After attempting to install a used webcam that had been given to me using a "fix" i found online, it became clear I had become infected with spyware/adware. My most recent scans with Comodo and MBAM turn up no infected items, but my mouse continues to malfunction, cutting out from time to time. It seemed to be getting better for a while, but now even though it happens less often, when it does cut out it stays that way longer. I have even had it freeze up completely to where I had to shut down and restart to get it working again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:24 PM, on 2/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256978258436
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (GoToMeeting Web Starter) - https://www1.gotomeeting.com/default/applets/g2mdlax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 4011 bytes

I can't get the mbam log to post. Just keeps posting the hijackthis again. Not anything to look at there anyway. Turns up no infected items.

Malwarebytes' Anti-Malware 1.44
Database version: 3680
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/2/2010 3:39:10 PM
mbam-log-2010-02-02 (15-39-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 164818
Time elapsed: 59 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

==

Please download V-Tool, and save to your Desktop.

• Double-click on vtool.zip, and extract the file to your Desktop.
  
• Double-click on vtool.cmd to start.
  
• !! IMPORTANT !!::: At each prompt ("Press any key to continue..."), wait 10 seconds before pressing a key. This tool needs time to process each prompt.
  
• It will finish eventually and launch a log. Do NOT exit the tool. Allow it to finish. (vtool.txt)
  
• Post the contents of it in your next reply.

Cheetah-Anti-Rogue v1.2.15
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 02/02/2010 - Time: 23:20:19 - Arch.: x86


-- Malware tools check --
Trend Micro HijackThis 2.0.2
Malwarebytes' Anti-Malware
SpywareBlaster


-- Known infection --

C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt (Trj.FakeAlert)


Extra message: Detection only.


EOF
V-Tool by DragonMaster Jay


Username: Administrator - Date: 02/02/2010 - Time: 23:23:55 - Number of processors: 1 - Arch.: x86 SF:


((((( Security Software information )))))


((((( System File Verify )))))

c:\windows\system32\cngaudit.dll is missing! (If Vista/7)

((((( System File Enumeration )))))

Volume in drive C has no label.
Volume Serial Number is 5490-EE7C

Directory of C:\WINDOWS\$hf_mig$\KB968389\SP2QFE

netlogon.dll
1 File(s) 408,064 bytes

Directory of C:\WINDOWS\$hf_mig$\KB975467\SP2QFE

netlogon.dll
1 File(s) 408,064 bytes

Directory of C:\WINDOWS\$NtServicePackUninstall$

scecli.dll atapi.sys netlogon.dll eventlog.dll
4 File(s) 738,432 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

scecli.dll atapi.sys netlogon.dll eventlog.dll
4 File(s) 741,120 bytes

Directory of C:\WINDOWS\system32

scecli.dll netlogon.dll eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32\dllcache

beep.sys
1 File(s) 4,224 bytes

Directory of C:\WINDOWS\system32\drivers

atapi.sys beep.sys
2 File(s) 100,736 bytes

Directory of C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386

atapi.sys
1 File(s) 95,360 bytes

Total Files Listed:
17 File(s) 3,140,608 bytes
0 Dir(s) 30,333,689,856 bytes free

-----------------------------

+++ End-of-file +++

I can see you are very busy with a lot of things here, but could someone tell me how to remove this trojan fake alert from my computer? And tell me if there is anything else here I should be concerned about. My mouse has been functioning fine for about the last week. Not sure why, since I haven't done anything.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky.fr and save it to your Desktop.

• Please close all other applications running on your system.
  
• Please double click GetSystemInfo.exe to open it.
  
• Click the Settings button.
  
• Set it to Maximum
  
• IMPORTANT! Then please click Customize - choose Driver / Ports tab and
• Uncheck Scan Ports.
  
• Click Create Report to run it.
  
• It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.
  

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

http://www.getsysteminfo.com/read.php?file=6c0e53f297d9c8ef941ddbc717a0a0e

When I try to copy and paste the url it does the whole log, so I copied it manually. Will that work?

Odd. It did not work.

Try to copy the one from the address bar. (You can re-submit the log, if needed).

I can't get that to work. I threw out the other one and did a new one, but I still can't get the url to copy/paste. It wont give me an option other then "select all" and even that wont work. I'll try enter the url manually again. It only selects the stuff that has zeros, not the stuff that it found.

http://www.getsysteminfo.com/read.php?file=3caefd249246dc7fdf0fe69785a2c746

I think that may have worked. When I clicked on the url after sending the message it brought up the report

Download WhoCrashed from here
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply

--------------------------------------------------------------------------------
Welcome to WhoCrashed Home Edition 2.00
--------------------------------------------------------------------------------

This program checks for drivers which have been crashing your computer.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often though about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, most computers do not show a blue screen unless they are configured to do so. Instead these systems suddenly reboot without any notice.

This program does post-mortem crash dump analysis with the single click of a button.


To obtain technical support visit www.resplendence.com/support

To check if a newer version of this program is available, click here.

Just click the Analyze button for a comprehensible report ...



--------------------------------------------------------------------------------
Home Edition notice
--------------------------------------------------------------------------------

This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition. The professional edition of WhoCrashed also allows analysis of crashdumps on remote drives and computers on the network and offers more detailed analysis.


--------------------------------------------------------------------------------
Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


On Wed 1/13/2010 3:00:39 AM your computer crashed
This was likely caused by the following module: omcamvid.sys
Bugcheck code: 0x1000007E (0xC0000005, 0xEDAC5394, 0xF7AAA818, 0xF7AAA514)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Dump file: C:\WINDOWS\Minidump\Mini011210-05.dmp



On Wed 1/13/2010 2:10:39 AM your computer crashed
This was likely caused by the following module: omcamvid.sys
Bugcheck code: 0x1000007E (0xC0000005, 0xEDC30394, 0xF7AA2818, 0xF7AA2514)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Dump file: C:\WINDOWS\Minidump\Mini011210-04.dmp



On Wed 1/13/2010 2:01:17 AM your computer crashed
This was likely caused by the following module: omcamvid.sys
Bugcheck code: 0x1000007E (0xC0000005, 0xED5F4394, 0xF7AA6818, 0xF7AA6514)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Dump file: C:\WINDOWS\Minidump\Mini011210-03.dmp



On Wed 1/13/2010 1:35:00 AM your computer crashed
This was likely caused by the following module: omcamvid.sys
Bugcheck code: 0x1000007E (0xC0000005, 0xEDA94394, 0xF7AA6818, 0xF7AA6514)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Dump file: C:\WINDOWS\Minidump\Mini011210-02.dmp



On Wed 1/13/2010 1:23:19 AM your computer crashed
This was likely caused by the following module: omcamvid.sys
Bugcheck code: 0x1000007E (0xC0000005, 0xEDB06394, 0xF7A9E818, 0xF7A9E514)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Dump file: C:\WINDOWS\Minidump\Mini011210-01.dmp




--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

5 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.


So it appears these crashes were related to my attempt to install that webcam.

Yes they were.

Let us search for that file, first to make sure it is not referenced in the system.

Please remove any programs associated with the webcam.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
omcamvid.sys


  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

Here it is, for what it's worth. Looks like it didn't find any files.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:49 on 14/02/2010 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "omcamvid.sys"
No files found.

-=End Of File=-

But something is causing my computer to slow down now. Particularly at start up it is taking longer to start. And once it does browsers take longer to open, pages take longer to display, etc...