Need a reshen-Me-Up.. Toolbar bs

**kidkrops** · 2012-09-10, 10:27

Hey guys, need help cleaning my pC

Here are my logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Joe at 4:12:14 on 2012-09-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2476 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Joe.TRADE2WIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Joe.TRADE2WIN\Desktop\Utorrent downloads\uTorrent.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\WINDOWS\system32\dmwu.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchnu.com/406
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
BHO: Vid-Saver: {11111111-1111-1111-1111-110011341191} - c:\program files\vid-saver\Vid-Saver.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - c:\program files\incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - c:\program files\incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\joe.trade2win\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\documents and settings\joe.trade2win\desktop\utorrent downloads\uTorrent.exe" /MINIMIZED
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-IIDDT.exe" /REG /REGSVRMODE
StartupFolder: c:\docume~1\joe~1.tra\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167648530484
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://scottrade.webex.com/client/T27LD/nbr/ieatgpc.cab
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
TCP: Interfaces\{3A7AD81D-B8B9-488A-BFFE-A71F7AF2EE21} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CB5DC14C-7B25-4BF7-8AB3-473A441D6398} : DhcpNameServer = 167.206.251.129 167.206.251.130
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-8-29 1385896]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-5-30 185856]
R2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-9-10 362104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-10 08:10:14 -------- d-----w- C:\83b715b0b8e0c7b63c531ad7
2012-09-10 08:05:59 55296 ----a-w- c:\windows\system32\SET31A.tmp
2012-09-10 08:05:59 247808 ----a-w- c:\program files\internet explorer\SET326.tmp
2012-09-10 08:05:59 184320 ----a-w- c:\windows\system32\SET320.tmp
2012-09-10 08:05:59 12800 ----a-w- c:\program files\internet explorer\SET324.tmp
2012-09-10 08:05:59 105984 ----a-w- c:\windows\system32\SET315.tmp
2012-09-10 08:05:58 916992 ----a-w- c:\windows\system32\SET313.tmp
2012-09-10 08:05:58 629760 ----a-w- c:\windows\system32\SET31B.tmp
2012-09-10 08:05:58 2000384 ----a-w- c:\windows\system32\SET31F.tmp
2012-09-10 08:05:58 1212416 ----a-w- c:\windows\system32\SET314.tmp
2012-09-10 08:05:57 6008320 ----a-w- c:\windows\system32\SET319.tmp
2012-09-10 08:05:45 536576 ----a-w- c:\program files\common files\system\ado\SET1F2.tmp
2012-09-10 08:02:28 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-09-10 08:02:28 632656 ----a-w- c:\windows\system32\msvcr80.dll
2012-09-10 08:02:28 554832 ----a-w- c:\windows\system32\msvcp80.dll
2012-09-10 08:02:28 479232 ----a-w- c:\windows\system32\msvcm80.dll
2012-09-10 08:02:28 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-09-10 08:02:28 362104 ----a-w- c:\windows\system32\dmwu.exe
2012-09-10 08:02:28 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-09-10 08:02:28 -------- d-----w- c:\windows\system32\ARFC
2012-09-10 08:02:27 753152 ----a-w- c:\windows\is-IIDDT.exe
2012-09-10 08:02:27 -------- d-----w- c:\windows\system32\WNLT
.
==================== Find3M ====================
.
2012-07-06 13:58:52 337920 ----a-w- c:\windows\system32\SET35A.tmp
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\SET35B.tmp
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 03:19:34 11111424 ----a-w- c:\windows\system32\SET321.tmp
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 4:12:39.85 ===============

Answmbr report:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-10 04:14:18
-----------------------------
04:14:18.115 OS Version: Windows 5.1.2600 Service Pack 3
04:14:18.115 Number of processors: 4 586 0xF0B
04:14:18.115 ComputerName: TRADE2WIN UserName: Joe
04:14:18.396 Initialize success
04:15:37.633 AVAST engine defs: 12090901
04:16:17.557 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
04:16:17.572 Disk 0 Vendor: ST3160815AS 3.AAC Size: 152627MB BusType: 3
04:16:17.572 Disk 0 MBR read successfully
04:16:17.572 Disk 0 MBR scan
04:16:17.588 Disk 0 Windows XP default MBR code
04:16:17.588 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 10189 MB offset 63
04:16:17.588 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142437 MB offset 20868435
04:16:17.604 Disk 0 scanning sectors +312579760
04:16:17.666 Disk 0 scanning C:\WINDOWS\system32\drivers
04:16:24.445 Service scanning
04:16:36.488 Modules scanning
04:16:39.409 Disk 0 trace - called modules:
04:16:39.424 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
04:16:39.424 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac0dab8]
04:16:39.424 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000005c[0x8ac78f18]
04:16:39.424 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8ac2cd98]
04:16:39.799 AVAST engine scan C:\WINDOWS
04:16:51.951 AVAST engine scan C:\WINDOWS\system32
04:19:03.655 AVAST engine scan C:\WINDOWS\system32\drivers
04:19:14.416 AVAST engine scan C:\Documents and Settings\Joe.TRADE2WIN
04:22:47.785 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
04:22:57.657 Scan finished successfully
04:23:06.529 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Joe.TRADE2WIN\Desktop\help\MBR.dat"
04:23:06.529 The log file has been saved successfully to "C:\Documents and Settings\Joe.TRADE2WIN\Desktop\help\aswMBR.txt"

**tashi** · 2012-09-10, 16:36

Hello kidkrops,

You have an open topic: http://forums.spybot.info/showthread...696#post430696

The person helping last posted Sep 6th, 2012 asking for a log to be presented.

Best regards,

Thread: Need a reshen-Me-Up.. Toolbar bs

Thread Tools

Display

Need a reshen-Me-Up.. Toolbar bs

Posting Permissions