0

Hey all, I know there are a few topics on this similar subject, but I'm at my end of what to do and I really need some help. So I have the issue of website links and google searches redirecting to random ad sites (with similar search terms linked). In addition webpages have been running super slow (even for my computer). I've run a few of the cleaners sugested in the sticky topic and usually perform routine scans with the free programs I've always had on this computer.

I attempted using the GMER tool, and I got the initial scan . But upon doing the second scan it would freeze and crash. The one time I was able to get it to run, my computer shut off (its been doing this a lot lately, which I think may be due to overheating issues, but that's besides the point). Anytime I try to do this after the initial try I get a blue screen saying something to the effect that Windows encountered an error and something about making sure there is enough free disk space (sorry I couldn't get more information since it shuts off pretty fast after that screen comes up).

However after running the MBAM cleaner I was able to run the GMER tool fine (sfmbj4f1)

*Also for some reason my proxy settings were changed after running all these and I had to disable proxies in Firefox options in order to connect.

I've run all the other steps suggested in the sticky topic and I'm worried I might have something really nasty on my PC.

MBAM
==================

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5220

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11/30/2010 3:44:30 PM
mbam-log-2010-11-30 (15-44-30).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 327406
Time elapsed: 1 hour(s), 44 minute(s), 54 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\Users\Areku\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Agent.Gen) -> Unloaded process successfully.
C:\Users\Areku\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent.Gen) -> Failed to unload process.
C:\Users\Areku\AppData\Local\Temp\dwm.exe (Trojan.Agent.Gen) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent.Gen) -> Data: c:\users\areku\appdata\local\temp\dwm.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Areku\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Areku\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Areku\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot.
C:\Users\Areku\AppData\Local\Temp\dwm.exe (Trojan.Agent.Gen) -> Delete on reboot.
C:\Users\Areku\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
==============================

GMER One
==============================
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-30 15:50:47
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160821AS rev.3.ALC
Running: sfmbj4f1.exe; Driver: C:\Users\Areku\AppData\Local\Temp\kxldapog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 31: copy of MBR

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
====================================

GMER Two
====================================

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-30 16:20:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160821AS rev.3.ALC
Running: sfmbj4f1.exe; Driver: C:\Users\Areku\AppData\Local\Temp\kxldapog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 31: copy of MBR

---- EOF - GMER 1.0.15 ----
===================================

DDS
===================================


DDS (Ver_10-11-27.01) - NTFSx86
Run by Areku at 16:32:52.67 on Tue 11/30/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.765.113 [GMT -6:00]

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Areku\Desktop\CLEAN\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1616
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1616
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1616
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1616
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [V0220Mon.exe] c:\windows\V0220Mon.exe
mRun: [c:\windows\system32\v0220ext.ax] c:\windows\system32\regsvr32.exe /s c:\windows\system32\V0220Ext.ax
mRun: [SigmatelSysTrayApp] sttray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\areku\appdata\roaming\mozilla\firefox\profiles\efqoll4v.default\
FF - prefs.js: browser.startup.homepage - www.bungie.net
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\areku\appdata\roaming\mozilla\firefox\profiles\efqoll4v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - c:\users\areku\appdata\roaming\mozilla\firefox\profiles\efqoll4v.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Extension: Tab Preview: {1de0de3c-0b5c-4f67-90c6-689623894991} - c:\users\areku\appdata\roaming\mozilla\firefox\profiles\efqoll4v.default\extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}
FF - Extension: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - c:\users\areku\appdata\roaming\mozilla\firefox\profiles\efqoll4v.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\users\areku\appdata\roaming\mozilla\firefox\profiles\efqoll4v.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Flash Video Resources Downloader: max@subfighter.com - c:\users\areku\appdata\roaming\mozilla\firefox\profiles\efqoll4v.default\extensions\max@subfighter.com
FF - Extension: Metal3D: {48e23fba-bb14-4745-b768-382150cd83fb} - c:\users\areku\appdata\roaming\mozilla\firefox\profiles\efqoll4v.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-26 64288]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-25 24652]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-3-18 292864]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-25 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1375992]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [2008-2-4 146112]
S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [2008-2-4 6272]

=============== Created Last 30 ================

2010-11-30 18:10:42 -------- d-----w- c:\users\areku\appdata\roaming\Malwarebytes
2010-11-30 18:10:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 18:10:31 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-30 18:10:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 18:10:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-30 17:45:33 -------- d-----w- C:\4a838aee62802202e0ffc7
2010-11-30 10:59:03 -------- d-----w- C:\11585b86f0a90b24b831
2010-11-30 10:29:30 -------- d-----w- c:\users\areku\appdata\roaming\TrojanHunter
2010-11-25 09:16:14 -------- d-----w- C:\2f5a353e9183b5791b10927fbc03fbb4
2010-11-25 09:15:22 -------- d-----w- c:\progra~2\Alwil Software

==================== Find3M ====================


============= FINISH: 16:34:25.05 ===============
=================================================

ATTACH
=================================================


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/23/2007 3:54:00 PM
System Uptime: 11/30/2010 3:46:54 PM (1 hours ago)

Motherboard: GATEWAY | |
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket M2/S1G1 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 68.347 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.888 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_0565107B&REV_01\10EC813600
Manufacturer: Realtek
Name: Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_0565107B&REV_01\10EC813600
Service: RTL8169

==== System Restore Points ===================

RP805: 11/18/2010 4:54:01 PM - Scheduled Checkpoint
RP806: 11/19/2010 7:12:20 PM - Scheduled Checkpoint
RP807: 11/20/2010 8:39:10 PM - Scheduled Checkpoint
RP808: 11/21/2010 11:08:11 PM - Scheduled Checkpoint
RP809: 11/23/2010 7:11:07 PM - Scheduled Checkpoint
RP810: 11/24/2010 2:22:56 PM - Scheduled Checkpoint
RP811: 11/25/2010 3:13:59 AM - avast! Free Antivirus Setup
RP812: 11/25/2010 10:01:56 PM - Scheduled Checkpoint
RP813: 11/26/2010 6:10:38 PM - Scheduled Checkpoint
RP814: 11/27/2010 8:40:08 PM - Scheduled Checkpoint
RP815: 11/30/2010 1:51:52 AM - Installed CounterSpy.
RP816: 11/30/2010 2:44:13 AM - avast! Free Antivirus Setup
RP817: 11/30/2010 4:40:16 AM - Removed HP Smart Web Printing
RP818: 11/30/2010 4:43:44 AM - Removed HPSSupply

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AviSynth 2.5
Bonjour
BufferChm
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
Creative Live! Cam Center
Creative Live! Cam Manager
Creative Live! Cam Video IM Driver (1.01.01.00)
Creative System Information
EndNote X2
F2100_doccd
Gateway Connect
Gateway Recovery Center Installer
GIMP 2.4.2
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IDT Audio
ISI ResearchSoft - Export Helper
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft AppLocale
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Application Compatibility Database
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
OGA Notifier 2.0.0048.0
Power2Go 5.0
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
REALTEK USB Wireless LAN Driver
ResearchSoft Direct Export Helper
SightSpeed (remove only)
Skins
Skype™ 4.2
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Synaptics Pointing Device Driver
System Requirements Lab
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.4
Windows Media Player Firefox Plugin
WinRAR archiver

==== Event Viewer Messages From Past Week ========

11/30/2010 8:21:37 AM, Error: EventLog [6008] - The previous system shutdown at 6:35:28 AM on 11/30/2010 was unexpected.
11/30/2010 3:48:55 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/30/2010 2:35:02 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
11/30/2010 12:07:30 PM, Error: EventLog [6008] - The previous system shutdown at 12:05:03 PM on 11/30/2010 was unexpected.
11/30/2010 11:27:10 AM, Error: EventLog [6008] - The previous system shutdown at 11:26:18 AM on 11/30/2010 was unexpected.
11/30/2010 11:20:28 AM, Error: EventLog [6008] - The previous system shutdown at 11:18:38 AM on 11/30/2010 was unexpected.
11/29/2010 10:02:49 PM, Error: EventLog [6008] - The previous system shutdown at 9:36:54 PM on 11/29/2010 was unexpected.
11/28/2010 11:01:36 PM, Error: EventLog [6008] - The previous system shutdown at 10:00:59 PM on 11/28/2010 was unexpected.
11/27/2010 7:52:29 PM, Error: EventLog [6008] - The previous system shutdown at 6:46:50 PM on 11/27/2010 was unexpected.
11/26/2010 4:01:57 PM, Error: EventLog [6008] - The previous system shutdown at 3:55:04 PM on 11/26/2010 was unexpected.
11/25/2010 5:12:29 AM, Error: EventLog [6008] - The previous system shutdown at 5:07:19 AM on 11/25/2010 was unexpected.
11/25/2010 3:37:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/23/2010 6:33:39 PM, Error: EventLog [6008] - The previous system shutdown at 6:01:56 PM on 11/23/2010 was unexpected.

==== End Of File ===========================

2
Contributors
7
Replies
8
Views
6 Years
Discussion Span
Last Post by Korushi
0

You need to update MBA-M. There is a new version now 1.50
Please do the following:
Please Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Post back with that log.

0

Thanks for the response! I'm going to go ahead and post this since it takes forever for these to run on my comp. I'll go ahead and re-run the updated version of MBA-M and post that file once it is finished.

Anything else that I need to do in the meantime let me know.

ESET LOG FILE
================================================
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1f4991493bd0e24b90bbf51679d7389e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-01 01:13:12
# local_time=2010-11-30 07:13:12 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 24024966 24024966 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776893 100 100 42430404 127768135 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=187754
# found=3
# cleaned=3
# scan_time=5384
C:\Program Files\SightSpeed\images\AskToolbarInstaller.exe a variant of Win32/AdInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Areku\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\e8267fc-3d49f1c2 probably a variant of Win32/Agent.LMMBFXF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Areku\AppData\Roaming\Mozilla\Firefox\Profiles\efqoll4v.default\extensions\instaclick@leahscape.com\defaults\preferences\prefs.js Win32/Agent.RQD.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

0

Ok here is the updated M-BAM file

M-BAM
=======================

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11/30/2010 8:45:02 PM
mbam-log-2010-11-30 (20-45-02).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 320815
Time elapsed: 1 hour(s), 21 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
=====================================

0

You do not have an anti-virus program on the computer, this is an absolute MUST, especially today with the very serious threats encountered all over the net.
There are several very good Free ones I suggest you choose one of these, install it, update it and schedule daily updates and weekly scans with it. Otherwise you have virtually no protection on the computer. AdAware is an anti-malware program and offers no protection, it is a scanner only. You have an outdated copy of Windows Defender on the computer but it also is an anti-malware program and also offers little to no protection. You seem to have the McAfee firewall installed but that is it.
Essentially you have no protection really.

Here are the two FREE programs highly recommended, choose ONE of them and install it.

Avira Free: http://www.avira.com/en/avira-free-antivirus is on the left side of the page.

Avast Free:http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

After you have one of these installed, updated and active then please run a system scan with HiJackThis version 2.0.4 and post back here with the log.

http://free.antivirus.com/hijackthis/

0

Thanks so much, I now have Avast fully operational and updated on my computer. I ran the Hijackthis program and here is the log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:58:58 PM, on 11/30/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Users\Areku\Desktop\Cleaners\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1616
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1616
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1616
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1616
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\Windows\V0220Mon.exe
O4 - HKLM\..\Run: [C:\Windows\system32\V0220Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0220Ext.ax
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5201 bytes

0

Very good. I would suggest that you stop that AdAware auto starting service. It really does nothing, unless you have paid for the program, and even then it does little. AdAware just isn't the program it once was. Keep MBA-M, at least once a week Update the program first and run a Quick Scan with it. If it finds anything then have it Remove all it finds, reboot the system, Update the program again and run the Full Scan to be safe. It often has multiple updates a day so always update before each scan.
I also suggest that you add one more program, that is SpywareBlaster from Javacool. It truly is a MUST have program. I wouldn't run a computer without it. It is FREE, it Does NOT run in the background but it does the following:
SpywareBlaster doesn't scan for and clean spyware--it prevents it from being installed in the first place. SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites

Simply download, install, update, enable all protection and close the program. Simple as that. Just manually check for updates every few weeks or so, if there are any then install them and click enable all. That's it.

http://download.cnet.com/SpywareBlaster/3000-8022_4-10196637.html

Edited by jholland1964: n/a

0

Awesome thank you so much, I have all the programs you've suggested up and running and it seems my computer is back to running as normal.

This has really helped a lot and I'll be sure to pass these programs on to the rest of my family as well.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.