error message

[JIF]

Plastic Nev has suggested i ask the malware section as his section cant help,i keep getting this error message when starting up,my computer seems to be running fine but it is really bugging me yours hopefully JIF

[ATTACH]351.vB5-legacyid=683[/ATTACH]

[chiaz]

Hello. :)

 

That does sound like a malware problem to me.

 

A few things before we start....

1. Please Read All Instructions Carefully.

2. If you don't understand something, stop and ask! Don't keep going on.

3. Please do not run any other tools or scans whilst I am helping you.

4. If you have to go away for an extended period of time, let me know.

5. Please continue to respond until I give you the "All Clear".

(Just because you can't see a problem doesn't mean it isn't there)

 

 

==========================

 

First download Malwarebytes' Anti-Malware by clicking the link below:

|MG| Malwarebytes Anti-Malware 1.41 Download

 

Double Click mbam-setup.exe to install the application.

 

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.

* The scan may take some time to finish,so please be patient.

* When the scan is complete, click OK, then Show Results to view the results.

* Make sure that everything is checked, and click Remove Selected.

* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

* You'll be required to post the contents of this log later.

 

Please Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

 

====================

 

Then download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

 

Go here ======> A guide and tutorial on using ComboFix <====== Go here

 

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

 

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

 

Once installed, you should get a prompt that says:

 

The Recovery Console was successfully installed.

 

Please continue as follows:

 

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

(2) Click Yes to allow ComboFix to continue scanning for malware.

 

When the tool is finished, it will produce a report for you.

 

 

Please include the MBAM log and C:\ComboFix.txt for further review, so that we may continue cleansing the system.

 

 

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

[JIF]

[ATTACH][ATTACH][ATTACH]353.vB5-legacyid=686[/ATTACH][/ATTACH][/ATTACH] Hi chiaz i have done what you have suggested and here are the reports,I will be away from my computer until this time tomorrow,thanks for the help JIF

error 2.txt

mbam-log-2009-09-28 (16-21-07).txt

ERROR.txt

[chiaz]

Hey JIF,

 

As far as I can see, you posted only the MBAM log. Have you ran ComboFix?

 

Also, it would be good if you can copy and paste the generated logfiles instead of attaching them. Thanks. :)

[JIF]

i though t i had given you the log for combo fix,i ran it again and now i am having to use a different computer because everytime i try to click on a short cut or anything else i get an error message as follows.. Illegal operation attempted on a registry key that has been marked for deletion

Please advise

JIF

[JIF]

Seems to be working fine now ???

i will have to send the combo fix report in 2 halves its to long for 1 post

 

ComboFix 09-09-27.05 - Martin 29/09/2009 17:39.2.2 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1012.194 [GMT 1:00]

Running from: c:\downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))

.

2009-09-29 16:54 . 2009-09-29 16:54 -------- d-----w- c:\users\Sam\AppData\Local\temp

2009-09-29 16:54 . 2009-09-29 16:54 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-09-29 16:54 . 2009-09-29 16:54 -------- d-----w- c:\users\Pam\AppData\Local\temp

2009-09-29 16:54 . 2009-09-29 16:54 -------- d-----w- c:\users\Jayson\AppData\Local\temp

2009-09-29 16:54 . 2009-09-29 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-09-29 16:54 . 2009-09-29 16:54 -------- d-----w- c:\users\Adam\AppData\Local\temp

2009-09-28 15:50 . 2009-09-29 16:54 -------- d-----w- c:\users\Martin\AppData\Local\temp

2009-09-28 15:08 . 2009-09-28 15:08 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes

2009-09-28 15:08 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-28 15:08 . 2009-09-28 15:08 -------- d-----w- c:\programdata\Malwarebytes

2009-09-28 15:08 . 2009-09-28 15:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-28 15:08 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-27 10:11 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-09-27 10:11 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-09-27 10:11 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-09-27 10:11 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-09-27 10:11 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-09-27 10:11 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-09-27 10:11 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-09-27 10:11 . 2009-09-27 10:11 -------- d-----w- c:\program files\Alwil Software

2009-09-24 16:15 . 2008-05-02 05:59 122368 ----a-w- c:\windows\system32\drivers\Rtlh86.sys

2009-09-24 16:15 . 2009-09-24 16:15 -------- d-----w- c:\program files\Realtek

2009-09-21 21:54 . 2009-09-21 21:54 -------- d-----w- c:\users\Jayson\Office Genuine Advantage

2009-09-19 14:53 . 2009-09-19 14:53 -------- d-----w- c:\users\Sam\AppData\Local\Adobe

2009-09-18 21:01 . 2009-09-18 21:01 -------- d-----w- c:\program files\DivX

2009-09-18 21:01 . 2009-09-18 21:01 -------- d-----w- c:\program files\Common Files\DivX Shared

2009-09-18 19:11 . 2009-09-27 09:51 9438496 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-09-16 16:09 . 2009-09-16 16:09 -------- d-----w- c:\users\Pam\Office Genuine Advantage

2009-09-15 19:30 . 2009-09-15 19:30 -------- d-----w- c:\users\Adam\Office Genuine Advantage

2009-09-15 17:08 . 2009-09-15 17:08 -------- d-----w- c:\users\Martin\Office Genuine Advantage

2009-09-09 20:26 . 2009-09-09 20:26 -------- d-----w- c:\programdata\Office Genuine Advantage

2009-09-09 15:29 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-09-09 15:29 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll

2009-09-09 15:29 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-09-09 15:29 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-09-09 15:29 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-09-09 15:29 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-09-09 15:29 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-09-09 15:29 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-09-09 15:29 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe

2009-09-09 15:29 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2009-09-09 15:29 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll

2009-09-09 15:28 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll

2009-09-09 15:28 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll

2009-09-09 15:28 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll

2009-09-09 15:28 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll

2009-09-09 15:28 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll

2009-09-09 15:27 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll

2009-09-03 17:08 . 2009-09-03 17:08 680 ----a-w- c:\users\Pam\AppData\Local\d3d9caps.dat

2009-09-03 15:11 . 2009-09-23 16:32 -------- d-----w- c:\program files\Classic Menu for Office

2009-09-02 21:49 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-09-02 21:49 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-09-01 17:55 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll

2009-09-01 17:55 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll

2009-09-01 17:55 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-01 17:55 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll

2009-09-01 17:55 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-09-01 17:55 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll

2009-09-01 17:55 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2009-09-01 17:55 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-29 14:43 . 2009-03-21 19:58 -------- d-----w- c:\programdata\Google Updater

2009-09-27 10:00 . 2009-04-04 18:13 -------- d-----w- c:\programdata\Virgin Broadband

2009-09-27 10:00 . 2009-04-05 14:10 -------- d-----w- c:\users\Adam\AppData\Roaming\Virgin Broadband

2009-09-27 10:00 . 2009-04-05 11:08 -------- d-----w- c:\users\Pam\AppData\Roaming\Virgin Broadband

2009-09-27 10:00 . 2009-04-05 09:05 -------- d-----w- c:\users\Jayson\AppData\Roaming\Virgin Broadband

2009-09-27 10:00 . 2009-04-04 20:56 -------- d-----w- c:\users\Sam\AppData\Roaming\Virgin Broadband

2009-09-27 10:00 . 2009-04-04 18:13 -------- d-----w- c:\users\Martin\AppData\Roaming\Virgin Broadband

2009-09-27 09:53 . 2009-08-14 19:32 -------- d-----w- c:\program files\CheatCodesToolbar

2009-09-27 09:51 . 2009-09-18 19:11 57044 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-09-24 16:15 . 2009-03-29 13:27 -------- d-----w- c:\program files\InstallShield Installation Information

2009-09-23 18:41 . 2009-04-11 14:14 -------- d-----w- c:\program files\City of Heroes

2009-09-23 16:37 . 2009-03-24 20:48 -------- d-----w- c:\users\Sam\AppData\Roaming\vlc

2009-09-23 16:35 . 2009-03-23 07:55 -------- d-----w- c:\users\Martin\AppData\Roaming\vlc

2009-09-23 16:35 . 2009-05-16 19:11 -------- d-----w- c:\users\Martin\AppData\Roaming\GetRightToGo

2009-09-23 16:35 . 2009-03-22 18:04 -------- d-----w- c:\users\Martin\AppData\Roaming\dvdcss

2009-09-23 16:35 . 2009-04-10 20:33 -------- d-----w- c:\users\Jayson\AppData\Roaming\vlc

2009-09-23 16:34 . 2009-05-17 17:41 -------- d-----w- c:\users\Jayson\AppData\Roaming\uTorrent

2009-09-23 16:34 . 2009-05-17 17:06 -------- d-----w- c:\users\Jayson\AppData\Roaming\dvdcss

2009-09-23 16:34 . 2009-03-28 18:32 -------- d-----w- c:\users\Adam\AppData\Roaming\vlc

2009-09-23 16:32 . 2008-09-09 13:43 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller

2009-09-23 16:32 . 2009-03-16 22:36 -------- d-----w- c:\program files\Common Files\LightScribe

2009-09-23 16:32 . 2009-06-01 21:36 -------- d-----w- c:\program files\Cheat Engine

2009-09-23 16:32 . 2009-04-14 17:18 -------- d-----w- c:\program files\Audacity

2009-09-23 16:32 . 2009-03-17 18:25 -------- d-----w- c:\program files\BitComet

2009-09-23 16:32 . 2009-03-17 15:24 -------- d-----w- c:\program files\Bonjour

2009-09-23 16:32 . 2009-03-17 15:22 -------- d-----w- c:\program files\Apple Software Update

2009-09-23 16:09 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery

2009-09-23 16:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-09-23 16:08 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender

2009-09-23 16:08 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration

2009-09-23 16:08 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar

2009-08-27 20:27 . 2009-05-01 15:57 -------- d-----w- c:\program files\Java

2009-08-26 18:31 . 2009-08-26 18:30 -------- d-----w- c:\programdata\NOS

2009-08-17 12:25 . 2009-08-17 12:25 -------- d-----w- c:\program files\Pure Motion

2009-08-17 12:25 . 2009-08-17 12:25 -------- d-----w- c:\program files\Sonic Foundry

2009-08-17 12:25 . 2009-08-17 12:25 -------- d-----w- c:\program files\DebugMode

2009-08-09 12:53 . 2009-08-09 12:53 -------- d-----w- c:\program files\The Foundry

2009-08-08 22:12 . 2009-08-08 22:12 -------- d-----w- c:\program files\Free Audio Pack

2009-08-07 21:43 . 2009-08-07 21:43 680 ----a-w- c:\users\Martin\AppData\Local\d3d9caps.dat

2009-08-06 14:58 . 2009-08-06 14:58 -------- d-----w- c:\program files\FLV Hosting

2009-08-05 20:07 . 2009-08-05 20:07 -------- d-----w- c:\program files\ZD Soft

2009-08-05 17:29 . 2009-03-16 21:25 100264 ----a-w- c:\users\Pam\AppData\Local\GDIPFONTCACHEV1.DAT

2009-08-05 10:25 . 2009-03-16 20:37 100264 ----a-w- c:\users\Jayson\AppData\Local\GDIPFONTCACHEV1.DAT

2009-08-05 10:13 . 2009-03-16 20:07 100264 ----a-w- c:\users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT

2009-08-04 22:54 . 2009-03-16 22:33 100264 ----a-w- c:\users\Adam\AppData\Local\GDIPFONTCACHEV1.DAT

2009-08-04 22:23 . 2009-03-16 19:08 100264 ----a-w- c:\users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT

2009-08-04 22:17 . 2009-03-16 19:34 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-04 22:16 . 2009-08-04 22:16 -------- d-----w- c:\program files\Adobe Media Player

2009-08-04 22:11 . 2009-08-04 22:11 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-08-02 16:33 . 2009-08-01 18:36 680 ----a-w- c:\users\Jayson\AppData\Local\d3d9caps.dat

2009-08-01 15:52 . 2009-05-16 12:43 680 ----a-w- c:\users\Sam\AppData\Local\d3d9caps.dat

2009-07-21 21:52 . 2009-07-29 08:33 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-07-29 08:32 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-07-29 08:32 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-07-29 08:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-17 13:54 . 2009-08-13 09:35 71680 ----a-w- c:\windows\system32\atl.dll

2009-07-16 09:01 . 2009-07-16 09:01 734080 ----a-w- c:\users\Public\MyWebTattoo.exe

2009-07-15 12:40 . 2009-08-13 09:35 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-07-15 12:39 . 2009-08-13 09:35 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-15 12:39 . 2009-08-13 09:35 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-07-15 12:39 . 2009-08-13 09:35 7680 ----a-w- c:\windows\system32\spwmp.dll

2008-09-16 19:17 . 2009-07-09 19:31 968704 ----a-w- c:\program files\WinRAR.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-09-28_15.57.01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:58 . 2009-09-29 14:44 42650 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:02 . 2009-09-29 14:44 70152 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-09-09 12:20 . 2009-09-28 15:56 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-09 12:20 . 2009-09-29 16:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-09 12:20 . 2009-09-29 16:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-09-09 12:20 . 2009-09-28 15:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-03-25 17:42 . 2009-09-29 14:44 9280 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1158120159-1088900261-3412254371-1002_UserData.bin

+ 2009-03-18 10:04 . 2009-09-28 16:26 8278 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1158120159-1088900261-3412254371-1001_UserData.bin

+ 2009-09-29 14:40 . 2009-09-29 14:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-09-29 14:40 . 2009-09-29 14:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-09-09 12:20 . 2009-09-28 15:56 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-09 12:20 . 2009-09-29 16:37 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

[JIF]

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{565FE2E0-7B46-46EB-9D83-3B2DC5934BCC}"= "c:\program files\CheatCodesToolbar\CheatCodes.com Toolbar\cctoolbar.dll" [2008-11-28 2593280]

[HKEY_CLASSES_ROOT\clsid\{565fe2e0-7b46-46eb-9d83-3b2dc5934bcc}]

[HKEY_CLASSES_ROOT\TBSB06474.TBSB06474.3]

[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]

[HKEY_CLASSES_ROOT\TBSB06474.TBSB06474]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{565FE2E0-7B46-46EB-9D83-3B2DC5934BCC}"= "c:\program files\CheatCodesToolbar\CheatCodes.com Toolbar\cctoolbar.dll" [2008-11-28 2593280]

[HKEY_CLASSES_ROOT\clsid\{565fe2e0-7b46-46eb-9d83-3b2dc5934bcc}]

[HKEY_CLASSES_ROOT\TBSB06474.TBSB06474.3]

[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]

[HKEY_CLASSES_ROOT\TBSB06474.TBSB06474]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-16 39408]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-03-09 2564408]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-24 251240]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-01 148888]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]

"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

c:\users\Jayson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-3-29 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):ed,cb,53,96,a7,17,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C7A7744A-B07F-4014-989F-EF4AE97D4B93}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{CF0A620D-69B8-43CA-A942-BC8E2FECB39B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{200C1EF7-B55D-43F4-9832-53FD98FE470D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{17EA323A-588C-4C72-ACBD-270CD215CAC3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{1B6864F6-749E-40C0-9C82-7EAC457E8B6D}"= UDP:13277:bitcomet

"TCP Query User{20367FEE-C761-4EB8-A930-3A1931782461}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{92FCFF12-A1C0-4AF5-816F-A6BD95AAA2C9}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"{5AE7E5FA-268E-4DAA-88F2-9980316DD6E7}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{93F41A58-72D0-4A04-ABD3-086C37DFADDA}"= TCP:13277:BitComet 13277 UDP

"{A8688308-F9A7-43AB-846B-F43472DEF06D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{E483047C-82A1-404C-8676-B33E58C071EF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{CFE958AD-42CE-48F0-80E2-0E2633D47804}c:\\program files\\adobe\\adobe after effects cs3\\support files\\afterfx.exe"= UDP:c:\program files\adobe\adobe after effects cs3\support files\afterfx.exe:Adobe After Effects CS3

"UDP Query User{EBB450EE-1541-4DEE-B172-830C4D3503B3}c:\\program files\\adobe\\adobe after effects cs3\\support files\\afterfx.exe"= TCP:c:\program files\adobe\adobe after effects cs3\support files\afterfx.exe:Adobe After Effects CS3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"d:\\ADAM'S\\Orbitdownloader\\orbitdm.exe"= d:\adam's\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit

"d:\\ADAM'S\\Orbitdownloader\\orbitnet.exe"= d:\adam's\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [27/09/2009 11:11 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27/09/2009 11:11 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27/09/2009 11:11 53328]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/04/2009 12:57 92008]

R3 scrcap;scrcap;c:\windows\System32\drivers\scrcap.sys [27/12/2006 15:47 9006]

S2 gupdate1c9aa6516bf9cfa;Google Update Service (gupdate1c9aa6516bf9cfa);c:\program files\Google\Update\GoogleUpdate.exe [21/03/2009 21:39 133104]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [14/04/2009 21:35 55280]

S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v3.sys [28/12/2007 07:58 289280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

2009-09-29 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 19:58]

2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 20:39]

2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 20:39]

2009-09-29 c:\windows\Tasks\User_Feed_Synchronization-{45083DD5-FDD3-4B23-9FE8-42FAB935F171}.job

- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

2009-09-29 c:\windows\Tasks\User_Feed_Synchronization-{AC299333-0A1F-4DA9-92B9-C4832AB6A537}.job

- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.atcomet.com/b/

uInternet Settings,ProxyOverride = *.local

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-09-29 17:54

Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\c:\program files\Lavalys\EVEREST Corporate Edition\kerneld.wnt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2009-09-29 17:56

ComboFix-quarantined-files.txt 2009-09-29 16:56

ComboFix2.txt 2009-09-28 16:02

Pre-Run: 43,969,150,976 bytes free

Post-Run: 43,946,561,536 bytes free

279 --- E O F --- 2009-09-29 14:47

[chiaz]

Thanks for posting the ComboFix log up.

 

Download: CCleaner (freeware)

|MG| CCleaner Slim 2.24.1010 Download

Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).

Once installed, run CCleaner click the Windows [tab]

The following should be selected by default, if not, please select:

http://i210.photobucket.com/albums/bb164/jedi_030/CCleanerA.png

Next: click Options click the Settings tab

Uncheck: "Only delete files older than 48 hrs.", click Ok

Then click Run Cleaner (bottom right) then Exit

 

 

Next, please go HERE to run Panda ActiveScan 2.0

• Click the big green Scan now button
  
• If it wants to install an ActiveX component allow it
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• Once the scan is completed, please hit the notepad icon next to the text Export to:
  
• Save it to a convenient location such as your Desktop
  
• Post the contents of the ActiveScan.txt in your next reply

.

 

 

Besides posting the logfile, please also let me know if you are still encountering the error message on start-up, as well as any other problems if they exist.

[JIF]

Hi the error message has gone and there doesnt seem to be any other problems

here is the report from the Active scan

*********************************************************************************************

ANALYSIS: 2009-09-30 20:55:30

PROTECTIONS: 1

MALWARE: 31

SUSPECTS: 1

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

avast! antivirus Yes Yes

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@doubleclick[3].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@doubleclick[4].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\Low\martin@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\Low\pam@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\jayson@doubleclick[3].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\jayson@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@doubleclick[3].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\jayson@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@doubleclick[4].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@doubleclick[6].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@doubleclick[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@atdmt[3].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@atdmt[4].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@atdmt[3].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@atdmt[4].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@atdmt[5].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\jayson@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\jayson@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@atdmt[6].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@atdmt[6].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\adam@atdmt[6].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\adam@atdmt[5].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@atdmt[5].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@atdmt[4].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@atdmt[3].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\adam@atdmt[3].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@atdmt[5].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\adam@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\adam@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@atdmt[3].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@atdmt[4].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\Low\pam@atdmt[1].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@tradedoubler[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@247realmedia[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@247realmedia[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@247realmedia[2].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\Low\pam@247realmedia[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@247realmedia[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@mediaplex[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@mediaplex[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No

[JIF]

C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@mediaplex[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@mediaplex[2].txt

00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@ccbill[1].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@yadro[1].txt

00167653 Cookie/Outster TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@outster[2].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@toplist[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@ad.yieldmanager[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@ad.yieldmanager[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@ad.yieldmanager[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@ad.yieldmanager[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@ad.yieldmanager[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@apmebf[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@apmebf[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\Low\pam@apmebf[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@apmebf[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@serving-sys[4].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@serving-sys[3].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@serving-sys[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@serving-sys[8].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@serving-sys[7].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\Low\pam@serving-sys[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@serving-sys[3].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\jayson@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@serving-sys[5].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@serving-sys[4].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@serving-sys[3].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\adam@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@serving-sys[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@serving-sys[3].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@bs.serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@bs.serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@bs.serving-sys[3].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@bs.serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@bs.serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\jayson@bs.serving-sys[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@adtech[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@adtech[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@server.iad.liveperson[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@advertising[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@advertising[2].txt

00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@sextracker[1].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@media.adrevolver[3].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@ads.pointroll[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@ads.pointroll[3].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@ads.pointroll[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@overture[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@questionmarket[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@questionmarket[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@questionmarket[2].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@zedo[2].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@bluestreak[1].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@bluestreak[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@adrevolver[2].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@adrevolver[2].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@adrevolver[2].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@adultfriendfinder[2].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@searchportal.information[2].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@searchportal.information[1].txt

00206953 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@counter14.sextracker[1].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@adviva[2].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Low\adam@adviva[2].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@adviva[1].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@adviva[2].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Cookies\pam@adviva[2].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Jayson\AppData\Roaming\Microsoft\Windows\Cookies\Low\jayson@atwola[1].txt

02734330 Generic Trojan Virus/Trojan No 0 No No C:\Users\Martin\Desktop\Microsoft Word and Excel 2003 – Portable USB Edition\Microsoft Word and Excel 2003 – Portable USB Edition\WINWORD.EXE[C:\Users\Martin\Desktop\Microsoft Word and Excel 2003 ΓÇô Portable USB Edition\Microsoft Word and Excel 2003 ΓÇô Portable USB Edition\WINWORD.EXE][codec.exe]

03690676 Adware/BHO.FP Adware No 0 Yes No C:\Qoobox\Quarantine\C\Program Files\SGPSA\mtwb3sh.dll.vir

03690676 Adware/BHO.FP Adware No 0 Yes No C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\MTWB3SH.dll.vir

;===================================================================================================================================================================================

SUSPECTS

Sent Location

;===================================================================================================================================================================================

No C:\Program Files\CheatCodesToolbar\CheatCodes.com Toolbar\cctoolbar.dll

;===================================================================================================================================================================================

VULNERABILITIES

Id Severity Description

;===================================================================================================================================================================================

;===================================================================================================================================================================================

[chiaz]

There is an optional program in your logs that you may or may not want removed.

CheatCodesToolbar

CheatCodes.com Toolbar is a Softomate Toolbar variant. Softomate customizes toolbars to customers needs. The dll files for their toolbars contain some spyware/adware functionality, although not all of the toolbars use this. Some of the toolbars are fine to have, so every case is different. Your choice to remove or not.

 

If you would like to remove it, go to Control Panel > Add/Remove Programs and uninstall CheatCodesToolbar.

 

After that, restart your computer. Then navigate to and delete the following folder if still present:

C:\Program Files\CheatCodesToolbar\

 

===========

 

Next please go to Jotti's malware scan , click on Browse, and upload the following file for analysis.

 

C:\Users\Martin\Desktop\Microsoft Word and Excel 2003 – Portable USB Edition\Microsoft Word and Excel 2003 – Portable USB Edition\WINWORD.EXE

 

Then click Submit. Allow the file to be scanned, and then please Copy/Paste the results here for me to see.

 

If Jotti is busy, please go to VirusTotal - Free Online Virus and Malware Scan .

[JIF]

Hi Chiaz as requested

 

Jotti's malware scan

 

Filename: EXCEL.EXE Status: Scan finished. 0 out of 21 scanners reported malware.

Scan taken on: Thu 1 Oct 2009 17:24:26 (CET) Permalink

 

Additional info

 

File size: 179303 bytes Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5: ecc69ede98115d0ace0342cf0423404d SHA1: 1d25e539afc8e341d0ac7aab1b92a6204ebed4a4 Packer (Drweb): BINARYRES, THINSTALL

 

 

 

 

 

 

 

 

 

Scanners

 

http://virusscan.jotti.org/images/logos/arcavir.gif 2009-10-01 Found nothing

http://virusscan.jotti.org/images/logos/gdata.gif 2009-10-01 Found nothing

http://virusscan.jotti.org/images/logos/asquared.gif 2009-10-01 Found nothing

http://virusscan.jotti.org/images/logos/ikarus.gif 2009-10-01 Found nothing

http://virusscan.jotti.org/images/logos/avast.gif 2009-09-30 Found nothing

http://virusscan.jotti.org/images/logos/kaspersky.gif 2009-10-01 Found nothing

http://virusscan.jotti.org/images/logos/avg.gif 2009-10-01 Found nothing

http://virusscan.jotti.org/images/logos/nod32.gif 2009-10-01 Found nothing

http://virusscan.jotti.org/images/logos/avira.gif 2009-10-01 Found nothing

http://virusscan.jotti.org/images/logos/norman.gif 2009-10-01 Found nothing

http://virusscan.jotti.org/images/logos/bitdefender.gif 2009-10-01 Found nothing

http://virusscan.jotti.org/images/logos/panda.gif 2009-09-30 Found nothing

http://virusscan.jotti.org/images/logos/clamav.gif 2009-10-01 Found nothing

http://virusscan.jotti.org/images/logos/quickheal.gif 2009-09-30 Found nothing

http://virusscan.jotti.org/images/logos/cpsecure.gif 2009-10-01 Found nothing

http://virusscan.jotti.org/images/logos/sophos.gif 2009-10-01 Found nothing

http://virusscan.jotti.org/images/logos/drweb.gif 2009-10-01 Found nothing

http://virusscan.jotti.org/images/logos/vba32.gif 2009-09-30 Found nothing

http://virusscan.jotti.org/images/logos/fprot.gif 2009-10-01 Found nothing

http://virusscan.jotti.org/images/logos/virusbuster.gif 2009-10-01 Found nothing

[chiaz]

All right. Can I know how your PC is running now?

[JIF]

Everything seems fine thanks very much

[chiaz]

It's time to remove ComboFix.

 

Go to to Start > Run

Type in box

 

combofix /u

 

Note: the space between the X and the /u

 

Press Enter.

 

This command will:

 

Delete the following:

ComboFix and its associated files and folders.

VundoFix backups, if present

The C:\Deckard folder, if present

The C:_OtMoveIt folder, if present

 

Reset the clock settings.

Hide file extensions, if required.

Hide System/Hidden files, if required.

Reset System Restore.

[chiaz]

Hey JIF,

 

Maynardvdm spotted something that I missed. The file that you ran through Jotti was EXCEL.EXE. But what I needed you to upload was:

C:\Users\Martin\Desktop\Microsoft Word and Excel 2003 – Portable USB Edition\Microsoft Word and Excel 2003 – Portable USB Edition\WINWORD.EXE

 

 

If the scan still turns out clean, then you should be fine. But if any scanner detects it as malware, then you may want to post back here. :)

[JIF]

everything is ok i have also deleted combo fix