ie redirects and possible maleware prob.

jhawke · May 22, 2011

oops, here is the dds log , and i zipped the TDSSKiller log which is attached
Thank you!
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by debbi at 0:33:52.67 on Sun 05/22/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1502.1129 [GMT -7:00]
.
AV: Personal Internet Security 2011 *Enabled/Updated* {C5710F20-D491-416C-81BD-384D5383CEFD}
FW: Personal Internet Security 2011 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\debbi\Desktop\computer fix\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safer-networking.org/en/home/index.html
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {54BA686E-738F-42FE-BADD-D8CB7CFBC07E} - No File
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: &Search - http://tbedits.retrogamer.com/one-t...6228-9EFE-4526-87B6-83BC053993C3&n=2011041723
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://tuserver:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://tuserver:4343/officescan/console/ClientInstall/setupini.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://tuserver:4343/officescan/console/ClientInstall/setup.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://tuserver:4343/officescan/console/ClientInstall/RemoveCtrl.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304568629125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\docume~1\debbi\locals~1\applic~1\skype\shared\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-4-6 3456]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2009-12-19 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2009-12-19 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2009-12-19 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2009-12-19 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2009-12-19 118800]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S4 iComment Upgrade Service;iComment Upgrade Service;"c:\program files\icomment 2.1.22\upgradeservice.exe" --> c:\program files\icomment 2.1.22\UpgradeService.exe [?]
.
=============== Created Last 30 ================
.
2011-05-20 21:43:43 -------- d-----w- c:\docume~1\debbi\applic~1\Malwarebytes
2011-05-20 21:43:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 21:43:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-20 21:43:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 21:43:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-16 01:04:44 -------- d-----w- c:\windows\system32\LogFiles
2011-04-28 01:02:54 -------- d-----w- c:\docume~1\debbi\applic~1\simppulltoolbar
2011-04-24 08:06:36 -------- d-----w- c:\docume~1\debbi\applic~1\bsbandmltbpi
2011-04-24 08:00:07 -------- d-----w- c:\docume~1\debbi\applic~1\mediabarbs
2011-04-24 08:00:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\52DE
2011-04-24 07:59:50 -------- d-----w- c:\docume~1\debbi\locals~1\applic~1\BearShare
2011-04-24 07:59:01 -------- d-----w- c:\program files\BearShare Applications
2011-04-24 07:38:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Fighters
2011-04-24 05:27:46 -------- d-----w- c:\docume~1\debbi\applic~1\com.w3i.plyt
2011-04-24 04:34:12 -------- d-----w- c:\docume~1\debbi\locals~1\applic~1\PackageAware
2011-04-24 04:33:03 -------- d-----w- c:\program files\common files\Symantec Shared
2011-04-24 04:26:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\EmailNotifier
2011-04-24 04:25:59 -------- d-----w- c:\program files\simppulltoolbar
2011-04-24 04:04:12 -------- d-----w- c:\docume~1\debbi\applic~1\ooVoo Details
2011-04-24 04:00:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\WeCareReminder
2011-04-24 03:59:14 -------- d-----w- c:\program files\Yahoo!
2011-04-22 19:47:06 -------- d-----w- c:\docume~1\debbi\applic~1\iComment
2011-04-22 19:47:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\iComment
2011-04-22 19:47:05 -------- d-----w- c:\docume~1\debbi\applic~1\Sammsoft
2011-04-22 19:47:05 -------- d-----w- c:\docume~1\debbi\applic~1\Rubar-Toolbar
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 0:34:25.28 ===============

Jack&Jill · May 23, 2011

Hello jhawke

,

Hope your day went ok.

Thanks. Hope yours are always getting better as well.

Please use RegQuery again to check this key:

Code:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer

I need to look at it before we clean up the rest of the malware.

jhawke · May 24, 2011

Hey there!

Here is the requested RegQuery log

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"DisallowRun"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

Jack&Jill · May 24, 2011

Hello jhawke

,

Please download ERUNT© by Lars Hederer from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Backup your registry with ERUNT

Double click on erunt-setup.exe and run the installation setup.
Follow the setup instructions until you reach Select Additional Tasks, uncheck (untick) Create NTREGOPT desktop icon.
Continue until you get prompted to run ERUNT at startup. Choose No.
Next, make sure Launch ERUNT is checked (ticked) and click Finish.
Click OK when ERUNT is launched, and accept all default setting. ERUNT will then backup the registry.

--------------------

Please download OTM© by Old Timer from one of the links below and save it to your desktop.

Link 1
Link 2

Double click OTM.exe to run it.

Copy and paste the following text into the white box under Paste Instructions for Items to be Moved:

Code:

:files
c:\documents and settings\debbi\application data\personal internet security 2011
c:\documents and settings\all users\application data\6ece77

:reg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options]
"Debugger"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}]
[-HKEY_CLASSES_ROOT\CLSID\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}]
[-HKEY_CLASSES_ROOT\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}]
[-HKEY_CLASSES_ROOT\CLSID\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}]

:commands
[CREATERESTOREPOINT]
[resethosts]
[emptytemp]

Click the red MoveIt! button.
Copy everything in the Results window (under the green bar) and paste it in your next reply.
The results can also be found in C:\_OTM\MovedFiles folder, the log file being named MMDDYYYY_HHMMSS.log, where MMDDYYYY_HHMMSS represent the date and time the fix was performed.

--------------------

Please post back:
1. the OTM result
2. how is your computer now?

Jack&Jill · May 26, 2011

Hello jhawke

,

I usually close the topic after 3 days without any reply, and it has already been 2 days since my last post. Do you still need help? Any problems following my instructions? Need more time?

If I do not get any response within the next 24 hours, this topic will be closed.

jhawke · May 26, 2011

hi, yes i still need help, i'm still working on your last fix.

jhawke · May 26, 2011

Thank you for your patience: Srry, i've been really busy with some other stuff and couldn't get back to this. "how is your computer now?" ....Well, it doesn't seem to be re-directing from search engines. the ctl/alt/delete works. but I still can't get windows updates to work here is the message when I try to run the microsoft windows update but I can't find the error number anywhere or a solution from microsoft website, do you have any ideas?:

[Error number: 0x80070424]
The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.

here is the OTM result. It did make me reboot before it let me copy the log.

All processes killed
========== FILES ==========
c:\documents and settings\debbi\application data\Personal Internet Security 2011 folder moved successfully.
c:\documents and settings\all users\application data\6ece77\Quarantine Items folder moved successfully.
c:\documents and settings\all users\application data\6ece77\PISSys folder moved successfully.
c:\documents and settings\all users\application data\6ece77 folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\DisallowRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\\Debugger deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}\ not found.
========== COMMANDS ==========
Restore point Set: OTM Restore Point (0)
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: debbi
->Temp folder emptied: 55931 bytes
->Temporary Internet Files folder emptied: 46240005 bytes
->Java cache emptied: 52322336 bytes
->Flash cache emptied: 24265 bytes

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: J
->Temp folder emptied: 17369 bytes
->Temporary Internet Files folder emptied: 7977757 bytes
->Flash cache emptied: 564 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49554 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 589020 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 392177 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1613 bytes

Total Files Cleaned = 103.00 mb

OTM by OldTimer - Version 3.1.18.0 log created on 05262011_094616

Files moved on Reboot...

Registry entries deleted on Reboot...

Jack&Jill · May 27, 2011

Hello jhawke

,

Thank you for your patience: Srry, i've been really busy with some other stuff and couldn't get back to this.

Not a problem. Just thought to remind you in case notification fails.

Please use your computer for a few days and get back to me if there are any more problems. I will be giving some security recommendations after that. In the meanwhile, please proceed the steps below.

--------------------

I do not see any Antivirus (AV) installed on your machine after we have cleared the corporate version and malware. AV is a very critical part of your system to keep the it safe and clean. Without it, a computer can easily get infected. Please download and install an AV from one of the links below:

Avast
Avira
Microsoft Security Essentials

You should only select one of these three, and keep only one installed.

--------------------

To fix Windows Update, please visit the following Microsoft support page and click on the Fix It button.

How do I reset Windows Update components?

--------------------

Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.

Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 14
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1

Go to the Java SE download page. Click here.
Look for Java SE 6 Update 25. Click the Download JRE button to the right.
Click on Accept License Agreement after reading Oracle Binary Code License Agreement for the Java SE Platform Products.
From a list of files for download, click on the link which says jre-6u25-windows-i586.exe besides Windows x86 Offline and save the file to your desktop.
Close any programs you may have running, especially your web browser.
Then, from your desktop, double click on the download to install the newest version. Reboot your computer.

--------------------

Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.

Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Adobe Reader 9.4.4

Go to the Adobe download page. Click here.
If your OS is not the same as stated, click on Different language or operating system? link.
- Under the Select an operating system title, click on Select an OS... box and choose the OS that you have.
- Change the language if you want by clicking on English below the Select a language title.
- Press Continue.
- Uncheck (untick) Free McAfee Security Scan (optional).
- Click the Download now button after selecting the latest version.
- Allow if prompted and save the file to a convenient location.
- Run the downloaded file to continue with the installation.
If your OS is the same, uncheck (untick) Free McAfee Security Scan (optional).
Click Download to proceed. Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.

--------------------

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click here to go to ESET Online Scanner page.
Click on Run ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
Then, check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Click on Scan to proceed.
When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
Post the contents in your reply.

If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Please post back:
1. any more problems?
2. is the Windows Update problem resolved?
3. the ESET online scan result

Jack&Jill · May 30, 2011

Hello jhawke

,

How is the computer now? Hope you get the chance to use it and please complete all the steps that I have outlined earlier. If you need to be away for a while, please let me know your timing. Basically we are not done yet, so I will keep this topic open for another 3 days. If I do not any response by then, it will be closed.

jhawke · May 31, 2011

Hi Jack&Jill!
Thank you!
The computer seems to be better, although I haven't played on it too much, but I definately don't get sent to other places when searching. But can now use automatic microsoft updates. When I downloaded the adobe reader, it wanted me to download a google toolbar. I have been not downloading tool bars, are they safe? Do I need to download one?

When I downloaded Java, i did receive this error message upon reboot.

#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x00000000, pid=544, tid=2668
#
# JRE version: 6.0_25-b06
# Java VM: Java HotSpot(TM) Client VM (20.0-b11 mixed mode, sharing windows-x86 )
# Problematic frame:
# C 0x00000000
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

--------------- T H R E A D ---------------

Current thread (0x00dbf000): JavaThread "AWT-Windows" daemon [_thread_in_native, id=2668, stack(0x009b0000,0x00ab0000)]

siginfo: ExceptionCode=0xc0000005, reading address 0x00000000

Registers:
EAX=0x00d92018, EBX=0x00000001, ECX=0x00cd66d8, EDX=0x00000004
ESP=0x00aafae0, EBP=0x00aafb0c, ESI=0x00dbf128, EDI=0x00cd66d8
EIP=0x00000000, EFLAGS=0x00010293

Top of Stack: (sp=0x00aafae0)
0x00aafae0: 6d09c720 00aafb74 6d09c1e0 00000000
0x00aafaf0: 00000000 00000001 00dbf128 00aafae4
0x00aafb00: 00aafb90 6d0c0038 00000001 00aafb38
0x00aafb10: 7e418734 00030206 0000981a 00cd66d8
0x00aafb20: 00000000 6d09c1e0 dcbaabcd 00000000
0x00aafb30: 00aafb74 6d09c1e0 00aafba0 7e418816
0x00aafb40: 6d09c1e0 00030206 0000981a 00cd66d8
0x00aafb50: 00000000 00aafc34 00aafc2c 005d7b38

Instructions: (pc=0x00000000)
0xffffffe0:

Register to memory mapping:

EAX=0x00d92018 is an unknown value
EBX=0x00000001 is an unknown value
ECX=0x00cd66d8 is an unknown value
EDX=0x00000004 is an unknown value
ESP=0x00aafae0 is pointing into the stack for thread: 0x00dbf000
EBP=0x00aafb0c is pointing into the stack for thread: 0x00dbf000
ESI=0x00dbf128 is an unknown value
EDI=0x00cd66d8 is an unknown value

Stack: [0x009b0000,0x00ab0000], sp=0x00aafae0, free space=1022k
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.awt.windows.WToolkit.eventLoop()V+0
j sun.awt.windows.WToolkit.run()V+52
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x03ed0400 JavaThread "InvalQueue-com.pogo.ui2.awt.ac[GameHostApplet-BorderedDialog-stdc.game.over.dlog,0,0,425x376,invalid]-GameHostApplet-BorderedDialog-stdc.game.over.dlog" daemon [_thread_blocked, id=1424, stack(0x05370000,0x053c0000)]
0x00d8ec00 JavaThread "Direct Clip" daemon [_thread_blocked, id=1920, stack(0x043c0000,0x04410000)]
0x04121400 JavaThread "Direct Clip" daemon [_thread_blocked, id=3144, stack(0x05e40000,0x05e90000)]
0x0564b400 JavaThread "TickTimer" daemon [_thread_blocked, id=1036, stack(0x04f60000,0x04fb0000)]
0x032c3400 JavaThread "AsynchRasterManager" daemon [_thread_blocked, id=972, stack(0x055a0000,0x055f0000)]
0x03fe7c00 JavaThread "ITimer" daemon [_thread_blocked, id=988, stack(0x05550000,0x055a0000)]
0x0413c400 JavaThread "ScrollBar" daemon [_thread_blocked, id=3008, stack(0x05280000,0x052d0000)]
0x03dc0800 JavaThread "TextField" daemon [_thread_blocked, id=2912, stack(0x05230000,0x05280000)]
0x04018000 JavaThread "ScrollBar" daemon [_thread_blocked, id=2132, stack(0x051e0000,0x05230000)]
0x0341f800 JavaThread "ScrollBar" daemon [_thread_blocked, id=2032, stack(0x05190000,0x051e0000)]
0x03458c00 JavaThread "ScrollBar" daemon [_thread_blocked, id=512, stack(0x05140000,0x05190000)]
0x040a1400 JavaThread "ScrollBar" daemon [_thread_blocked, id=420, stack(0x050f0000,0x05140000)]
0x040a1c00 JavaThread "ScrollBar" daemon [_thread_blocked, id=1144, stack(0x050a0000,0x050f0000)]
0x03278400 JavaThread "TickTimer" daemon [_thread_blocked, id=3432, stack(0x05050000,0x050a0000)]
0x0327d000 JavaThread "ScrollBar" daemon [_thread_blocked, id=2684, stack(0x05000000,0x05050000)]
0x03f53400 JavaThread "BadgeStorage" daemon [_thread_blocked, id=3452, stack(0x04fb0000,0x05000000)]
0x00d5a000 JavaThread "SocketConnection" daemon [_thread_in_native, id=3384, stack(0x04f10000,0x04f60000)]
0x0328a000 JavaThread "Image Animator 3" daemon [_thread_blocked, id=3388, stack(0x044b0000,0x04500000)]
0x0335ac00 JavaThread "Applet-EventThread" daemon [_thread_blocked, id=3652, stack(0x04460000,0x044b0000)]
0x00d92800 JavaThread "Direct Clip" daemon [_thread_blocked, id=1680, stack(0x04a60000,0x04ab0000)]
0x03f2d400 JavaThread "AsynchRasterManager.avatar" daemon [_thread_blocked, id=3764, stack(0x048c0000,0x04910000)]
0x033c3800 JavaThread "Thread-37" daemon [_thread_blocked, id=1428, stack(0x04820000,0x04870000)]
0x03e51800 JavaThread "Thread-36" daemon [_thread_blocked, id=3792, stack(0x047d0000,0x04820000)]
0x03388800 JavaThread "Thread-35" daemon [_thread_blocked, id=3796, stack(0x04780000,0x047d0000)]
0x03d49400 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=3656, stack(0x04730000,0x04780000)]
0x00cda800 JavaThread "D3D Screen Updater" daemon [_thread_blocked, id=3644, stack(0x04320000,0x04370000)]
0x00cda000 JavaThread "thread applet-com.pogo.game.client2.shell.ShellApplet-7" [_thread_blocked, id=2696, stack(0x04230000,0x04280000)]
0x03d97400 JavaThread "thread applet-com.pogo.game.client2.shell.ShellApplet-6" [_thread_blocked, id=2688, stack(0x04190000,0x041e0000)]
0x03356000 JavaThread "thread applet-com.pogo.game.client2.shell.ShellApplet-5" [_thread_blocked, id=1940, stack(0x03cf0000,0x03d40000)]
0x032bd800 JavaThread "thread applet-com.pogo.game.client2.shell.ShellApplet-4" [_thread_blocked, id=3648, stack(0x03b40000,0x03b90000)]
0x00cd5c00 JavaThread "thread applet-com.pogo.game.client2.tumbee2.Tumbee2Applet-3" [_thread_in_native, id=3616, stack(0x03650000,0x036a0000)]
0x00db8000 JavaThread "AWT-EventQueue-4" [_thread_in_native, id=3620, stack(0x042d0000,0x04320000)]
0x03d40800 JavaThread "AWT-Shutdown" [_thread_blocked, id=3624, stack(0x04280000,0x042d0000)]
0x032bd400 JavaThread "Applet 6 LiveConnect Worker Thread" [_thread_blocked, id=3640, stack(0x04140000,0x04190000)]
0x0346f000 JavaThread "Applet 5 LiveConnect Worker Thread" [_thread_blocked, id=3584, stack(0x03c90000,0x03ce0000)]
0x00dbd800 JavaThread "Applet 4 LiveConnect Worker Thread" [_thread_blocked, id=3612, stack(0x03830000,0x03880000)]
0x032cc800 JavaThread "Applet 3 LiveConnect Worker Thread" [_thread_blocked, id=3608, stack(0x035b0000,0x03600000)]
0x032d5400 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=2692, stack(0x03af0000,0x03b40000)]
0x032cb400 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=1164, stack(0x037e0000,0x03830000)]
0x032c8c00 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=2480, stack(0x03790000,0x037e0000)]
0x032a4400 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=1168, stack(0x03740000,0x03790000)]
0x0329c000 JavaThread "SysExecutionTheadCreator" daemon [_thread_blocked, id=2328, stack(0x034c0000,0x03510000)]
0x03298800 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=796, stack(0x036a0000,0x036f0000)]
=>0x00dbf000 JavaThread "AWT-Windows" daemon [_thread_in_native, id=2668, stack(0x009b0000,0x00ab0000)]
0x00d4e800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2564, stack(0x03560000,0x035b0000)]
0x00d7e400 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=2560, stack(0x03510000,0x03560000)]
0x00db8800 JavaThread "Timer-0" [_thread_blocked, id=2352, stack(0x03470000,0x034c0000)]
0x00d47800 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=2592, stack(0x031e0000,0x03230000)]
0x00d33000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=2796, stack(0x00fa0000,0x00ff0000)]
0x00d2ec00 JavaThread "C1 CompilerThread0" daemon [_thread_blocked, id=2808, stack(0x00f50000,0x00fa0000)]
0x00d2b800 JavaThread "Attach Listener" daemon [_thread_blocked, id=2800, stack(0x00f00000,0x00f50000)]
0x00d2a400 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2804, stack(0x00eb0000,0x00f00000)]
0x00d23800 JavaThread "Finalizer" daemon [_thread_blocked, id=2768, stack(0x00e60000,0x00eb0000)]
0x00d22000 JavaThread "Reference Handler" daemon [_thread_blocked, id=2772, stack(0x00e10000,0x00e60000)]
0x008d8000 JavaThread "main" [_thread_blocked, id=2792, stack(0x00960000,0x009b0000)]

Other Threads:
0x00cdc000 VMThread [stack: 0x00dc0000,0x00e10000] [id=2780]
0x00d3e000 WatcherThread [stack: 0x00ff0000,0x01040000] [id=2840]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 39296K, used 23357K [0x2a9e0000, 0x2d480000, 0x2d480000)
eden space 34944K, 64% used [0x2a9e0000, 0x2bfbdb98, 0x2cc00000)
from space 4352K, 22% used [0x2cc00000, 0x2ccf1b78, 0x2d040000)
to space 4352K, 0% used [0x2d040000, 0x2d040000, 0x2d480000)
tenured generation total 87424K, used 60655K [0x2d480000, 0x329e0000, 0x329e0000)
the space 87424K, 69% used [0x2d480000, 0x30fbbd68, 0x30fbbe00, 0x329e0000)
compacting perm gen total 12288K, used 5668K [0x329e0000, 0x335e0000, 0x369e0000)
the space 12288K, 46% used [0x329e0000, 0x32f69028, 0x32f69200, 0x335e0000)
ro space 10240K, 51% used [0x369e0000, 0x36f0dc00, 0x36f0dc00, 0x373e0000)
rw space 12288K, 55% used [0x373e0000, 0x37a7c300, 0x37a7c400, 0x37fe0000)

Code Cache [0x010d0000, 0x01460000, 0x030d0000)
total_blobs=2023 nmethods=1762 adapters=195 free_code_cache=29820736 largest_free_block=256

Dynamic libraries:
0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe
0x7c900000 - 0x7c9b2000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f6000 C:\WINDOWS\system32\kernel32.dll
0x64d00000 - 0x64d34000 C:\Program Files\AVAST Software\Avast\snxhk.dll
0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f03000 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
0x5cb70000 - 0x5cb96000 C:\WINDOWS\system32\ShimEng.dll
0x71590000 - 0x71609000 C:\WINDOWS\AppPatch\AcLayers.DLL
0x7e410000 - 0x7e4a1000 C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f59000 C:\WINDOWS\system32\GDI32.dll
0x7c9c0000 - 0x7d1d7000 C:\WINDOWS\system32\SHELL32.dll
0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
0x774e0000 - 0x7761e000 C:\WINDOWS\system32\ole32.dll
0x769c0000 - 0x76a74000 C:\WINDOWS\system32\USERENV.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x773d0000 - 0x774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll
0x6d7f0000 - 0x6da9f000 C:\Program Files\Java\jre6\bin\client\jvm.dll
0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
0x6d7a0000 - 0x6d7ac000 C:\Program Files\Java\jre6\bin\verify.dll
0x6d320000 - 0x6d33f000 C:\Program Files\Java\jre6\bin\java.dll
0x6d000000 - 0x6d14b000 C:\Program Files\Java\jre6\bin\awt.dll
0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.dll
0x5ad70000 - 0x5ada8000 C:\WINDOWS\SYSTEM32\uxtheme.dll
0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\PSAPI.DLL
0x4fdd0000 - 0x4ff76000 C:\WINDOWS\system32\d3d9.dll
0x00b20000 - 0x00b26000 C:\WINDOWS\system32\d3d8thk.dll
0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
0x6d7e0000 - 0x6d7ef000 C:\Program Files\Java\jre6\bin\zip.dll
0x6d420000 - 0x6d426000 C:\Program Files\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000 C:\Program Files\Java\jre6\bin\deploy.dll
0x77a80000 - 0x77b15000 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
0x77120000 - 0x771ab000 C:\WINDOWS\system32\OLEAUT32.dll
0x3d930000 - 0x3da16000 C:\WINDOWS\system32\WININET.dll
0x01040000 - 0x01049000 C:\WINDOWS\system32\Normaliz.dll
0x78130000 - 0x78263000 C:\WINDOWS\system32\urlmon.dll
0x3dfd0000 - 0x3e1b9000 C:\WINDOWS\system32\iertutil.dll
0x6d6a0000 - 0x6d6e6000 C:\Program Files\Java\jre6\bin\regutils.dll
0x6d600000 - 0x6d613000 C:\Program Files\Java\jre6\bin\net.dll
0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
0x6d620000 - 0x6d629000 C:\Program Files\Java\jre6\bin\nio.dll
0x6d230000 - 0x6d27f000 C:\Program Files\Java\jre6\bin\fontmanager.dll
0x71a50000 - 0x71a8f000 C:\WINDOWS\System32\mswsock.dll
0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
0x76d60000 - 0x76d79000 C:\WINDOWS\system32\iphlpapi.dll
0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll
0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
0x5b860000 - 0x5b8b5000 C:\WINDOWS\system32\netapi32.dll
0x6d790000 - 0x6d79f000 C:\Program Files\Java\jre6\bin\unpack.dll
0x6d510000 - 0x6d534000 C:\Program Files\Java\jre6\bin\jsound.dll
0x6d540000 - 0x6d548000 C:\Program Files\Java\jre6\bin\jsoundds.dll
0x73f10000 - 0x73f6c000 C:\WINDOWS\system32\DSOUND.dll
0x76c30000 - 0x76c5e000 C:\WINDOWS\system32\WINTRUST.dll
0x76c90000 - 0x76cb8000 C:\WINDOWS\system32\IMAGEHLP.dll
0x72d20000 - 0x72d29000 C:\WINDOWS\system32\wdmaud.drv
0x72d10000 - 0x72d18000 C:\WINDOWS\system32\msacm32.drv
0x77be0000 - 0x77bf5000 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 - 0x77bd7000 C:\WINDOWS\system32\midimap.dll
0x73ee0000 - 0x73ee4000 C:\WINDOWS\system32\KsUser.dll
0x6d1a0000 - 0x6d1c3000 C:\Program Files\Java\jre6\bin\dcpr.dll
0x6d440000 - 0x6d465000 C:\Program Files\Java\jre6\bin\jpeg.dll

VM Arguments:
jvm_args: -D__jvm_launched=461766507 -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar -Dsun.awt.warmup=true -Xmx128m
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid408_pipe3,read_pipe_name=jpi2_pid408_pipe2
Launcher Type: SUN_STANDARD

Environment Variables:
PATH=C:\PROGRAM FILES\COMMON FILES\PERVASIVE SOFTWARE SHARED\PVSWCORE;C:\PVSW\\BIN;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM\;
USERNAME=debbi
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel

--------------- S Y S T E M ---------------

OS: Windows XP Build 2600 Service Pack 3

CPU:total 2 (1 cores per cpu, 2 threads per core) family 15 model 6 stepping 5, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ht

Memory: 4k page, physical 1537948k(817492k free), swap 2122272k(1523472k free)

vm_info: Java HotSpot(TM) Client VM (20.0-b11) for windows-x86 JRE (1.6.0_25-b06), built on Apr 14 2011 01:04:32 by "java_re" with MS VC++ 7.1 (VS2003)

time: Mon May 30 16:06:50 2011
elapsed time: 425 seconds

Here is the ESET log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5edb3353b452e248bcc21caea756e552
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-31 12:22:00
# local_time=2011-05-30 05:22:00 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=49157
# found=88
# cleaned=0
# scan_time=1950
C:\Documents and Settings\All Users\Application Data\Fighters\SLOW-PCfighter\InstallCache\{C3F5F5A2-6DC3-43D1-9811-B9713A0C67E6}\SLOW-PCfighter.msi a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172823.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172828.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172829.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172830.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172831.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172832.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172833.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172834.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172835.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172836.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172837.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183727.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183730.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183731.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183732.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183733.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183734.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183735.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183737.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183738.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183755.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183756.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183757.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183758.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183759.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183800.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183801.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193203.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193208.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193209.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193210.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193211.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193212.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193220.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193221.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193222.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193245.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193246.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193247.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193248.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193249.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193250.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193251.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193313.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193316.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193317.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193318.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193319.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193320.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193321.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193335.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211411.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211438.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211440.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211441.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211443.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211444.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211447.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211448.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211450.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211451.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211509.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211511.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211515.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211517.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180806.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180809.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180810.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180811.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180812.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180813.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180826.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180829.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180830.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180831.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180832.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180833.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213435.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213439.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213440.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213441.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213442.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213443.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213444.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213445.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\05262011_094616\c_documents and settings\all users\application data\6ece77\886.mof Win32/RogueAV.A trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\05262011_094616\C_WINDOWS\System32\drivers\etc\hosts Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I

Jack&Jill · May 31, 2011

Hello jhawke

,

When I downloaded the adobe reader, it wanted me to download a google toolbar.

I would skip the toolbar and install the latest Adobe Reader.

There are signs of a few toolbars with debatable status on your computer that I would remove or uninstall:
MediaBar
Simppull Toolbar
Rubar-Toolbar

--------------------

Websites in the Trusted Zone allow for lower security settings for the browser. We may add websites that we know are safe into it, but there are risks of these websites getting hacked or exploited.

As those sites would still work without being in the Trusted Zone, better that we prevent against this risk.

Clear Trusted Zones for Internet Explorer

Open Internet Explorer.
Go to the pull down menu and click on Tools > Internet Options.
An options window will appear. Select the Security tab.
Click on Trusted Sites, represented by the tick icon.
Click the Sites button and remove all the websites listed.
Close the window and click OK to exit the options window.

--------------------

Please backup the registry with ERUNT again.

Rerun OTM

Double click OTM.exe to run it.

Copy and paste the following text into the white box under Paste Instructions for Items to be Moved:

Code:

:files
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172823.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172828.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172829.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172830.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172831.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172832.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172833.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172834.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172835.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172836.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172837.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183727.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183730.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183731.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183732.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183733.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183734.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183735.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183737.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183738.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183755.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183756.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183757.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183758.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183759.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183800.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183801.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193203.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193208.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193209.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193210.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193211.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193212.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193220.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193221.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193222.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193245.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193246.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193247.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193248.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193249.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193250.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193251.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193313.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193316.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193317.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193318.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193319.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193320.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193321.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193335.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211411.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211438.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211440.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211441.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211443.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211444.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211447.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211448.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211450.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211451.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211509.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211511.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211515.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211517.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180806.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180809.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180810.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180811.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180812.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180813.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180826.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180829.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180830.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180831.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180832.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180833.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213435.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213439.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213440.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213441.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213442.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213443.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213444.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213445.backup

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00134F72-5284-44F7-95A8-52A619F70751}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{08D75BB0-D2B5-11D1-88FC-0080C859833B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{08D75BC1-D2B5-11D1-88FC-0080C859833B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5EFE8CB1-D095-11D1-88FC-0080C859833B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search]

:commands
[CREATERESTOREPOINT]
[emptytemp]

Click the red MoveIt! button.
Copy everything in the Results window (under the green bar) and paste it in your next reply.
The results can also be found in C:\_OTM\MovedFiles folder, the log file being named MMDDYYYY_HHMMSS.log, where MMDDYYYY_HHMMSS represent the date and time the fix was performed.

--------------------

For the Java issue, it is the first time I come across such an occurence. From the looks of it, there seems to be some conflict or something similar that caused this error.

Please rerun DDS and post back the logs to see if I can get some hints there. It may be beyond my scope and expertise, but I will take a look first. Then, I could point you to some techs who may be able to help.

--------------------

Please post back:
1. OTM log
2. fresh DDS logs

jhawke · Jun 1, 2011

Hi there!

you said: There are signs of a few toolbars with debatable status on your computer that I would remove or uninstall:
MediaBar
Simppull Toolbar
Rubar-ToolbarI finally was able to delete the folder simppull when I was in safe-mode. The other two toolbars I couldn't find to remove. They do not show up on add/remove programs. Any Ideas?:red:

Cleared the trusted sites

Here is the OTM Log

All processes killed
========== FILES ==========
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172823.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172828.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172829.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172830.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172831.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172832.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172833.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172834.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172835.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172836.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172837.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183727.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183730.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183731.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183732.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183733.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183734.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183735.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183737.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183738.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183755.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183756.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183757.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183758.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183759.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183800.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183801.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193203.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193208.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193209.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193210.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193211.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193212.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193220.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193221.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193222.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193245.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193246.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193247.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193248.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193249.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193250.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193251.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193313.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193316.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193317.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193318.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193319.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193320.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193321.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193335.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211411.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211438.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211440.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211441.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211443.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211444.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211447.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211448.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211450.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211451.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211509.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211511.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211515.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211517.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180806.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180809.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180810.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180811.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180812.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180813.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180826.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180829.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180830.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180831.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180832.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180833.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213435.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213439.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213440.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213441.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213442.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213443.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213444.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213445.backup moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00134F72-5284-44F7-95A8-52A619F70751}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00134F72-5284-44F7-95A8-52A619F70751}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{08D75BB0-D2B5-11D1-88FC-0080C859833B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08D75BB0-D2B5-11D1-88FC-0080C859833B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{08D75BC1-D2B5-11D1-88FC-0080C859833B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08D75BC1-D2B5-11D1-88FC-0080C859833B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5EFE8CB1-D095-11D1-88FC-0080C859833B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EFE8CB1-D095-11D1-88FC-0080C859833B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: debbi
->Temp folder emptied: 1314423 bytes
->Temporary Internet Files folder emptied: 64167948 bytes
->Java cache emptied: 11768145 bytes
->Flash cache emptied: 1140 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: J
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 74.00 mb

OTM by OldTimer - Version 3.1.18.0 log created on 05312011_183510

Files moved on Reboot...

Registry entries deleted on Reboot...

DDS LOG

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by debbi at 18:39:36.10 on Tue 05/31/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1502.1014 [GMT -7:00]
.
AV: Personal Internet Security 2011 *Enabled/Updated* {C5710F20-D491-416C-81BD-384D5383CEFD}
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Personal Internet Security 2011 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\debbi\Desktop\computer fix\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safer-networking.org/en/home/index.html
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {54BA686E-738F-42FE-BADD-D8CB7CFBC07E} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304568629125
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\docume~1\debbi\locals~1\applic~1\skype\shared\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-4-6 3456]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-31 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-31 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-31 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-31 61960]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-30 136176]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2009-12-19 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2009-12-19 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2009-12-19 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2009-12-19 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2009-12-19 118800]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S4 iComment Upgrade Service;iComment Upgrade Service;"c:\program files\icomment 2.1.22\upgradeservice.exe" --> c:\program files\icomment 2.1.22\UpgradeService.exe [?]
.
=============== Created Last 30 ================
.
2011-06-01 01:05:59 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-01 01:05:58 -------- d-----w- c:\program files\Avira
2011-06-01 01:05:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-05-31 19:24:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-05-31 19:24:46 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-05-30 23:31:06 -------- d-----w- c:\program files\ESET
2011-05-30 22:51:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-30 22:51:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-30 22:27:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-05-26 16:46:16 -------- d-----w- C:\_OTM
2011-05-20 21:43:43 -------- d-----w- c:\docume~1\debbi\applic~1\Malwarebytes
2011-05-20 21:43:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 21:43:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-20 21:43:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 21:43:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-16 01:04:44 -------- d-----w- c:\windows\system32\LogFiles
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:40:23.60 ===============

Jack&Jill · Jun 1, 2011

Hello jhawke

,

From your logs, it appears Java installed correctly. Are you still experiencing issues with it?

Please uninstall these programs with debatable status as well:
SearchAssist
URL Assistant

If they are stubborn, please use Revo Uninstalller.

The earlier programs that you said you have already uninstalled could also be removed with Revo Uninstaller:
Sage BusinessWorks
Sage Components

--------------------

Please download ComboFix from one of the links below and save it to your desktop.

Link 1
Link 2

Do not mouse click on ComboFix while it is running. That may cause it to stall. ComboFix is a powerful tool and must not be used without supervision.

Run ComboFix

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here and here.

Open Notepad. Copy and paste the following text into it:

Code:

SecCenter::
FW: Personal Internet Security 2011 *Enabled* 

Folder::
c:\program files\simppulltoolbar
c:\program files\BearShare Applications

Save it as CFScript.txt at the desktop. Make sure the Save as type: is All Files (*.*).
Go to Start > Run.... Copy and paste the following text into the white box:
Code:
```
"%userprofile%\desktop\ComboFix.exe" "%userprofile%\desktop\CFScript.txt"
```
Click OK. ComboFix will now run a scan on your system.
As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will be asked to install it if it is not present in your computer. Click Yes to proceed.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, click on Yes to continue scanning for malware.
When finished, a log will be produced as C:\ComboFix.txt. Please post this log in your next reply.
If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
Enable back your security softwares as soon as you completed the ComboFix steps.

A detailed step by step tutorial to run ComboFix can be found here if you need help.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use. Do not mouse click on ComboFix while it is running. That may cause it to stall.

--------------------

Please post back:
1. Java status
2. ComboFix log

jhawke · Jun 4, 2011

Hi Jack&Jill

Java: After uninstalling Pervasive(which was part of SageBusiness Works) with Revo Uninstaller, I am not getting the error message log from java.
SearchAssist & URL Assistant uninstalled thru control panel/add-remove programs
I couldn't find Sage BusinessWorks or Sage Components as installed program(s) on Revo Uninstaller, but I did do the clean of the deleted files, so I am hoping that those are now gone. If not. What Am I doing wrong? How do I find them to remove them? I am attaching the DDS log just in case.

Thank you!

Here is the Combofix log:

ComboFix 11-06-03.02 - debbi 06/03/2011 10:00:08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1502.1086 [GMT -7:00]
Running from: c:\documents and settings\debbi\desktop\ComboFix.exe
Command switches used :: c:\documents and settings\debbi\desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\xowfxqmeRqGxcf98viP9pvTDXVkU_.mkv
c:\program files\INSTALL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
.
.
2011-06-03 05:22 . 2011-06-03 05:22 -------- d-----w- c:\documents and settings\debbi\Local Settings\Application Data\VS Revo Group
2011-06-03 05:22 . 2009-12-30 18:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-06-03 04:57 . 2011-06-03 05:22 -------- d-----w- c:\program files\VS Revo Group
2011-06-01 03:52 . 2011-06-01 03:52 -------- d-----w- c:\documents and settings\debbi\Application Data\Avira
2011-06-01 02:11 . 2011-06-01 02:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-06-01 02:08 . 2011-06-01 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish Games
2011-06-01 02:08 . 2011-06-01 02:08 -------- d-----w- c:\program files\bfgclient
2011-06-01 02:08 . 2011-06-01 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2011-06-01 01:19 . 2011-06-01 01:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-06-01 01:05 . 2011-04-02 00:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-01 01:05 . 2011-04-02 00:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-01 01:05 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-06-01 01:05 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-06-01 01:05 . 2011-06-01 01:05 -------- d-----w- c:\program files\Avira
2011-06-01 01:05 . 2011-06-01 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-05-31 19:24 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-05-30 23:31 . 2011-05-30 23:31 -------- d-----w- c:\program files\ESET
2011-05-30 22:59 . 2011-05-30 22:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-05-30 22:51 . 2011-05-30 22:51 -------- d-----w- c:\program files\Common Files\Java
2011-05-30 22:51 . 2011-05-30 22:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-30 22:51 . 2011-05-30 22:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-30 22:27 . 2011-06-01 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-26 16:46 . 2011-05-26 16:46 -------- d-----w- C:\_OTM
2011-05-26 16:43 . 2011-05-26 16:44 -------- d-----w- c:\program files\ERUNT
2011-05-20 21:43 . 2011-05-20 21:43 -------- d-----w- c:\documents and settings\debbi\Application Data\Malwarebytes
2011-05-20 21:43 . 2011-05-20 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-20 21:43 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 21:43 . 2011-05-20 21:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-20 21:43 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-16 01:04 . 2011-05-16 01:04 -------- d-----w- c:\windows\system32\LogFiles
2011-05-05 05:14 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-05-05 03:59 . 2011-05-05 03:59 -------- d-sh--w- c:\documents and settings\J\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 18:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 02:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 22:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-05-01 07:07 843776 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NtmsSvc"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate"=2 (0x2)
"Fax"=2 (0x2)
"YahooAUService"=2 (0x2)
"tmlisten"=2 (0x2)
"Retrogamer_2zService"=2 (0x2)
"OfcPfwSvc"=2 (0x2)
"ntrtscan"=2 (0x2)
"iComment Upgrade Service"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\debbi\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\debbi\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [4/6/2007 8:46 PM 3456]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/31/2011 6:06 PM 136360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/30/2011 4:14 PM 136176]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 12:13 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/18/2009 12:12 PM 174720]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [12/19/2009 3:07 PM 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [12/19/2009 3:07 PM 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [12/19/2009 3:07 PM 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [12/19/2009 3:07 PM 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [12/19/2009 3:07 PM 118800]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/2/2011 10:22 PM 27064]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408]
S4 iComment Upgrade Service;iComment Upgrade Service;"c:\program files\iComment 2.1.22\UpgradeService.exe" --> c:\program files\iComment 2.1.22\UpgradeService.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-30 23:14]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-30 23:14]
.
2011-06-03 c:\windows\Tasks\User_Feed_Synchronization-{2009D32A-3C7D-4CF2-ACF1-8EF740FCBEC3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.safer-networking.org/en/home/index.html
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
BHO-{C4B8BAB4-1667-11DF-A242-BA9455D89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
Toolbar-10 - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-DATAMNGR - c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
MSConfigStartUp-iComment update runner - c:\program files\iComment 2.1.22\UpdateRunner.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-OfficeScanNT Monitor - c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-03 10:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\windows\SYSTEM32\Ati2evxx.dll
.
Completion time: 2011-06-03 10:05:59
ComboFix-quarantined-files.txt 2011-06-03 17:05
.
Pre-Run: 65,461,886,976 bytes free
Post-Run: 65,432,424,448 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 66809CDFCD7A51A6745879EF2BF41E7C

DDS LOG
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by debbi at 17:44:17.09 on Fri 06/03/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1502.995 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\debbi\Desktop\computer fix\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safer-networking.org/en/home/index.html
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304568629125
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\docume~1\debbi\locals~1\applic~1\skype\shared\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-4-6 3456]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-31 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-31 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-31 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-31 61960]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-30 136176]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2009-12-19 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2009-12-19 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2009-12-19 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2009-12-19 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2009-12-19 118800]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-6-2 27064]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S4 iComment Upgrade Service;iComment Upgrade Service;"c:\program files\icomment 2.1.22\upgradeservice.exe" --> c:\program files\icomment 2.1.22\UpgradeService.exe [?]
.
=============== Created Last 30 ================
.
2011-06-03 16:50:11 -------- d-sha-r- C:\cmdcons
2011-06-03 16:45:19 98816 ----a-w- c:\windows\sed.exe
2011-06-03 16:45:19 518144 ----a-w- c:\windows\SWREG.exe
2011-06-03 16:45:19 256512 ----a-w- c:\windows\PEV.exe
2011-06-03 16:45:19 208896 ----a-w- c:\windows\MBR.exe
2011-06-03 05:22:23 -------- d-----w- c:\docume~1\debbi\locals~1\applic~1\VS Revo Group
2011-06-03 05:22:18 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-06-03 04:57:16 -------- d-----w- c:\program files\VS Revo Group
2011-06-01 03:52:19 -------- d-----w- c:\docume~1\debbi\applic~1\Avira
2011-06-01 02:08:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Big Fish Games
2011-06-01 02:08:48 -------- d-----w- c:\program files\bfgclient
2011-06-01 02:08:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2011-06-01 01:05:59 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-01 01:05:58 -------- d-----w- c:\program files\Avira
2011-06-01 01:05:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-05-31 19:24:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-05-31 19:24:46 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-05-30 23:31:06 -------- d-----w- c:\program files\ESET
2011-05-30 22:51:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-30 22:51:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-30 22:27:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-05-26 16:46:16 -------- d-----w- C:\_OTM
2011-05-20 21:43:43 -------- d-----w- c:\docume~1\debbi\applic~1\Malwarebytes
2011-05-20 21:43:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 21:43:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-20 21:43:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 21:43:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-16 01:04:44 -------- d-----w- c:\windows\system32\LogFiles
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 17:44:36.57 ===============

Jack&Jill · Jun 4, 2011

Hello jhawke

,

I couldn't find Sage BusinessWorks or Sage Components as installed program(s) on Revo Uninstaller, but I did do the clean of the deleted files, so I am hoping that those are now gone. If not. What Am I doing wrong? How do I find them to remove them?

Don't worry too much about it. If they are no longer there, most likely they have already been removed.

--------------------

Congratulations, you are All Clear to go. Glad to hear everything is good and running

. If you have any more problems, please let me know.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.

Go to Start > Run.... Copy and paste the following text into the white box:
ComboFix /uninstall
Click OK.
Run OTM by double clicking on OTM.exe. Click on CleanUp, proceed to reboot if prompted.
Delete the RegQuery, Rootkit Unhooker and TDSSKiller files on your desktop.
Delete any logs on the desktop.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates for Windows XP to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Update your Antivirus program regularly, it is a must for constant protection against viruses. Please keep only one AV installed.

3. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.

4. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications. If you install WinPatrol, do not install Spybot in case you are still considering reinstalling it.

5. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts for this purpose.

6. Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.

7. Protect your computer from removable or USB drive infections with Panda USB Vaccine, an effective method to prevent malware from spreading.

8. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

9. Also look up:
Computer Security - a short guide to staying safer online
PC Safety and Security - What Do I Need? By Glaswegian
How to prevent malware: By miekiemoes
So how did I get infected in the first place? By Tony Klein
Microsoft Online Safety

Stay safe.

Jack&Jill · Jun 7, 2011

As your problems appear to have been resolved, this topic is now closed.

We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D!

ie redirects and possible maleware prob.

jhawke

New member

Jack&Jill

Security Expert- Emeritus

jhawke

New member

Jack&Jill

Security Expert- Emeritus

Jack&Jill

Security Expert- Emeritus

jhawke

New member

jhawke

New member

Jack&Jill

Security Expert- Emeritus

Jack&Jill

Security Expert- Emeritus

jhawke

New member

Jack&Jill

Security Expert- Emeritus

jhawke

New member

Jack&Jill

Security Expert- Emeritus

jhawke

New member

Jack&Jill

Security Expert- Emeritus

Jack&Jill

Security Expert- Emeritus