Slow Browser - sluggish performance

[Hoib]

Hello - I have my friend's laptop here a Toshiba Satellite Pro M15. We've run some routing maintenance to get it to load pages faster (or load pages at all!). I first ran MBAM with manually applied rules.ref. Found 2 trojans and a Fakeware. Removed and reboot. I've run CCleaner, both cleaning and reg adjustments. Found a lot of gunk. I've defragged and also used ATF. Chkdsk runs through without complaint. He uses Symantec Endpoint as his antimalware prog. I believe SEP shut down updates for some reason and that's how I think he got the bad guys in there. I took out 3 toolbar thingies and some leftover software using RevoUninstaller Free. I took the liberty of running scans with OTL and GMER to get a jump on things. Looking for a guide to help me figure out how to get this back to a usable state. Note: When GMER runs it is R-E-A-L sensitive! It doesn't take much for the LT to BSOD while GMER is running or just after it has run. In fact I had to run GMER by setting the StartUp in MSCONFIG to "Diagnostic" mode as I could not get GMER to complete a scan without a BSOD any other way.

MBAM Log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4402

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

8/7/2010 12:26:20 PM

mbam-log-2010-08-07 (12-26-20).txt

Scan type: Full scan (C:\|)

Objects scanned: 163935

Time elapsed: 42 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

OTL logfile created on: 8/7/2010 2:31:14 PM - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Admin\Desktop\The Fix

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 198.00 Mb Available Physical Memory | 39.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.25 Gb Total Space | 27.94 Gb Free Space | 75.00% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 3.73 Gb Total Space | 3.59 Gb Free Space | 96.40% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-OEPSKKFJFV

Current User Name: Admin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/19 03:09:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\The Fix\OTL.exe

PRC - [2009/12/15 18:12:58 | 001,955,184 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe

PRC - [2009/12/15 18:12:56 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe

PRC - [2009/12/15 18:12:52 | 000,574,832 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe

PRC - [2009/12/15 18:12:44 | 001,089,392 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/04 20:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

PRC - [2008/04/04 19:55:38 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

PRC - [2008/04/04 19:55:36 | 002,475,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

PRC - [2008/02/01 02:25:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2008/02/01 02:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2007/08/29 15:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe

PRC - [2003/09/10 05:44:56 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe

PRC - [2003/09/10 05:38:28 | 000,184,320 | ---- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe

PRC - [2003/09/10 05:37:44 | 000,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe

PRC - [2003/09/10 05:36:36 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe

PRC - [2003/01/21 12:10:44 | 000,122,880 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.exe

PRC - [2003/01/21 12:09:20 | 000,069,632 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe

PRC - [2003/01/21 12:06:48 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMEEJME.exe

PRC - [2003/01/17 21:26:50 | 000,458,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

PRC - [2002/11/29 22:09:22 | 000,086,016 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TME3\tmesbs32.exe

PRC - [2002/11/08 15:27:18 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe

PRC - [2002/07/15 17:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2010/07/19 03:09:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\The Fix\OTL.exe

MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2008/04/04 19:58:44 | 000,357,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\sysfer.dll

MOD - [2002/09/12 18:06:12 | 000,053,248 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMEEJMD.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2009/12/15 18:12:56 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)

SRV - [2008/04/04 20:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2008/04/04 19:55:36 | 002,475,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

SRV - [2008/04/04 03:45:18 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)

SRV - [2008/02/01 02:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2008/02/01 02:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2007/08/29 15:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)

SRV - [2007/08/11 21:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

SRV - [2003/09/10 05:37:44 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)

SRV - [2003/09/10 05:36:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)

SRV - [2003/01/21 12:10:44 | 000,122,880 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)

SRV - [2002/11/29 22:09:22 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)

SRV - [2002/11/08 15:27:18 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)

SRV - [2002/07/15 17:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2010/07/15 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100807.004\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/07/15 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100807.004\NAVENG.SYS -- (NAVENG)

DRV - [2010/06/02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)

DRV - [2010/05/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2010/05/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2009/10/27 03:28:50 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWVsp.sys -- (PTUMWVsp)

DRV - [2009/10/27 03:28:44 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWNSP.sys -- (PTUMWNSP)

DRV - [2009/10/27 03:28:38 | 000,115,216 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWNET.sys -- (PTUMWNET)

DRV - [2009/10/27 03:28:32 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWMdm.sys -- (PTUMWMdm)

DRV - [2009/10/27 03:28:26 | 000,012,048 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWFLT.sys -- (PTUMWFLT)

DRV - [2009/10/27 03:28:20 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWCSP.sys -- (PTUMWCSP)

DRV - [2009/10/27 03:28:14 | 000,022,032 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWCDF.sys -- (PTUMWCDF)

DRV - [2009/10/27 03:28:04 | 000,054,544 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWBus.sys -- (PTUMWBus)

DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)

DRV - [2008/12/07 21:46:55 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2008/12/07 17:35:36 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)

DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)

DRV - [2008/04/04 20:01:46 | 000,091,520 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)

DRV - [2008/04/04 19:59:46 | 000,040,832 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)

DRV - [2008/03/21 20:14:24 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2008/03/21 20:14:24 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)

DRV - [2008/03/21 20:14:24 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2008/03/12 16:19:50 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)

DRV - [2008/03/04 15:43:08 | 000,984,832 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

DRV - [2008/02/27 14:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)

DRV - [2008/01/17 19:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2007/10/30 21:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2007/10/30 21:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2007/08/10 12:08:48 | 000,024,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)

DRV - [2007/06/27 11:42:32 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)

DRV - [2007/06/27 11:41:46 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)

DRV - [2006/12/21 12:29:00 | 005,747,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2004/11/01 05:19:00 | 000,163,712 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)

DRV - [2003/12/05 06:50:28 | 000,979,840 | ---- | M] (Intel

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

[Hoib]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

Hi screen - thanks for taking the time to help us out. MBAM installed from a thumb drive as was DDS. I can't trust that this thing will connect to any site past the home page. See additional comments below.

Two logs pasted per your request. I'm in house all day today...

H

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4406

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

8/8/2010 8:06:34 AM

mbam-log-2010-08-08 (08-06-34).txt

Scan type: Quick scan

Objects scanned: 126005

Time elapsed: 8 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Admin at 8:07:29.25 on Sun 08/08/2010

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.132 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\S24EvMon.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\1XConfig.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Citrix\GoToMyPC\g2svc.exe

C:\Program Files\Citrix\GoToMyPC\g2comm.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Citrix\GoToMyPC\g2pre.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Citrix\GoToMyPC\g2tray.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe

C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE

C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE

C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE

C:\WINDOWS\system32\TFNF5.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Documents and Settings\Admin\Desktop\The Fix\dds.EXE

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=EC4A024001CAD9BD0164130E&src_id=11313&camp_id=768&tb_version=2.5.9000.490

uURLSearchHooks: H - No File

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon

mRun: [TMESBS.EXE] c:\program files\toshiba\tme3\TMESBS32.EXE /Client

mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service

mRun: [TMEEJME.EXE] c:\program files\toshiba\tme3\TMEEJME.EXE

mRun: [TFNF5] TFNF5.exe

mRun: [TFncKy] TFncKy.exe /Type 25

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pcheal~1.lnk - c:\program files\toshiba\toshiba management console\TOSHealthLocalS.vbs

uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

uPolicies-system: DisableTaskMgr =

uPolicies-system: NoDispBackgroundPage =

uPolicies-system: NoDispSettingsPage =

uPolicies-system: NoDispAppearancePage =

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228687814891

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228689056052

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

Notify: Sebring - c:\windows\system32\LgNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2008-12-7 5760]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-1 108392]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-1 108392]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-4-4 2234296]

R2 Tmesbs;Tmesbs32;c:\program files\toshiba\tme3\tmesbs32.exe [2008-12-7 86016]

R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2008-12-7 122880]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100807.004\NAVENG.SYS [2010-8-7 85424]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100807.004\NAVEX15.SYS [2010-8-7 1362608]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]

S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2010-6-27 54544]

S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2010-6-27 22032]

S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [2010-6-27 160400]

S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2010-6-27 12048]

S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2010-6-27 160400]

S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2010-6-27 115216]

S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [2010-6-27 160400]

S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2010-6-27 160400]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]

=============== Created Last 30 ================

2010-08-08 11:57:19 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes

2010-08-08 11:57:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-08 11:57:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-08 11:57:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-08 11:57:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-08-07 16:44:43 0 d-----w- c:\program files\What's my computer doing

2010-08-06 22:43:26 0 d-----w- c:\program files\Defraggler

2010-08-06 22:37:29 0 d-----w- c:\program files\CCleaner

2010-08-06 21:54:33 0 d-----w- c:\program files\VS Revo Group

==================== Find3M ====================

2010-05-12 03:27:29 604488 ----a-w- c:\windows\system32\TUProgSt.exe

============= FINISH: 8:08:35.45 ===============

Performance note: IE very sluggish. I was surprised that MBAM was even able to grab an update because it had failed 3 times before yesterday. Endpoint also able to grab it's update in the background. So, I'm sitting here wondering if this is solely an IE7 problem or do we truly have bad guys lurking beneath it. Further description of symptoms: Launch IE7, calls up homepage (Google) with somewhat reasonable speed (though that's not always dependable). Then if we try to go to another page or search item, progress bar limps along and 9 out of 10 times "IE cannot display the page". I've run the Repair facility numerous times always returning with "Everything's Fine". That's IE. I did try to load on Chrome, but the app failed to initialize and I had to uninstall it. Decided to stop there and come here.

Standing by....

H

[screen317]

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.
  

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

• Click Start Scanning.
  
• You should get a notification bar (on top) to install the ActiveX control.
  
• Click on it and select to install the ActiveX.
  
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
  
• Click the Full System Scan button.
  
• It will start to download scanner components and databases. This can take a while.
  
• The main scan will start.
  
• Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  
• The cleaning can take a while, so please be patient.
  
• Then click the Show report button and Copy/Paste what is present under results in your next reply.
  

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Next, please run the PCPitstop Full Tests here. When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

[Hoib]

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.
  

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

• Click Start Scanning.
  
• You should get a notification bar (on top) to install the ActiveX control.
  
• Click on it and select to install the ActiveX.
  
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
  
• Click the Full System Scan button.
  
• It will start to download scanner components and databases. This can take a while.
  
• The main scan will start.
  
• Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  
• The cleaning can take a while, so please be patient.
  
• Then click the Show report button and Copy/Paste what is present under results in your next reply.
  

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Next, please run the PCPitstop Full Tests here. When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

OK, done! There's a lot here. I did everything in sequence. However, I went off to some errands and after a couple of hours or so, I came back and apparently this thing went and did a Windows update. It proposed to install IE8. I allowed it. Hope this wasn't bad ju-ju. I will test this now and wait for your next instruction.

ComboFix 10-08-08.01 - Admin 08/08/2010 17:44:06.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.279 [GMT -4:00]

Running from: c:\hssetups\ComboFix.exe

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Admin\Application Data\alot

c:\windows\system32\gotomon.log

.

((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))

.

2010-08-08 21:17 . 2010-08-08 21:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-08-08 21:01 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-08-08 20:30 . 2010-08-08 20:30 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache

2010-08-08 20:28 . 2010-08-08 20:28 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE

2010-08-08 20:26 . 2010-08-08 20:26 -------- d-sh--w- c:\documents and settings\Admin\IETldCache

2010-08-08 20:17 . 2010-08-08 21:05 -------- d-----w- c:\windows\ie8updates

2010-08-08 20:11 . 2010-08-08 20:16 -------- dc-h--w- c:\windows\ie8

2010-08-08 20:06 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-08-08 20:06 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-08-08 20:06 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-08-08 20:05 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-08-08 11:57 . 2010-08-08 11:57 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes

2010-08-08 11:57 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-08 11:57 . 2010-08-08 11:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-08 11:57 . 2010-08-08 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-08 11:57 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-07 17:04 . 2010-08-08 18:54 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Temp

2010-08-07 17:01 . 2010-08-08 18:59 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Google

2010-08-07 16:44 . 2010-08-07 16:44 -------- d-----w- c:\program files\What's my computer doing

2010-08-06 22:43 . 2010-08-06 22:43 -------- d-----w- c:\program files\Defraggler

2010-08-06 22:37 . 2010-08-06 22:37 -------- d-----w- c:\program files\CCleaner

2010-08-06 21:54 . 2010-08-06 21:54 -------- d-----w- c:\program files\VS Revo Group

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-06 22:04 . 2009-01-06 01:22 -------- d-----w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com

2010-08-06 22:03 . 2009-01-06 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2010-08-06 22:00 . 2009-01-06 03:30 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2010-06-28 00:26 . 2010-06-28 00:26 -------- d-----w- c:\documents and settings\Admin\Application Data\Verizon Wireless

2010-06-28 00:17 . 2010-06-28 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\WEngineLite

2010-06-28 00:17 . 2010-06-28 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless

2010-06-28 00:17 . 2010-06-28 00:17 -------- d-----w- c:\program files\Verizon Wireless

2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\PANTECH

2010-06-27 14:27 . 2010-06-27 14:27 -------- d-----w- c:\documents and settings\Admin\Application Data\InstallShield

2010-06-14 17:03 . 2008-12-07 23:42 78480 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-14 14:31 . 2008-12-07 20:34 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe

2010-06-14 03:06 . 2010-06-14 03:06 -------- d-----w- c:\documents and settings\Admin\Application Data\MSN6

2010-06-14 03:06 . 2010-06-14 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6

2010-06-14 02:38 . 2010-06-14 02:38 -------- d-----w- c:\documents and settings\Admin\Application Data\Office Genuine Advantage

2010-06-02 23:59 . 2007-06-19 22:08 161920 ----a-w- c:\windows\system32\drivers\WpsHelper.sys

2010-05-23 01:12 . 2010-05-23 01:12 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-10689328-n\msvcp71.dll

2010-05-23 01:12 . 2010-05-23 01:12 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-10689328-n\jmc.dll

2010-05-23 01:12 . 2010-05-23 01:12 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-10689328-n\msvcr71.dll

2010-05-23 01:12 . 2010-05-23 01:12 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-602bcb97-n\decora-sse.dll

2010-05-23 01:12 . 2010-05-23 01:12 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-602bcb97-n\decora-d3d.dll

2010-05-12 03:27 . 2009-01-06 03:31 604488 ----a-w- c:\windows\system32\TUProgSt.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-08 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2003-01-21 122880]

"TMESBS.EXE"="c:\program files\TOSHIBA\TME3\TMESBS32.EXE" [2002-11-30 86016]

"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2003-01-21 69632]

"TMEEJME.EXE"="c:\program files\TOSHIBA\TME3\TMEEJME.EXE" [2003-01-21 65536]

"TFNF5"="TFNF5.exe" [2001-08-03 73728]

"TFncKy"="TFncKy.exe" [bU]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-21 7774208]

"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2003-01-18 458752]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

PC Health.lnk - c:\program files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs [2008-12-7 3547]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]

2009-12-15 22:13 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]

2003-09-10 09:47 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk

backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^What's my computer doing.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\What's my computer doing.lnk

backup=c:\windows\pss\What's my computer doing.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]

2001-06-24 01:28 24576 ----a-w- c:\windows\system32\000StTHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]

2003-01-17 15:41 253952 ----a-w- c:\windows\system32\00THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2002-12-25 19:38 159744 ----a-w- c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]

2009-07-31 22:38 283792 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2008-02-01 06:25 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-08-08 18:47 136176 ----atw- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2010-04-29 10:19 1090952 ----a-w- c:\hssetups\MalwarebytesPortable\App\Malwarebytes\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]

2003-09-02 05:28 86016 ----a-w- c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tpwrtray]

2002-12-10 15:49 237568 ----a-w- c:\windows\system32\TPWRTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"nwiz"=nwiz.exe /install

"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=

"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [12/7/2008 6:14 PM 5760]

R2 Tmesbs;Tmesbs32;c:\program files\Toshiba\TME3\tmesbs32.exe [12/7/2008 6:14 PM 86016]

R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [12/7/2008 6:14 PM 122880]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/8/2010 12:16 PM 102448]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 2:55 PM 23888]

S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [6/27/2010 8:12 PM 54544]

S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [6/27/2010 8:12 PM 22032]

S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [6/27/2010 8:12 PM 160400]

S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [6/27/2010 8:12 PM 12048]

S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [6/27/2010 8:12 PM 160400]

S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [6/27/2010 8:12 PM 115216]

S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [6/27/2010 8:12 PM 160400]

S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [6/27/2010 8:12 PM 160400]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408]

.

Contents of the 'Scheduled Tasks' folder

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-920026266-1343024091-1003Core.job

- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-08 18:47]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-920026266-1343024091-1003UA.job

- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-08 18:47]

2010-08-08 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=EC4A024001CAD9BD0164130E&src_id=11313&camp_id=768&tb_version=2.5.9000.490

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

SafeBoot-Symantec Antvirus

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-08 17:49

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1516)

c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

c:\windows\System32\LgNotify.dll

.

Completion time: 2010-08-08 17:52:16

ComboFix-quarantined-files.txt 2010-08-08 21:52

Pre-Run: 30,662,905,856 bytes free

Post-Run: 30,637,830,144 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - D7D1259190D99AB2585D5251FB741917

DDS (Ver_10-03-17.01) - NTFSx86

Run by Admin at 17:53:16.94 on Sun 08/08/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.217 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\S24EvMon.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe

C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

C:\WINDOWS\System32\1XConfig.exe

C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE

C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE

C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE

C:\WINDOWS\system32\TFNF5.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Admin\Desktop\The Fix\dds.EXE

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=EC4A024001CAD9BD0164130E&src_id=11313&camp_id=768&tb_version=2.5.9000.490

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll

uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon

mRun: [TMESBS.EXE] c:\program files\toshiba\tme3\TMESBS32.EXE /Client

mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service

mRun: [TMEEJME.EXE] c:\program files\toshiba\tme3\TMEEJME.EXE

mRun: [TFNF5] TFNF5.exe

mRun: [TFncKy] TFncKy.exe /Type 25

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pcheal~1.lnk - c:\program files\toshiba\toshiba management console\TOSHealthLocalS.vbs

uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228687814891

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228689056052

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

Notify: Sebring - c:\windows\system32\LgNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2008-12-7 5760]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-1 108392]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-1 108392]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-4-4 2234296]

R2 Tmesbs;Tmesbs32;c:\program files\toshiba\tme3\tmesbs32.exe [2008-12-7 86016]

R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2008-12-7 122880]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-8 102448]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100808.003\NAVENG.SYS [2010-8-8 85424]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100808.003\NAVEX15.SYS [2010-8-8 1362608]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]

S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2010-6-27 54544]

S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2010-6-27 22032]

S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [2010-6-27 160400]

S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2010-6-27 12048]

S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2010-6-27 160400]

S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2010-6-27 115216]

S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [2010-6-27 160400]

S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2010-6-27 160400]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]

=============== Created Last 30 ================

2010-08-08 21:43:14 0 d-sha-r- C:\cmdcons

2010-08-08 21:41:56 98816 ----a-w- c:\windows\sed.exe

2010-08-08 21:41:56 77312 ----a-w- c:\windows\MBR.exe

2010-08-08 21:41:56 256512 ----a-w- c:\windows\PEV.exe

2010-08-08 21:41:56 161792 ----a-w- c:\windows\SWREG.exe

2010-08-08 21:01:06 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-08-08 20:30:02 0 d-sh--w- c:\documents and settings\admin\IECompatCache

2010-08-08 20:28:49 0 d-sh--w- c:\documents and settings\admin\PrivacIE

2010-08-08 20:26:23 0 d-sh--w- c:\documents and settings\admin\IETldCache

2010-08-08 20:17:59 0 d-----w- c:\windows\ie8updates

2010-08-08 20:11:44 0 dc-h--w- c:\windows\ie8

2010-08-08 20:06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-08-08 20:06:19 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-08-08 20:06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-08-08 20:05:30 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-08-08 11:57:19 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes

2010-08-08 11:57:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-08 11:57:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-08 11:57:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-08 11:57:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-08-07 16:44:43 0 d-----w- c:\program files\What's my computer doing

2010-08-06 22:43:26 0 d-----w- c:\program files\Defraggler

2010-08-06 22:37:29 0 d-----w- c:\program files\CCleaner

2010-08-06 21:54:33 0 d-----w- c:\program files\VS Revo Group

==================== Find3M ====================

2010-05-12 03:27:29 604488 ----a-w- c:\windows\system32\TUProgSt.exe

============= FINISH: 17:53:30.35 ===============

Online Scanner - Scanning Report - Sunday, August 8, 2010 20:07:23Scanning

Report

Sunday, August 8, 2010 18:03:36 - 20:07:23

Computer name: USER-OEPSKKFJFV

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

7 malware found

TrackingCookie.Atdmt (spyware)

System (Disinfected)

Suspicious:W32/Malware!Gemini (spyware)

System (Disinfected)

TrackingCookie.Doubleclick (spyware)

System (Disinfected)

TrackingCookie.Webtrends (spyware)

System (Disinfected)

TrackingCookie.Mediaplex (spyware)

System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

System (Disinfected)

Suspicious:W32/Malware!Gemini (virus)

C:\PROGRAM FILES\GORDIANKNOT\VSTRIP_GUI.EXE (Not cleaned)

Statistics

Scanned:

Files: 38997

System: 3189

Not scanned: 10

Actions:

Disinfected: 6

Renamed: 0

Deleted: 0

Not cleaned: 1

Submitted: 0

Files not scanned:

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB

C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB

C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\HSPERFDATA_ADMIN\2120

C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\HSPERFDATA_ADMIN\3720

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF

VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI

MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0

TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT

CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

Copyright

[screen317]

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

[Hoib]

Hi "screen" -

LT is really operating well-100% better. We've updated drivers and instructed now the correct way to clean and to ensure Endpoint is fully up to date. Didn't touch the RWIN values - my FIOS is not his DSL! I wish I knew more about rootkits and how to analyze and disinfect.

Nonetheless - Thank you for your help.

Where's the tip jar!?

H

[screen317]

Hoib,

Glad to hear things are running well!

I am an employee of Malwarebytes so I cannot accept your offer. Thank you so much though. I would much rather you purchase the full version of MBAM and have you be protected for (literally) the rest of your life.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
  
• Yellow for caution
  
• Red to stop
  

WOT has an addon available for both Firefox and IE.

6) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!