Posts by sampson

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_30
Run by Jimmy at 15:59:08 on 2012-12-30
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3061.2545 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081222
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081222
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [cdloader] "c:\documents and settings\jimmy\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Microsoft Works Update Detection] ?\WkDetect.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jimmy\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\rtl8187 wireless lan utility\RtWLan.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\jimmy\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: …

i cannot seem to copy/past DDS logs. Site tells me I am using the wrong code snippet???

GMER Log 1:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-12-29 20:58:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AAKS-75A7B0 rev.01.03B01
Running: 45s2wigj.exe; Driver: C:\DOCUME~1\Jimmy\LOCALS~1\Temp\awliqkow.sys

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

GMER Log 2:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-30 14:15:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AAKS-75A7B0 rev.01.03B01
Running: 45s2wigj.exe; Driver: C:\DOCUME~1\Jimmy\LOCALS~1\Temp\awliqkow.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????e:??????6a??? ?????????????????????g??????????\e?????????W???????????3??????????? ?????????????????????g????????N?Lo????Se???????&???????????m???e??awliqkow?e???????????t???s???????????l?????sng???????????0??sm??LegacyDriver?e????N??????t????DJim??{8ECC055D-047F-11D1-A537-0000F8753ED1}?Doc??? ???????S?????gs\??awliqkow? ??????????????Bi??? ?????????????????????g??????????gs?????f??????????? ?????????????????????g??????????me?????f??????????? ?????????????????????g??????????mp?????f??????????ts and Settings\Jimmy\Local Settings\temp\Bit14.tmp??\??\C:\Documents and Settings\Jimmy\Local Settings\temp\Bit15.tmp??\??\C:\Documents and Settings\Jimmy\Local Settings\temp\Bit15B.tmp??\??\C:\Documents and Settings\Jimmy\Local Settings\temp\Bit16.tmp??\??\C:\Documents and Settings\Jimmy\Local Settings\temp\Bit191.tmp??\??\C:\Documents and Settings\Jimmy\Local Settings\temp\Bit193.tmp??\??\C:\Documents and Settings\Jimmy\Local Settings\temp\Bit1B.tmp??\??\C:\Documents and Settings\Jimmy\Local Settings\temp\Bit1C.tmp

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00915.JPG 1327442 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00916.JPG 1335657 bytes
File C:\Documents and …

MBA-M Scan after following instructions here:

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.30.09

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Jimmy :: JIMANDLISA [administrator]

Protection: Disabled

12/30/2012 2:18:32 PM
mbam-log-2012-12-30 (14-18-32).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 347821
Time elapsed: 24 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Computer Has been acting funky. Sluggish. MSE will not update. So I ran MBA-M and it found some nasties. I then decided to come and get some help. Using safe mode to run the required test. I am having a hard time posting on this site. So I may post each log into a separate part of this thread...sorry

Item 1.
MBA-M original scan I did before coming here

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.29.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jimmy :: JIMANDLISA [administrator]

Protection: Enabled

12/28/2012 9:41:26 PM
mbam-log-2012-12-28 (21-41-26).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 349809
Time elapsed: 1 hour(s), 4 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Jimmy\wgsdgsdgdsgsd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jimmy\Application Data\Sun\Java\Deployment\cache\6.0\20\5b548e94-39ca25b8 (Trojan.Exploitdrop.AW) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jimmy\Application Data\Uguz\vibiu.exe (Trojan.Exploitdrop.AW) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jimmy\Local Settings\Temp\tmp9260c66b\statsreaderfix.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\System Volume Information_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP767\A0109058.exe …

please disregard or delete. At request of owner of this computer infected I have reformatted computer.

I scanned initially using MBA-M. It an infection but it was unable to get rid of it. I attached the following logs as requested. GMER did not post initial scan log. I tried twice.
Nothing was found by MS malicious software. Nothing was found by MS security essentials. I was able to run ATF cleaner.
Thanks....

GMER Log 2:(no log 1)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-15 15:56:05
Windows 6.0.6001 Service Pack 1
Running: scyh6icx.exe

---- Files - GMER 1.0.15 ----

File C:\Users\Babs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MMDONK2\01[4].htm 0 bytes
File C:\Users\Babs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYT6ELL1\dref=http%253A%252F%252Fwww.gossipcenter[1].com%252Fmovie_news 1023 bytes
File C:\Users\Babs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYT6ELL1\gossipcenter[2].htm 867 bytes
File C:\Users\Babs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYT6ELL1\sandbox[4].php 9743 bytes
File C:\Users\Babs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0XS5GUE\detect[1].act 267 bytes
File C:\Users\Babs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0XS5GUE\gossipcenter[2].htm 867 bytes

---- EOF - GMER 1.0.15 ----

DDS Log 1:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088
Run by Babs at 15:57:10 on 2011-10-15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4028.2335 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
…

I will update java and add spyware blaster. Thanks for the help. !!!!!!

removed items with HJT. WOW computer running great as compared to before. Can we call this one solved??

Thanks for the help!!

thanks for the link to remove AVG....that was a toughie. Here is the latest HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:32:30 PM, on 1/9/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8074
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - …

Here is the latest MBA-M Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5489

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/9/2011 2:53:04 PM
mbam-log-2011-01-09 (14-53-04).txt

Scan type: Full scan (C:\|)
Objects scanned: 183042
Time elapsed: 11 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

clean log!!!!!the computer is much snappier now. I am going put in microsoft security essential when you give me the thumbs up to go ahead...thanks for the help

Again, thanks for the assistance!!

combofixtxt log:

ComboFix 11-01-08.05 - User 01/09/2011 10:40:50.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.273 [GMT -5:00]
Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 02:08 . 2011-01-09 02:08 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-09 02:08 . 2011-01-09 02:08 -------- d-----w- c:\program files\Trend Micro
2011-01-08 01:14 . 2011-01-08 01:15 -------- d-----w- c:\documents and settings\Administrator
2011-01-07 11:52 . 2011-01-07 11:52 -------- d-----w- C:\7ff6eab5b08bc0010200a76999412d2d
2011-01-07 11:35 . 2011-01-07 11:35 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla
2011-01-06 20:45 . 2011-01-06 20:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-01-06 19:00 . 2011-01-06 19:00 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-01-06 19:00 . 2011-01-06 19:00 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-01-06 17:30 . 2011-01-06 17:30 -------- d-----w- c:\documents and settings\Cupcake\Application Data\Malwarebytes
2011-01-06 16:52 . 2011-01-06 16:52 -------- d-----w- c:\windows\system32\%APPDATA%
2011-01-06 16:51 . 2008-04-14 10:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-01-06 16:51 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-06 16:51 . 2008-04-14 05:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-01-06 16:51 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-01-06 16:51 . 2008-04-14 05:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-01-06 16:51 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-01-06 16:45 . 2011-01-06 16:45 -------- d-----w- C:\found.001
2010-12-29 21:05 . 2010-12-29 21:05 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
…

TDSSKiller log:

2011/01/09 06:24:34.0859 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/09 06:24:34.0859 ================================================================================
2011/01/09 06:24:34.0859 SystemInfo:
2011/01/09 06:24:34.0859
2011/01/09 06:24:34.0859 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/09 06:24:34.0859 Product type: Workstation
2011/01/09 06:24:34.0859 ComputerName: USER-ABFF97FEFA
2011/01/09 06:24:34.0859 UserName: User
2011/01/09 06:24:34.0859 Windows directory: C:\WINDOWS
2011/01/09 06:24:34.0859 System windows directory: C:\WINDOWS
2011/01/09 06:24:34.0859 Processor architecture: Intel x86
2011/01/09 06:24:34.0859 Number of processors: 2
2011/01/09 06:24:34.0859 Page size: 0x1000
2011/01/09 06:24:34.0859 Boot type: Normal boot
2011/01/09 06:24:34.0859 ================================================================================
2011/01/09 06:24:34.0984 Initialize success
2011/01/09 06:24:39.0671 ================================================================================
2011/01/09 06:24:39.0671 Scan started
2011/01/09 06:24:39.0671 Mode: Manual;
2011/01/09 06:24:39.0671 ================================================================================
2011/01/09 06:24:40.0640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/09 06:24:40.0671 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/09 06:24:40.0796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/09 06:24:40.0875 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/09 06:24:41.0093 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/01/09 06:24:41.0312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/09 06:24:41.0359 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/09 06:24:41.0406 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/09 06:24:41.0500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/09 06:24:41.0531 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/09 06:24:41.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/09 06:24:41.0890 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/09 06:24:41.0937 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/09 06:24:42.0000 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/09 06:24:42.0218 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/09 06:24:42.0281 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/09 06:24:42.0390 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/09 06:24:42.0437 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/09 06:24:42.0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/09 06:24:42.0531 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/09 06:24:42.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/09 06:24:42.0656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

Thank you for helping me with my friends computer issue.
Here are the logs requested.

CF log:

ComboFix 11-01-08.03 - User 01/08/2011 20:41:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.307 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\boost_interprocess\20101226104111.375000
c:\documents and settings\All Users\Application Data\boost_interprocess\20101226104111.375000\GoogleImpl
c:\documents and settings\Cupcake\delme.bat
c:\documents and settings\Cupcake\Local Settings\Application Data\{363D98C2-C60F-4AB3-8135-31E2352EF712}
c:\documents and settings\Cupcake\Local Settings\Application Data\{363D98C2-C60F-4AB3-8135-31E2352EF712}\chrome.manifest
c:\documents and settings\Cupcake\Local Settings\Application Data\{363D98C2-C60F-4AB3-8135-31E2352EF712}\chrome\content\_cfg.js
c:\documents and settings\Cupcake\Local Settings\Application Data\{363D98C2-C60F-4AB3-8135-31E2352EF712}\chrome\content\overlay.xul
c:\documents and settings\Cupcake\Local Settings\Application Data\{363D98C2-C60F-4AB3-8135-31E2352EF712}\install.rdf
c:\documents and settings\Derek\Application Data\99A50BF239FF362459D44189CE7D5C48
c:\documents and settings\Derek\Application Data\99A50BF239FF362459D44189CE7D5C48\enemies-names.txt
c:\documents and settings\Derek\Application Data\99A50BF239FF362459D44189CE7D5C48\local.ini
c:\documents and settings\Derek\delme.bat
c:\documents and settings\Derek\Local Settings\Application Data\{BBBE0341-F1C0-4CA1-91F3-02518F91667A}
c:\documents and settings\Derek\Local Settings\Application Data\{BBBE0341-F1C0-4CA1-91F3-02518F91667A}\chrome.manifest
c:\documents and settings\Derek\Local Settings\Application Data\{BBBE0341-F1C0-4CA1-91F3-02518F91667A}\chrome\content\_cfg.js
c:\documents and settings\Derek\Local Settings\Application Data\{BBBE0341-F1C0-4CA1-91F3-02518F91667A}\chrome\content\overlay.xul
c:\documents and settings\Derek\Local Settings\Application Data\{BBBE0341-F1C0-4CA1-91F3-02518F91667A}\install.rdf
c:\documents and settings\User\delme.bat
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\umiqawic.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS

((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-08 01:14 . 2011-01-08 01:15 -------- d-----w- c:\documents and settings\Administrator
2011-01-07 11:52 . 2011-01-07 11:52 -------- d-----w- C:\7ff6eab5b08bc0010200a76999412d2d
2011-01-07 11:35 . 2011-01-07 11:35 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla
2011-01-06 20:45 . 2011-01-06 20:45 -------- d-----w- c:\documents and …

Sorry about the MBA-M log. I posted the wrong one.

original MBA-M log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5481

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

1/7/2011 8:46:00 PM
mbam-log-2011-01-07 (20-46-00).txt

Scan type: Full scan (C:\|)
Objects scanned: 181894
Time elapsed: 21 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 70
Files Infected: 625

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\modules (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
…

Friend dropped this off for a helping hand. Computer after clean ups is still very sluggish but it seems pop ups and IE registry pop up(virus i assume) have stopped.

Mba-m log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5481

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/7/2011 8:06:19 PM
mbam-log-2011-01-07 (20-06-19).txt

Scan type: Full scan (C:\|)
Objects scanned: 172478
Time elapsed: 29 minute(s), 46 second(s)

Memory Processes Infected: 30
Memory Modules Infected: 2
Registry Keys Infected: 13
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 70
Files Infected: 641

Memory Processes Infected:
c:\WINDOWS\system32\zwpry.exe (Spyware.Passwords) -> 2908 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3704 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3356 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3816 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 796 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3304 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3872 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3896 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 268 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3960 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> …

Friends computer. Cannot boot into vista. Tried using reinstall discs. Will not reinstall. I get a D:/sources/install.wim(or win)?? error. Help. I have really no other knowledge on how to reinstall this visita on this computer.

The computer is a toshiba satellite A206. Also tried to get to recovery software by pressing 0 at start up but all i get is put in password and then zippo.

thanks again crunchie. You have saved another computer from the nasties!!!!!

computer is working fine!!
Is safe to give back to her???

Thanks Crunchie!!!

Run Fix log:

All processes killed
========== FILES ==========
C:\Users\Jenn\AppData\Local\wtkpipwxf folder moved successfully.
C:\Users\Jenn\AppData\Local\rgcqhnjvl folder moved successfully.
C:\Users\Jenn\sqggnorn.exe moved successfully.
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C26CD490-5F01-41E3-B150-EB29F19DA056}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C26CD490-5F01-41E3-B150-EB29F19DA056}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jenn
->Flash cache emptied: 135438 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jenn
->Temp folder emptied: 19810059 bytes
->Temporary Internet Files folder emptied: 9056776 bytes
->Java cache emptied: 57734 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1152444 bytes

Crunchie,

My friend that was her first problem that she could not connect to internet. I was able to connect by resetting the LAN setting(or something like that)

OTL LOG:

OTL logfile created on: 7/24/2010 6:36:47 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Jenn
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 216.68 Gb Free Space | 75.23% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.34 Gb Free Space | 53.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENN-PC
Current User Name: Jenn
Logged in as Administrator.

Current Boot Mode: Normal

Back again with yet another problem. Friend stated her computer was acting quircky and had some pop ups. I ran MBA-M and it did come up with some issues. After deleting those I have not come up with any issues. But I am posting the logs so it can be looked at to see if anything is left.

One question at the end of this. Friend is using verizonprotection suite. Is this any good??

GMER Log 1:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-23 16:33:13
Windows 6.0.6002 Service Pack 2
Running: sqggnorn.exe; Driver: C:\Users\Jenn\AppData\Local\Temp\pxldypog.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat SafeConnectFilter.sys
AttachedDevice \Driver\tdx \Device\Ip rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)

---- EOF - GMER 1.0.15 ----

GMER Log 2:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-23 18:56:27
Windows 6.0.6002 Service Pack 2
Running: sqggnorn.exe; Driver: C:\Users\Jenn\AppData\Local\Temp\pxldypog.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x807E3620]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft …

crunchie,
the owner of this computer has decided to start from scratch and have me reformat XP. Thanks for the assistance. I am sure I will be back with some other problem sooner than later. Please close th thread...thanks

OTL logfile created on: 5/7/2010 9:24:58 AM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Bhajjar\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 704.00 Mb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.42 Gb Total Space | 31.09 Gb Free Space | 39.15% Space Free | Partition Type: NTFS
Drive D: | 12.70 Gb Total Space | 0.91 Gb Free Space | 7.17% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC325862970629
Current User Name: Bhajjar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

…

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Yjiceq deleted successfully.
C:\WINDOWS\arusuramujoyexa.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\arusuramujoyexa.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 348 bytes

User: All Users

User: Bhajjar
->Temp folder emptied: 280139103 bytes
->Temporary Internet Files folder emptied: 3695367 bytes
->Java cache emptied: 39706051 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 124494 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 348 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 649019072 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 237855097 bytes
->Flash cache emptied: 114234 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2376375 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 158817164 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1652 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 6257686 bytes
RecycleBin emptied: 0 …

thanks for the response. Here are te logs. I will update an run MBA-M again.

OTL log:
OTL logfile created on: 5/6/2010 1:57:14 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Bhajjar\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 680.00 Mb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.42 Gb Total Space | 29.96 Gb Free Space | 37.72% Space Free | Partition Type: NTFS
Drive D: | 12.70 Gb Total Space | 0.91 Gb Free Space | 7.17% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC325862970629
Current User Name: Bhajjar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On

This is a friends son computer. I have already uninstalled limewire as requested.
HP dv8000. Originally was getting 2010 antivirus popups. Has no AV and I was going to put microsoft security essentials in it if this was thought to be a good idea. Computer is REAL REAL slow. Thanks for the assistance.

MBA-M Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4063

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/5/2010 1:10:11 AM
mbam-log-2010-05-05 (01-10-11).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 260050
Time elapsed: 6 hour(s), 24 minute(s), 14 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 4
Registry Keys Infected: 150
Registry Values Infected: 13
Registry Data Items Infected: 11
Folders Infected: 18
Files Infected: 183

Memory Processes Infected:
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.Installer) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\mone32.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} …

thanks Judy...as usual this forum has saved another computer...thanks!!!!!!!!!!!!!

WOW...that mike lin program is amazing. Did as you suggested and this computer is now running great...anything else??

Again, thanks for the help.

I could not get rid of
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Unknown owner - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe (file missing)

tried several times...no luck.

the computer is running fine. No pop ups!
Only thing I noticed is when I shut down or restart I get a ending program message with "hpcmpmgr.exe"

Other than that it running fine.

New HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:00 PM, on 11/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start …

Judy, here is the newest HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:07 PM, on 11/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - …

OK...finally caught up to this computers owner. She does not use verizon. I was able to uninstall
DesktopFun Toolbar
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3

and have updated java.

Do i need to get rid of anything that says verizon.

Again, thanks.

The computer is running fine. No pop up thhe fried was reporting. weird this is i cannot unistall J2SE Runtime Environment 5.0 Update 6 and
Java(TM) 6 Update 3 keeps telling me I have an installation in progress. Have restarted computer several times and still no luck. Tried in safe mode. No luck. DesktopFun Tool bar i was able to delete folder from C:. Could not find Authentium Antivirus anywhere?? I wanted to get rid of a couple of things at request of owner but I get the same message something is already in process of installing.

Thanks for the help...

new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:14 PM, on 11/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

New logs as requested...thanks for the help.

ESET Log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4d74e85ded402a408507aa0776141bc4
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-21 09:33:53
# local_time=2009-11-21 04:33:53 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 16775141 100 98 0 194192421 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=87115
# found=0
# cleaned=0
# scan_time=2767

MBA-M Log:
Malwarebytes' Anti-Malware 1.41
Database version: 3210
Windows 5.1.2600 Service Pack 3

11/21/2009 6:24:54 PM
mbam-log-2009-11-21 (18-24-54).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 204465
Time elapsed: 35 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious …

Thanks for getting back to me. I did fix the numerous things MBA-M found. I am rerunning scans as requested and will post back when finished...thanks

previous log:

Malwarebytes' Anti-Malware 1.41
Database version: 3206
Windows 5.1.2600 Service Pack 3

11/21/2009 5:29:05 AM
mbam-log-2009-11-21 (05-29-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 246426
Time elapsed: 48 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus (Rogue.AntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\djeunfbh (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\djeunfbh (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

…

Back again!!! Friend called nad asked me to get her computer clean of viruses. Staes she was getting pop ups of all kind. Ran software as requested. ESet Scanner did not find anything but I did not save or can find a log. She had no antivirus so I added Avast after running all the reuested software. That scan came back finding nothing.

As always, Thanks for the assistance.

MBA-M

Malwarebytes' Anti-Malware 1.41
Database version: 3206
Windows 5.1.2600 Service Pack 3

11/21/2009 5:28:55 AM
mbam-log-2009-11-21 (05-28-44).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 246426
Time elapsed: 48 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus (Rogue.AntiVirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\djeunfbh (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\djeunfbh (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) …

Did you try the mouse when using a live CD? Have you tried a newer or older version of Ubuntu?

Do you have a USB mouse to try?

Perhaps Ubuntu doesn't have a driver for the touch pad an older version may or maybe a new version does, can't hurt to try the live CD's.

Never tried the touchpad with the live version. USB mouse does work. Any thoughts on getting the touchpad to work again??

OK...I got ubuntu installed by disabling everything in bios and going backwards from there. But I do have one problem from the result of the install.......my touch pad on the laptop is not working...and yes I did enable it in the bios...any ideas????

I just tried installing without any OS in computer. Windows ME was in it and I just wanted to put ubuntu on this system.

Trying to install this version of ubuntu on an older laptop with no OS. I get through the installation process fine and reboot as instructed. Next I get loading grub 1.5 this then changes to starting up and thats it....help.

Correct MBA-M Log:

Malwarebytes' Anti-Malware 1.35
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/6/2009 2:26:29 PM
mbam-log-2009-04-06 (14-26-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 125147
Time elapsed: 18 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

posted wrong MBA-M log...sorry. Will repost as soon as I can get back to that computer but scan had no find of problems.

I recently solved a issue with this computer on this forum. My family member is now getting this pop up when windows boots up. ASking user to run installation wizard. Ran MBA-M and scan came back with nothing found. I will enclose that log and a HJT log. Thanks for the assistance.

MBA-M Log:
Malwarebytes' Anti-Malware 1.33
Database version: 1735
Windows 5.1.2600 Service Pack 3

2/6/2009 3:16:38 PM
mbam-log-2009-02-06 (15-16-38).txt

Scan type: Full Scan (C:\|)
Objects scanned: 77212
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www2.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\WinZix (Trojan.Lop) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:18 PM, on 4/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
…

Have you tried allowing automatic updates?

Have you checked out that error code link?

But something must be wrong with the time settings. Look at that security certificate; Will not be valid until 6/19/2008 - which is a past date.

Is there no option in 'change date/time' to sync with internet time?

that did it. Somehow the setting got changes.....thanks for the help.

I have added screen shots of what I am seeing.
Picture 1 is the windows update start
Picture 2 is what appears very briefly when I hit express or custome option for update.
Picture 3 is what appears in the end an takes the place of picture 2
Picture 4 is what I have been getting a lot of. This is a newegg "order" going to checkout

Something is not right. I scanned with all spyware ,AV software ect....

thanks for your assistance

Windows XP Pro. SP3. IE7. Have always been able to update this rather new computer. I get to express or custome. As always I hit express. A window comes up that says something about control panel but it goes quick but I believe it states to check the time and date is correct on computer. I have done that and that was correct...help

thanks..all set now

I am the only logged user. Check status on users and I am listed as admin. Using windows xp pro. I assume this new computer can handle 1TB

I purchased a hitachi 1TB HD and installed. i followed these instructions I found on Dell forums. The one thing I noticed is the HD has no jumper to set. Secondly, the computer recognized a new drive installed. I just cannot format it. I find no drive in my computer.

Connecting up an new HD in an Inspiron is easy. You will need an SATA data cable, you will have two empty SATA connectors on your mobo, the power cable is already there. After you put the drive in, press F2 at the Dell boot screen, scroll down to your drive, hit enter to enable it, save changes and bootup. After you bootup Press Start, Control Panel, Administrative Tools, Computer Management, Storage, Disk Management, Right click on Drive, Select format,(this is where i get stuck) After format select drive letter. PS The latest BIOS is 1.0.15 for the Inspiron.

I right click to format on the empty drive name and only option I get his HELP