Inactive pc crashing when starting browser

notrin · 2010/08/10

[Inactive] pc crashing when starting browser

ran malwarebytes. coudlnt update it tho. so ran basic, it found a buncha errors, removed them. rebooted

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 15:54:58.50 on Tue 08/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.594 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe 4
C:\WINDOWS\system32\spoolsv.exe
svchost.exe 4
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\Administrator\Application Data\U3\07615871711339ED\LaunchPad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
G:\dds.scr
G:\dds.scr
G:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261508068218
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-17 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-23 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-23 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-23 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-22 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-22 308136]
S0 cerc6;cerc6; [x]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2004-4-19 6656]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-9 38496]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2010-3-31 91841]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]

=============== Created Last 30 ================

2010-08-10 21:28:47 0 d-----w- c:\program files\Trend Micro
2010-08-09 21:26:25 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-08-09 21:26:24 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-09 21:26:21 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-09 21:26:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-09 21:26:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-08 20:15:49 0 d-----w- c:\docume~1\admini~1\applic~1\MSNInstaller
2010-08-04 16:11:26 0 d-----w- c:\docume~1\admini~1\applic~1\CVS
2010-08-04 16:11:23 0 d-sh--w- c:\windows\ftpcache
2010-07-22 20:28:50 12536 ----a-w- c:\windows\system32\avgrsstx.dll

==================== Find3M ====================

2010-07-22 20:28:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-22 20:28:42 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-17 04:29:20 15880 ----a-w- c:\windows\system32\lsdelete.exe

============= FINISH: 15:56:27.50 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/15/2009 2:08:12 PM
System Uptime: 8/10/2010 3:50:37 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2791/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 25.573 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP155: 5/10/2010 8:47:26 PM - System Checkpoint
RP156: 5/11/2010 9:54:53 PM - System Checkpoint
RP157: 5/12/2010 11:37:13 PM - System Checkpoint
RP158: 5/13/2010 3:00:16 AM - Software Distribution Service 3.0
RP159: 5/14/2010 3:37:11 AM - System Checkpoint
RP160: 5/15/2010 3:39:51 AM - System Checkpoint
RP161: 5/16/2010 5:37:11 AM - System Checkpoint
RP162: 5/17/2010 11:55:14 AM - System Checkpoint
RP163: 5/18/2010 1:03:13 PM - System Checkpoint
RP164: 5/19/2010 2:08:43 PM - System Checkpoint
RP165: 5/20/2010 5:10:56 PM - System Checkpoint
RP166: 5/21/2010 7:32:54 PM - System Checkpoint
RP167: 5/22/2010 9:33:30 PM - System Checkpoint
RP168: 5/23/2010 11:20:11 PM - System Checkpoint
RP169: 5/25/2010 1:00:01 AM - System Checkpoint
RP170: 5/25/2010 12:02:40 PM - Software Distribution Service 3.0
RP171: 5/26/2010 2:21:35 PM - System Checkpoint
RP172: 5/27/2010 4:08:23 PM - System Checkpoint
RP173: 5/28/2010 6:19:57 PM - System Checkpoint
RP174: 5/29/2010 6:43:23 PM - System Checkpoint
RP175: 5/30/2010 8:48:34 PM - System Checkpoint
RP176: 5/31/2010 9:57:41 PM - System Checkpoint
RP177: 6/1/2010 10:43:23 PM - System Checkpoint
RP178: 6/2/2010 9:05:08 AM - Avg Update
RP179: 6/3/2010 12:47:45 PM - System Checkpoint
RP180: 6/4/2010 1:47:47 PM - System Checkpoint
RP181: 6/5/2010 2:14:07 PM - System Checkpoint
RP182: 6/6/2010 3:29:21 PM - System Checkpoint
RP183: 6/7/2010 3:45:39 PM - System Checkpoint
RP184: 6/8/2010 6:24:01 PM - System Checkpoint
RP185: 6/9/2010 7:45:38 PM - System Checkpoint
RP186: 6/10/2010 3:00:17 AM - Software Distribution Service 3.0
RP187: 6/11/2010 3:17:47 AM - System Checkpoint
RP188: 6/12/2010 3:22:16 AM - System Checkpoint
RP189: 6/13/2010 5:22:16 AM - System Checkpoint
RP190: 6/14/2010 6:30:11 AM - System Checkpoint
RP191: 6/15/2010 6:30:17 AM - System Checkpoint
RP192: 6/16/2010 8:29:54 AM - System Checkpoint
RP193: 6/17/2010 10:29:54 AM - System Checkpoint
RP194: 6/18/2010 2:14:29 PM - System Checkpoint
RP195: 6/19/2010 3:27:27 PM - System Checkpoint
RP196: 6/20/2010 5:45:10 PM - System Checkpoint
RP197: 6/21/2010 6:41:54 PM - System Checkpoint
RP198: 6/22/2010 8:29:54 PM - System Checkpoint
RP199: 6/23/2010 12:46:23 PM - Software Distribution Service 3.0
RP200: 6/24/2010 9:40:42 AM - Avg Update
RP201: 6/25/2010 9:50:54 AM - System Checkpoint
RP202: 6/26/2010 11:51:59 AM - System Checkpoint
RP203: 6/27/2010 1:52:00 PM - System Checkpoint
RP204: 6/28/2010 4:02:12 PM - System Checkpoint
RP205: 6/29/2010 6:24:31 PM - System Checkpoint
RP206: 6/30/2010 6:30:39 PM - System Checkpoint
RP207: 7/22/2010 11:01:08 AM - System Checkpoint
RP208: 7/22/2010 2:27:52 PM - Avg Update
RP209: 7/22/2010 2:29:00 PM - Avg Update
RP210: 7/23/2010 3:00:17 AM - Software Distribution Service 3.0
RP211: 7/24/2010 4:49:06 AM - System Checkpoint
RP212: 7/25/2010 11:50:57 AM - System Checkpoint
RP213: 7/26/2010 12:54:32 PM - System Checkpoint
RP214: 7/27/2010 1:30:32 PM - System Checkpoint
RP215: 7/28/2010 3:06:42 PM - System Checkpoint
RP216: 7/29/2010 4:37:04 PM - System Checkpoint
RP217: 7/30/2010 5:47:51 PM - System Checkpoint
RP218: 7/31/2010 9:15:12 PM - System Checkpoint
RP219: 8/1/2010 10:47:55 PM - System Checkpoint
RP220: 8/3/2010 12:24:11 AM - System Checkpoint
RP221: 8/3/2010 3:00:15 AM - Software Distribution Service 3.0
RP222: 8/4/2010 3:21:13 AM - System Checkpoint
RP223: 8/5/2010 10:30:25 AM - System Checkpoint
RP224: 8/6/2010 12:38:36 PM - System Checkpoint
RP225: 8/7/2010 1:22:18 PM - System Checkpoint
RP226: 8/8/2010 3:13:22 PM - System Checkpoint
RP227: 8/10/2010 2:23:27 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Advanced Video FX Utility
AVG Free 9.0
BCM V.92 56K Modem
blinkx beat
Broadcom 440x 10/100 Integrated Controller
Creative Photo Manager
Creative WebCam Center
Creative WebCam Live! Driver (1.02.03.0606)
Creative WebCam Live! User's Guide (English)
Dell ResourceCD
Facebook Plug-In
Get Yahoo! Messenger
Google Chrome
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
Java(TM) 6 Update 16
Lightning Storm Premium Screen Saver
LimeWire 5.4.6
Living 3D Dolphins Full Screen Saver
Living Waterfalls Wallpaper #1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSN
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SightSpeed
SoundMAX
The Weather Channel Desktop 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Waterfalls Animated Wallpaper
WebCam Live! Product Registration
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
Yahoo! BrowserPlus
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/9/2010 3:25:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/9/2010 3:25:17 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/9/2010 3:19:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm OMCI
8/9/2010 1:39:48 PM, error: Dhcp [1002] - The IP address lease 174.44.140.60 for the Network Card with network address 000D566897A7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/8/2010 2:16:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the crd service to connect.
8/8/2010 2:16:04 PM, error: Service Control Manager [7000] - The crd service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/7/2010 10:10:54 AM, error: System Error [1003] - Error code 00000006, parameter1 00000000, parameter2 00000000, parameter3 00000000, parameter4 00000000.
8/7/2010 10:10:41 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 00000038, parameter3 eeba7bc0, parameter4 00000000.
8/10/2010 9:49:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/10/2010 2:03:04 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 00000038, parameter3 ee348bc0, parameter4 00000000.
8/10/2010 2:01:02 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
8/10/2010 1:11:01 PM, error: Service Control Manager [7022] - The WebClient service hung on starting.

==== End Of File ===========================

Admin. · 2010/08/10

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

broni · 2010/08/10

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

notrin · 2010/08/10

i have ran malwarebytes. cannot update it. malware i am infected with is preventing any online activities. installed older version of malwarebytes, it finds stuff. can post that log tomorrow when at work.

should i do the other steps before running an updated malware scan?

broni · 2010/08/10

You may as well.
It doesn't matter, which one goes first.

notrin · 2010/08/10

ok thanks man, will do that tomororw, and talk to you in the eve!

broni · 2010/08/10

No problem

notrin · 2010/08/13

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-13 13:07:15
Windows 5.1.2600 Service Pack 3
Running: pf6vxjiz.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\agayafoc.sys

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[316] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3008] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3008] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3008] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3008] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3008] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3008] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3008] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3008] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3008] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** ) 2872
Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** ) 3008

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\LocalService\Cookies\system@d1.openx[2].txt 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8508LYJH\t[3].gif 49 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8508LYJH\iframe3[1].htm 1147 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8508LYJH\iframe3[2].htm 1252 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8508LYJH\ros;dcopt=ist;;tile=1;sz=300x250;ord=9659311751[1] 337 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8508LYJH\track[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8508LYJH\adsCANLY630 1135 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8508LYJH\adsCAUUCYLI 4795 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8508LYJH\ads[11].htm 7010 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8508LYJH\impCATQGEYN 902 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8508LYJH\__utmCANQUIM4.gif 35 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8508LYJH\__utmCAQRACGI.gif 35 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8508LYJH\__utmCAVPPZLN.gif 35 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8508LYJH\=,idgt-35795701_1281714120,11a8fde8678f263,ads,;;dcopt=ist;env=ifr;tile=1;fold=above;ord1=34641;dc=s;sec=home;sz=728x90;contx=ads;btg=;ord=6041287893541338[1] 329 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8508LYJH\57823077[2].js 1 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8508LYJH\vh%253Fz%253Dpdn%2526dim%253D753179[11] 7669 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TTM37FBG\impCACBPWUW 931 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TTM37FBG\adsCAFN0QM5.htm 3701 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TTM37FBG\lgCAEIQTC8.gif 43 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TTM37FBG\s2[3].htm 26636 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TTM37FBG\impCAZC61QI 879 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TTM37FBG\v114_rrr_offer_300x250[1].swf 32695 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TTM37FBG\event[9].flow 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TTM37FBG\mapuid[3] 154 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TTM37FBG\impCAUBXDUJ 1589 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TTM37FBG\impCA84TDCJ 1296 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VK01R0XD\iframe3[1].htm 535 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VK01R0XD\iframe3[2].htm 1226 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VK01R0XD\g[3].json 87 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VK01R0XD\adServerESI[1].aspx 4 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VK01R0XD\08740c92ccdd194e2e0ae327f87056a4[1].jpg 20067 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VK01R0XD\1-rs_samsung_300x250[1].swf 39992 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZFAWIV5R\borderBottomCenter[5].htm 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZFAWIV5R\cd53f1660e700d446f79e8f59e041224[5].swf 18766 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZFAWIV5R\gateway_adlogicCASNO9Z9.xml 628 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZFAWIV5R\aclk[1].htm 6677 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZFAWIV5R\jsonpoll[2] 122 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZFAWIV5R\impCAXHRH5R 63 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZFAWIV5R\travel[2] 1410 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZFAWIV5R\impCAIL82ZN 1294 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZFAWIV5R\refurb_world_300x250_062310[1].swf 38612 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZFAWIV5R\audmeasure[1].gif 43 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZFAWIV5R\iframe3[1].htm 864 bytes

---- EOF - GMER 1.0.15 ----

notrin · 2010/08/13

Mbr

1Ã€Å½Ã˜Å½Ã€Å½Ã¼ |¾ |¿ ¹â‚¬ Ã¼Ã³f¥Ãª f1Ã€¾¾±f9Drfâ€¹DfDÆ’Ã†Æ’.{Ã¢Ã¨f Ã€tDfÆ’Ã€¹@ » |¿Æ’.{Ã¨v r-fhÆ’Ã„fhFÃ¢Ã¹fhâ‚¬Ã¿Ã—0fhâ€°Ãƒ¹ fh¾ |fÆ’Æ’ufâ€˜fQfPfYfXÃ¨¾¾±â‚¬<â‚¬t8,â€¦â„¢ Æ’Ã†Ã¢Ã°fâ€¡Ã±fâ€¡ÃŽÃfâ€¹Dâ€°Ã£¹ Ã¨ s
â€¹L¸Ãâ€š >Ã¾}Uªâ€¦¥ Ãª | f`»ªU´AÃsÃ¹faÃƒÃ»UªuÃ¶Ã¶ÃtÃ±faf`j j fPSQj´Bâ€°Ã¦ÃafaÃƒfiÃ›Ã½C fÃƒÃƒÅ¾& fâ€°Ã˜fÃÃ¨f%Ã¿ Ãƒ^¬Ã€tÃ¼V» ´ÃÃÃ¨ÃªÃ¿Invalid partition table Ã¨ÃÃ¿Error loading operating system fâ€˜fQfPfYfXÃ¨£Ã¿Missing operating system Å¾nÃ‰ â‚¬ Ã¾Ã¿Ã¿? Ã¾¿Ã» Uª

notrin · 2010/08/13

hmm i posted gmer but dont see log post show up;

notrin · 2010/08/13

"notrin said: ↑

1Ã€Å½Ã˜Å½Ã€Å½Ã¼ |¾ |¿ ¹â‚¬ Ã¼Ã³f¥Ãª f1Ã€¾¾±f9Drfâ€¹DfDÆ’Ã†Æ’.{Ã¢Ã¨f Ã€tDfÆ’Ã€¹@ » |¿Æ’.{Ã¨v r-fhÆ’Ã„fhFÃ¢Ã¹fhâ‚¬Ã¿Ã—0fhâ€°Ãƒ¹ fh¾ |fÆ’Æ’ufâ€˜fQfPfYfXÃ¨¾¾±â‚¬<â‚¬t8,â€¦â„¢ Æ’Ã†Ã¢Ã°fâ€¡Ã±fâ€¡ÃŽÃfâ€¹Dâ€°Ã£¹ Ã¨ s
â€¹L¸Ãâ€š >Ã¾}Uªâ€¦¥ Ãª | f`»ªU´AÃsÃ¹faÃƒÃ»UªuÃ¶Ã¶ÃtÃ±faf`j j fPSQj´Bâ€°Ã¦ÃafaÃƒfiÃ›Ã½C fÃƒÃƒÅ¾& fâ€°Ã˜fÃÃ¨f%Ã¿ Ãƒ^¬Ã€tÃ¼V» ´ÃÃ«Ã®Ã¨ÃªÃ¿Invalid partition table Ã¨ÃÃ¿Error loading operating system fâ€˜fQfPfYfXÃ¨£Ã¿Missing operating system Å¾nÃ‰ â‚¬ Ã¾Ã¿Ã¿? Ã¾¿Ã» Uª
Click to expand...

assuming this is wrong? cuz there is an OS its booted up. i chose physical drive 0, tried to do 1 and it says no drive. so assuming i did it right.

broni · 2010/08/13

No worries.
Proceed with MBAM.

notrin · 2010/08/16

cannot update malwarebytes. cannot run any browser still. but i can ping google.com.

is there a exe to update definitons for Malwarebytes?
i ran a non-updated scan of it, and it found 4 the 2nd time. here is 2 logs

one:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

8/16/2010 8:30:09 AM
mbam-log-2010-08-16 (08-30-09).txt

Scan type: Quick Scan
Objects scanned: 70954
Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Administrator\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\FunWebProducts\Data\Administrator (Adware.MyWay) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Administrator\Application Data\FunWebProducts\Data\Administrator\avatar.dat (Adware.MyWay) -> Quarantined and deleted successfully.

two:

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

8/10/2010 9:49:16 AM
mbam-log-2010-08-10 (09-49-16).txt

Scan type: Quick Scan
Objects scanned: 67441
Time elapsed: 16 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 26
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

broni · 2010/08/16

That's fine. We'll re-run MBAM later, when your computer is more stable.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

=================================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

notrin · 2010/08/17

http://www.simplixity.net/rkill.log
http://www.simplixity.net/exehelperlog.txt

tried to do combofix once, but pc crashed, gonna retry, not sure if the anti viri was enabled.

notrin · 2010/08/17

http://simplixity.net/combofixlog.txt

broni · 2010/08/17

Please, always paste all logs inside your reply.

Delete your Combofix file, download fresh one, but rename combofix.exe to broni.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Run rKill, exehelper and then broni.exe

If still a problem, run all 3 tools from safe mode.

notrin · 2010/08/18

i can get on the internet now, but malwarebytes can not connect to update.

notrin · 2010/08/18

i ran in safemode too

broni · 2010/08/18

ComboFix 10-08-16.03 - Administrator 08/17/2010 12:00:38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.675 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-10 21:53 . 2010-08-10 21:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-08-10 21:28 . 2010-08-10 21:28 -------- d-----w- c:\program files\Trend Micro
2010-08-10 21:22 . 2010-08-10 21:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-08-10 20:07 . 2010-08-10 20:07 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-08-10 20:06 . 2010-08-10 20:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-08-09 21:26 . 2010-08-09 21:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-09 21:26 . 2009-04-06 21:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-09 21:26 . 2009-04-06 21:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-09 21:26 . 2010-08-12 22:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-09 21:26 . 2010-08-09 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-09 21:24 . 2010-08-09 21:24 3158262 ----a-w- c:\documents and settings\Administrator\Application Data\CVS\CVS Viewer\PhotoViewer_intro.exe
2010-08-09 21:24 . 2010-08-09 21:24 1214464 ----a-w- c:\documents and settings\Administrator\Application Data\CVS\CVS Viewer\exiv2.exe
2010-08-08 20:15 . 2010-08-08 20:15 1244648 ----a-w- c:\documents and settings\Administrator\Application Data\MSNInstaller\msnauins.exe
2010-08-08 20:15 . 2010-08-08 20:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSNInstaller
2010-08-04 16:11 . 2010-08-09 21:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\CVS
2010-08-04 16:11 . 2010-08-04 16:11 -------- d-sh--w- c:\windows\ftpcache
2010-08-01 22:45 . 2010-08-01 22:45 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-08-01 22:45 . 2010-08-01 22:45 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-08-01 22:45 . 2010-08-01 22:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-07-25 19:01 . 2010-07-25 19:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-22 20:29 . 2010-07-22 20:29 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-22 20:29 . 2010-07-22 20:29 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-22 20:28 . 2010-07-22 20:28 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-22 20:27 . 2010-07-22 20:27 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-22 20:27 . 2010-07-22 20:27 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-22 20:27 . 2010-07-22 20:27 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-22 20:27 . 2010-07-22 20:27 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 21:08 . 2010-03-18 03:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-11 15:51 . 2010-03-18 04:24 -------- d-----w- c:\program files\Lavasoft
2010-08-11 15:51 . 2010-03-18 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-22 20:28 . 2009-12-23 21:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-22 20:28 . 2009-12-23 21:52 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2008-04-14 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-10-15 20:03 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 15:05 . 2009-12-23 21:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate "= "c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-10-28 257440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-22 20:28 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-07-22 16:14 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-07-22 20:28 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 10:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2009-10-08 19:13 818288 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-31 15:37 136176 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 14:59 126976 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-19 14:59 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD0630 STISvc]
2005-06-05 17:01 36864 ----a-r- c:\windows\system32\P0630Pin.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe "=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/23/2009 3:52 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/23/2009 3:52 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/22/2010 2:28 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/22/2010 2:28 PM 308136]
S0 cerc6;cerc6; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [4/19/2004 3:01 PM 6656]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/9/2010 3:26 PM 38496]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [3/31/2010 2:20 PM 91841]
.
Contents of the 'Scheduled Tasks' folder

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1454471165-1417001333-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-31 15:37]

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1454471165-1417001333-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-31 15:37]

2010-08-16 c:\windows\Tasks\User_Feed_Synchronization-{899B1AF7-6C37-4AF9-AD25-32A53F5F5D08}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
MSConfigStartUp-mpldtnta - c:\documents and settings\Administrator\Local Settings\Application Data\bygjbw\wlrtsftav.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 12:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,12,8d,07,a1,50,8d,42,af,46,fb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,12,8d,07,a1,50,8d,42,af,46,fb,\

[HKEY_USERS\S-1-5-21-1715567821-1454471165-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,59,fa,98,1c,2e,8a,4a,bc,69,c1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,e5,2a,28,ed,26,68,41,9a,79,c6,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,59,fa,98,1c,2e,8a,4a,bc,69,c1,\
.
Completion time: 2010-08-17 12:13:01
ComboFix-quarantined-files.txt 2010-08-17 18:12

Pre-Run: 27,574,054,912 bytes free
Post-Run: 28,195,336,192 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A9480141C55E3A97253A5DE15B80069F

Log in or Sign up

Inactive pc crashing when starting browser

notrin Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

notrin Inactive Thread Starter

broni Moderator Malware Analyst

notrin Inactive Thread Starter

broni Moderator Malware Analyst

notrin Inactive Thread Starter

notrin Inactive Thread Starter

notrin Inactive Thread Starter

notrin Inactive Thread Starter

broni Moderator Malware Analyst

notrin Inactive Thread Starter

broni Moderator Malware Analyst

notrin Inactive Thread Starter

notrin Inactive Thread Starter

broni Moderator Malware Analyst

notrin Inactive Thread Starter

notrin Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive pc crashing when starting browser

notrin Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

notrin Inactive Thread Starter

broni Moderator Malware Analyst

notrin Inactive Thread Starter

broni Moderator Malware Analyst

notrin Inactive Thread Starter

notrin Inactive Thread Starter

notrin Inactive Thread Starter

notrin Inactive Thread Starter

broni Moderator Malware Analyst

notrin Inactive Thread Starter

broni Moderator Malware Analyst

notrin Inactive Thread Starter

notrin Inactive Thread Starter

broni Moderator Malware Analyst

notrin Inactive Thread Starter

notrin Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches