[dannykf]

After running Adaware, Spybot, and a virus scan and finding nothing but tracking cookies (deleted), my laptop is still running VERY slow. It is not limited to the internet, and when I'm starting up a program you can hear the processor working very hard and it takes a couple of minutes sometimes to even open Windows Explorer. So I am not positive this is a virus/trojan/spyware issue, but I just would like to make sure.

I've got a Toshiba laptop and running XP, Avast Antivirus, and have McAfee installed as well but turned off.

Please let me know if I need to post more information.

"Attach.zip" log files are attached and "DDS.txt" text is pasted below.

Thank you!


DDS (Ver_09-05-14.01) - NTFSx86
Run by Erica Chalkley at 13:05:41.55 on Thu 05/21/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.105 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090520-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Erica Chalkley\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TFncKy] TFncKy.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164527698000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: ,
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ericac~1\applic~1\mozilla\firefox\profiles\cx4b3dxa.default\
FF - component: c:\documents and settings\erica chalkley\application data\mozilla\firefox\profiles\cx4b3dxa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\erica chalkley\application data\mozilla\firefox\profiles\cx4b3dxa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\erica chalkley\application data\mozilla\firefox\profiles\cx4b3dxa.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-9 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-14 114768]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-10-22 58464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-14 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-14 138680]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-10-22 102463]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2004-9-22 28672]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-14 352920]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-10-22 108480]
S2 gupdate1c9bf7193a4f6a2;Google Update Service (gupdate1c9bf7193a4f6a2);c:\program files\google\update\GoogleUpdate.exe [2009-4-17 133104]
S2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2004-9-22 221191]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-14 254040]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-8 33752]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]

=============== Created Last 30 ================

2009-05-19 08:52 <DIR> --d----- c:\program files\Trend Micro
2009-05-16 11:14 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-16 11:14 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-11 18:44 <DIR> --d----- c:\windows\pss
2009-05-10 20:56 <DIR> --d----- c:\windows\system32\NtmsData
2009-05-09 21:47 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-09 21:42 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-05 14:37 <DIR> --d----- c:\docume~1\ericac~1\applic~1\QuickScan

==================== Find3M ====================

2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-30 08:53 2,713 ---sh--- c:\windows\system32\patonohe.exe
2009-03-20 14:50 3,358,720 a------- c:\windows\system32\GPhotos.scr
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-24 15:35 129,784 -------- c:\windows\system32\pxafs.dll
2009-02-24 15:35 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-02-24 15:35 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-02-24 15:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 15:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 15:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 15:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 15:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 15:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-01-12 10:24 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011220090113\index.dat

============= FINISH: 13:05:58.10 ===============

 

[chemist]

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

It appears that you have two antivirus programs installed and running, avast! and McAfee. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the other via Add or Remove Programs in your Control Panel.

I suggest you uninstall McAfee. If you uninstall McAfee, please do the following:

Please uninstall the following via the Add or Remove Programs section of your Control Panel if they still exist:

McAfee Anti-Spyware Enterprise Module
McAfee VirusScan Enterprise

Decline any prompt to restart your computer.

Please download the McAfee VirusScan Removal Tool VSCleanupTool.exe and Save it to your Desktop.

• Close all programs and double-click VSCleanupTool.exe then click Run
• Follow the on-screen instructions.
• Restart the computer if asked.
• Then delete VSCleanupTool.exe from your desktop.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

 

[chemist]

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------

 

[dannykf]

Slow Computer

My apologies, but I was unable to check back with a previous thread I started within the alloted time frame. I would still like assistance, if available, so I will post the previous thread regarding my slow computer/malware problem below.

Thank you!

http://www.techsupportforum.com/sec...s-log-help-inactive/378125-slow-computer.html

 

[chemist]

Hello dannykf. I need to see fresh logs to start again.

http://www.techsupportforum.com/f50...-posting-for-malware-removal-help-305963.html

------------------------------------------------------

 

[dannykf]

Very Slow Computer

Fairly new Dell desktop with windows XP. Everything from booting up to opening a file folder and browsing the internet is extremely slow. Thanks for your help!

DDS (Ver_09-05-14.01) - NTFSx86
Run by Melissa at 19:20:48.60 on Mon 06/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.383.106 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Melissa\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [masqform.exe] c:\program files\ibm\workplace forms\viewer\2.5\masqform.exe -RunOnce
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\melissa\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.0\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123517203968
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238538414000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\melissa\applic~1\mozilla\firefox\profiles\bbkeesh0.default\
FF - prefs.js: browser.startup.homepage - hxxps://gwweb01.albion.edu/gw/webacc

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-31 64160]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-6-18 565248]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-12-8 2440120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-5 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090531.018\NAVENG.SYS [2009-5-31 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090531.018\NAVEX15.SYS [2009-5-31 876144]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]

=============== Created Last 30 ================

2009-05-31 17:28 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-31 17:20 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-27 11:24 <DIR> --d----- c:\docume~1\melissa\applic~1\GetRightToGo

==================== Find3M ====================

2009-03-31 18:43 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-30 07:12 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-09 15:06 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll

============= FINISH: 19:21:53.29 ===============

 

[chemist]

Hello again, dannykf.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

This appears to be a totally different computer from the one you first posted about.

No malware is showing in your logs. We'll do a scan to look for remnants shortly.

You may need to seek help in one of our other Forums

Please read the following article: http://www.techsupportforum.com/security-center/hijackthis-log-help/247567-your-pc-running-slow.html

------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

These are all outdated, and security risks by having them installed still.

Leave this one as it has the latest definitions:

Java(TM) 6 Update 13

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

------------------------------------------------------

Please download ATF-Cleaner by Atribune and Save it to your Desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------------------

Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan at Kaspersky Online Scanner

Ensure your external and/or USB drives are inserted during the scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at any Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected.
• It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

 

[dannykf]

Again, I apologize. The second post was from another computer(a desktop), and I thought I was starting an entirely new thread separate than the original (a laptop). I will follow these instructions for the desktop, but then will I be able to start a new one for the laptop? Thanks, and sorry for the confusion. I appreciate your help.

Danny

 

[chemist]

No, please do it the other way. We will keep this thread for the laptop, and you can start a new thread for the desktop. So please go back to post #5 above and carry out those instructions for the laptop.

 

[dannykf]

Okay I have re-scanned the laptop and the files are attached. Thank you.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Erica Chalkley at 22:03:35.64 on Wed 06/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.80 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090601-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\RAMASST.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Erica Chalkley\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TFncKy] TFncKy.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164527698000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ericac~1\applic~1\mozilla\firefox\profiles\cx4b3dxa.default\
FF - component: c:\documents and settings\erica chalkley\application data\mozilla\firefox\profiles\cx4b3dxa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\erica chalkley\application data\mozilla\firefox\profiles\cx4b3dxa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\erica chalkley\application data\mozilla\firefox\profiles\cx4b3dxa.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-9 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-14 114768]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-10-22 58464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-14 20560]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-10-22 108480]

=============== Created Last 30 ================

2009-06-01 22:01 389,120 a------- c:\windows\system32\CF27683.exe
2009-06-01 21:58 389,120 a------- c:\windows\system32\CF27118.exe
2009-06-01 21:56 389,120 a------- c:\windows\system32\cmd.execf
2009-06-01 21:23 <DIR> a-dshr-- C:\cmdcons
2009-06-01 21:22 <DIR> --ds---- C:\ComboFix
2009-06-01 21:22 389,120 a------- c:\windows\system32\CF20446.exe
2009-06-01 21:13 154,624 a------- c:\windows\PEV.exe
2009-05-19 08:52 <DIR> --d----- c:\program files\Trend Micro
2009-05-16 11:14 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-16 11:14 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-11 18:44 <DIR> --d----- c:\windows\pss
2009-05-10 20:56 <DIR> --d----- c:\windows\system32\NtmsData
2009-05-09 21:47 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-09 21:42 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-05 14:37 <DIR> --d----- c:\docume~1\ericac~1\applic~1\QuickScan

==================== Find3M ====================

2009-03-30 08:53 2,713 ---sh--- c:\windows\system32\patonohe.exe
2009-03-20 14:50 3,358,720 a------- c:\windows\system32\GPhotos.scr
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-01-12 10:24 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011220090113\index.dat

============= FINISH: 22:05:40.96 ===============

 

[chemist]

Hello again, dannykf. It appears that you have two antivirus programs installed and running, avast! and McAfee. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the other via Add or Remove Programs in your Control Panel.

I suggest you uninstall McAfee. If you uninstall McAfee, please do the following:

Please uninstall the following via the Add or Remove Programs section of your Control Panel if they still exist:

McAfee Anti-Spyware Enterprise Module
McAfee VirusScan Enterprise

Decline any prompt to restart your computer.

------------------------------------------------------

Please download the McAfee VirusScan Removal Tool VSCleanupTool.exe and Save it to your Desktop.

• Close all programs and double-click VSCleanupTool.exe then click Run
• Follow the on-screen instructions.
• Restart the computer if asked.
• Then delete VSCleanupTool.exe from your desktop.

------------------------------------------------------

It appears you ran ComboFix.

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\ComboFix.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\QooBox\ComboFix-quarantined-files.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

 

[dannykf]

My Avast program is a trial version, and although I'd rather have it on the computer it was about to expire so if I end up purchasing it I will uninstall McAfee. So I uninstalled Avast just for now.

When I try to run "C:\ComboFix.txt" i get a message saying windows cannot find the file. If I open the C drive folder, the file is not there either. Though when I originally ran it, the program just stopped and quit when it said it was generating the report, and even after I left it overnight without touching it nothing happened. I tried to run the program again, but then it gave me a message that

It did however open the quarantined files log:

2009-01-15 09:26:28 A------- 1,126,400 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe.vir
2009-01-15 09:26:52 A------- 111 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090115092651968.log.vir
2009-01-15 09:27:23 A------- 15,000 C:\Qoobox\Quarantine\C\WINDOWS\system32\gsrf7iunwefihaw3und.dll.vir
2009-01-15 09:29:28 A------- 441 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSmtyl.dat.vir
2009-01-15 09:29:38 A------- 4,934 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSbjvb.log.vir
2009-01-15 11:00:04 A------- 84 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090115110003843.log.vir
2009-01-15 11:55:36 A------- 117 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090115115535796.log.vir
2009-01-16 12:30:30 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090116123030000.log.vir
2009-01-17 20:58:06 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090117205806078.log.vir
2009-01-17 21:45:21 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090117214521546.log.vir
2009-01-18 12:13:01 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090118121301171.log.vir
2009-01-18 23:08:23 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090118230823671.log.vir
2009-01-18 23:32:45 A------- 58 C:\Qoobox\Quarantine\catchme.log
2009-01-18 23:39:13 A------- 5,771 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-01-18 23:39:19 A------- 1,268 C:\Qoobox\Quarantine\Registry_backups\Legacy_TDSSSERV.SYS.reg.dat
2009-01-18 23:39:19 A------- 1,338 C:\Qoobox\Quarantine\Registry_backups\Service_TDSSserv.sys.reg.dat
2009-01-18 23:46:57 A------- 225 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-MS AntiSpyware 2009.reg.dat

Thanks a lot for your help. I appreciate it.

 

[chemist]

Hello again, dannykf. Please tell us how your system is behaving.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

J2SE Runtime Environment 5.0 Update 6

These are all outdated, and security risks by having them installed still.

Leave this one as it has the latest definitions:

Java(TM) 6 Update 13

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

When updating in the future, make sure you untick the box next to Yahoo Toolbar for Firefox/Mozilla or MSN Toolbar unless you want it.

------------------------------------------------------

Please download ATF-Cleaner by Atribune and Save it to your Desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------------------

Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan at Kaspersky Online Scanner

Ensure your external and/or USB drives are inserted during the scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at any Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected.
• It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Please post the following in your next reply:

Kaspersky report
report on system behavior

 

[dannykf]

My Avast program is a trial version, and although I'd rather have it on the computer it was about to expire so if I end up purchasing it I will uninstall McAfee. So I uninstalled Avast just for now.

When I try to run "C:\ComboFix.txt" i get a message saying windows cannot find the file. If I open the C drive folder, the file is not there either. Though when I originally ran it, the program just stopped and quit when it said it was generating the report, and even after I left it overnight without touching it nothing happened. I tried to run the program again, but then it gave me a message that

It did however open the quarantined files log:

2009-01-15 09:26:28 A------- 1,126,400 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe.vir
2009-01-15 09:26:52 A------- 111 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090115092651968.log.vir
2009-01-15 09:27:23 A------- 15,000 C:\Qoobox\Quarantine\C\WINDOWS\system32\gsrf7iunwefihaw3und.dll.vir
2009-01-15 09:29:28 A------- 441 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSmtyl.dat.vir
2009-01-15 09:29:38 A------- 4,934 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSbjvb.log.vir
2009-01-15 11:00:04 A------- 84 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090115110003843.log.vir
2009-01-15 11:55:36 A------- 117 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090115115535796.log.vir
2009-01-16 12:30:30 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090116123030000.log.vir
2009-01-17 20:58:06 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090117205806078.log.vir
2009-01-17 21:45:21 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090117214521546.log.vir
2009-01-18 12:13:01 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090118121301171.log.vir
2009-01-18 23:08:23 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090118230823671.log.vir
2009-01-18 23:32:45 A------- 58 C:\Qoobox\Quarantine\catchme.log
2009-01-18 23:39:13 A------- 5,771 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-01-18 23:39:19 A------- 1,268 C:\Qoobox\Quarantine\Registry_backups\Legacy_TDSSSERV.SYS.reg.dat
2009-01-18 23:39:19 A------- 1,338 C:\Qoobox\Quarantine\Registry_backups\Service_TDSSserv.sys.reg.dat
2009-01-18 23:46:57 A------- 225 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-MS AntiSpyware 2009.reg.dat

Thanks a lot for your help. I appreciate it.

 

[chemist]

Please go back up to post #13 and follow the instructions.

 

[dannykf]

The first time I ran the Kaspersky scan it came up with no results. Though I'm going to run it again because I checked and there was still a McAfee process running. I will scan it overnight and post the results as well as an update on the performance. Just didn't want you to close the thread. Thanks!

 

[chemist]

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------