 376832]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-08 153376]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
R4 AVGIDSWatcher;AVGIDSWatcher; C:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe [2010-01-26 559624]
S2 gupdate1ca1d788772f23e;Google Update Service (gupdate1ca1d788772f23e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-15 133104]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-03-28 206552]
S4 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe AVGIDSAgent []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Fear is Imagination.


#4 theirishguy

theirishguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 30 September 2010 - 07:51 PM

in the mean time i'm going to use a previous post of mine from my pc to speed up this fix and hopefully help save you some time aswell. i will add a reply to what i do and here is a link to the post i am going by (not every last detail unless said other wise.)...



http://www.bleepingcomputer.com/forums/topic336075.html

Edited by theirishguy, 30 September 2010 - 07:52 PM.

Fear is Imagination.


#5 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:30 AM

Posted 30 September 2010 - 08:30 PM

ok I am confused now. Is this another computer you need help with or a continuation of your other thread with suebaby41?

How Can I Reduce My Risk to Malware?


#6 theirishguy

theirishguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 30 September 2010 - 08:55 PM

i'm sorry it is a different computer that is having the same issue as my pc was having. the only problem is there is really nothing on this pc to protect it or clean it when there is something wrong with it. right now the only thing i've done is run that rsit program for a hijackthis v2.0.4 log and i just finished with rinning combo fix. and here is the combo fix log. this is all i'm doing to it for now. i might not be on here for a while, but i'm going to try and have my sister which lives with my dad keep up with this and follow any instructions you have for her to fix this pc. i'm sorry for any confusion, and i hope that we can continue fixing this pc without any further confusion.

this is not a continuation of the topic suebaby41 helped me with. it is in fact a new topic for a different pc.



ComboFix 10-09-30.03 - Compaq_Owner 09/30/2010 20:08:14.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222.66 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\FunWebProducts
c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Recent\Thumbs.db
c:\documents and settings\Kristina's Programs\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Kristina's Programs\Local Settings\Temporary Internet Files\CPV.stt
c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\program files\Common Files\ofmq
c:\program files\Common Files\ofmq\ofmqa.lck
c:\program files\Common Files\ofmq\ofmqd\class-barrel
c:\program files\Common Files\ofmq\ofmqd\vocabulary
c:\program files\Common Files\ofmq\ofmqh
c:\program files\Common Files\ofmq\ofmql.lck
c:\program files\Common Files\ofmq\ofmqm.lck
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\pppatc~1
c:\program files\pppatc~1\mmc.exe
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\asks~1
c:\windows\asks~1\?asks\ctxad-555.0000
c:\windows\asks~1\?asks\ctxad-556.0000
c:\windows\asks~1\?asks\ctxad-578.0000
c:\windows\asks~1\?asks\dohinst-103.0000
c:\windows\asks~1\?asks\OINAn-102.0000
c:\windows\asks~1\?asks\OINAn-105.0000
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\mpoqss.ini
c:\windows\pppatc~1
c:\windows\pqpsut.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2010-09-01 to 2010-10-01 )))))))))))))))))))))))))))))))
.

2010-10-01 00:36 . 2010-10-01 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG IDS
2010-10-01 00:33 . 2003-03-19 01:44 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
2010-09-14 19:01 . 2010-09-14 19:01 -------- d-----w- C:\spoolerlogs
2010-09-11 20:35 . 2010-09-11 20:35 -------- d-----w- c:\program files\Alwil Software
2010-09-11 20:35 . 2010-09-11 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-11 19:45 . 2010-09-11 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2010-09-02 21:28 . 2010-09-02 21:28 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-09-02 21:28 . 2010-09-02 21:28 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-09-02 21:28 . 2010-09-02 21:28 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-09-02 21:28 . 2010-09-02 21:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 00:43 . 2009-08-17 02:46 -------- d-----w- c:\program files\Trend Micro
2010-09-11 22:02 . 2005-12-09 01:02 -------- d-----w- c:\program files\Morpheus
2010-09-11 20:22 . 2008-09-18 18:25 -------- d-----w- c:\program files\AVG
2010-09-11 19:28 . 2007-04-16 01:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-11 19:26 . 2007-04-16 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-11 14:54 . 2005-11-20 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-08-26 15:07 . 2005-10-12 00:59 -------- d-----w- c:\program files\WildTangent
2010-08-26 15:07 . 2009-06-12 09:25 -------- d-----w- c:\program files\HP Games
2010-08-26 15:06 . 2009-08-15 07:20 -------- d-----w- c:\program files\Zylom Games
2010-08-26 15:05 . 2005-10-12 00:58 -------- d-----w- c:\program files\Sonic
2010-08-26 15:04 . 2009-08-15 07:13 -------- d-----w- c:\program files\RealArcade
2010-08-26 13:23 . 2008-12-30 00:19 -------- d-----w- c:\program files\Oberon Media
2010-08-26 13:17 . 2010-03-09 05:06 -------- d-----w- c:\program files\PokerStars.NET
2010-08-26 13:15 . 2009-07-26 09:34 -------- d-----w- c:\program files\Inca Ball
2010-08-26 13:15 . 2009-07-24 13:46 -------- d-----w- c:\program files\AOL Games
2010-08-26 13:14 . 2005-10-12 01:28 -------- d-----w- c:\program files\Google
2010-08-14 04:59 . 2010-08-14 04:59 32768 ----a-w- c:\windows\system32\f3PSSavr.scr
2010-08-10 02:56 . 2010-08-10 02:56 29928 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-09 20:05 . 2009-08-08 22:11 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Apple Computer
2010-08-09 19:52 . 2010-08-09 19:31 -------- d-----w- c:\program files\iTunes
2010-08-09 19:42 . 2010-08-09 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-09 19:32 . 2010-08-09 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-09 19:31 . 2010-08-09 19:31 -------- d-----w- c:\program files\iPod
2010-08-09 19:31 . 2010-08-09 19:27 -------- d-----w- c:\program files\Common Files\Apple
2010-08-09 19:30 . 2010-08-09 19:29 -------- d-----w- c:\program files\QuickTime
2010-08-09 19:29 . 2005-10-12 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-09 19:28 . 2010-08-09 19:28 -------- d-----w- c:\program files\Apple Software Update
2010-08-09 19:27 . 2010-08-09 19:27 -------- d-----w- c:\program files\Bonjour
2010-08-07 19:09 . 2010-03-14 06:43 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-07 19:09 . 2010-03-14 06:42 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-21 21:30 . 2010-07-21 21:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2007-05-17 20:00 . 2007-05-17 20:00 4567757 -csh--w- c:\windows\pqpsut.tmp
2009-10-02 08:14 . 2009-10-02 08:14 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-12 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-05 1626112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.YOUR-27E1513D96^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 13:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-02-12 23:07 5933912 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 19:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2005-05-11 00:50 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-09 03:38 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-10-12 00:56 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S2 gupdate1ca1d788772f23e;Google Update Service (gupdate1ca1d788772f23e);c:\program files\Google\Update\GoogleUpdate.exe [8/15/2009 2:17 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-15 07:16]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-15 07:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZJfox000&ptb=iC4hX_9AKFQuzcmgglFFwQ
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Start Menu\Programs\IMVU\Run IMVU.lnk
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9ee802e8-c931-47ab-b570-aa8f791598ca} - c:\program files\eMusic\tbeMus.dll
BHO-{9ee802e8-c931-47ab-b570-aa8f791598ca} - c:\program files\eMusic\tbeMus.dll
Toolbar-{9ee802e8-c931-47ab-b570-aa8f791598ca} - c:\program files\eMusic\tbeMus.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{9EE802E8-C931-47AB-B570-AA8F791598CA} - c:\program files\eMusic\tbeMus.dll
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-AVGIDS - c:\program files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe
MSConfigStartUp-Gamevance - c:\program files\Gamevance\gamevance32.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
AddRemove-eMusic Toolbar - c:\progra~1\eMusic\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 20:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5476)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ALCXMNTR.EXE
.
**************************************************************************
.
Completion time: 2010-09-30 20:44:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-01 01:44

Pre-Run: 39,976,833,024 bytes free
Post-Run: 43,281,186,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 55CA2F89268D13CC8AA8C32565AF5C07

Fear is Imagination.


#7 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:30 AM

Posted 01 October 2010 - 02:22 PM

Combofix removed some goodies. Check Malwarebytes for updates and scan with it.

How Can I Reduce My Risk to Malware?


#8 theirishguy

theirishguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 03 October 2010 - 10:48 PM

ok did a scan with malwarebytes, and here is the log.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4736

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

10/3/2010 10:45:36 PM
mbam-log-2010-10-03 (22-45-36).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 295253
Time elapsed: 1 hour(s), 36 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{8e9cf769-3d3b-40eb-9e2d-76e7a205e4d2} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Compaq_Owner\My Documents\Azureus Downloads\Bj164DR\Diamond Rio - 16 Biggest Hits ( 2007)\Diamond Rio - 16 Biggest Hits - 2007_Front.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\My Documents\Downloads\MyWebFaceSetup2.3.67.1.SA.HP.GRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\My Documents\Downloads\ZwinkySetup2.3.69.8.ZJfox000(2).exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\My Documents\Downloads\ZwinkySetup2.3.69.8.ZJfox000(3).exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\My Documents\Downloads\ZwinkySetup2.3.69.8.ZJfox000(4).exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\My Documents\Downloads\ZwinkySetup2.3.69.8.ZJfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.


will be back in a couple of days.

Fear is Imagination.


#9 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:30 AM

Posted 04 October 2010 - 04:27 PM

ok good. Hows it all looking on your end now?

How Can I Reduce My Risk to Malware?


#10 theirishguy

theirishguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 07 October 2010 - 01:21 PM

everything is running as it should (for what programs i have checked and asked about). the only issue now is speed. most programs are running very sluggish. internet takes a moment to close down, but at least the worst of everything is taken care of.

Fear is Imagination.


#11 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:30 AM

Posted 07 October 2010 - 04:23 PM

Lets reset IE back to its defaults:
With IE open go to tools>internet options and under the advanced tab you should see a button to reset IE to its defaults.
Iam in linux now and cant check but it should be close to that anyway.

MyWebSearch probably installed as a add-on to some software you downloaded. Make sure you get software from trusted sources only and be sure that you know what else the software may install as a add-on, if anything.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users