My mom's computer was inoperable because of all the malware on it, previously. I just reformatted the hard drive and reinstalled windows vista. I did a full scan on Symantec Endpoint antivirus and came up with like 8 viruses; only 1 thing came up on Spybot S&D, however.

I would just like to make sure that this computer is totally clean before I let my mom use it again :red: Thank you for taking the time to help me in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:16 PM, on 2/21/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Google Update] "C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 4989 bytes

Hi,

* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Tick the box next to YES, I accept the Terms of Use.
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish
Copy and paste report of that run.


Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

ESET report: C:\Windows.old\Program Files\ShoppingReport\Uninst.exe probably a variant of Win32/Adware.Agent application

D.D.S LOG:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Martin at 13:15:40.43 on Sun 02/28/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1917.924 [GMT -6:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Martin\Documents\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Google Update] "c:\users\martin\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-21 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-21 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-11-10 23888]

=============== Created Last 30 ================

2010-02-28 18:38:38 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-28 17:26:01 0 d-----w- c:\program files\ESET
2010-02-22 00:07:49 0 d-----w- c:\program files\Trend Micro
2010-02-21 21:08:31 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-21 21:08:31 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-21 21:05:10 4947968 ----a-w- c:\windows\system32\stacgui.cpl
2010-02-21 21:05:10 1601536 ----a-w- c:\windows\system32\stlang.dll
2010-02-21 21:05:10 102400 ----a-w- c:\windows\system32\stacsv.exe
2010-02-21 21:04:03 595456 ----a-w- c:\windows\system32\stapo.dll
2010-02-21 21:04:03 330240 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-02-21 21:04:03 328704 ----a-w- c:\windows\system32\stcplx.dll
2010-02-21 21:04:02 492544 ----a-w- c:\windows\system32\ctapo32.dll
2010-02-21 21:04:02 45568 ----a-w- c:\windows\system32\ctppld.dll
2010-02-21 21:04:02 299520 ----a-w- c:\windows\system32\stapi32.dll
2010-02-21 21:04:02 146944 ----a-w- c:\windows\system32\st325614.dll
2010-02-21 21:04:02 0 d-----w- c:\program files\SigmaTel
2010-02-21 21:00:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-02-21 21:00:05 0 d-----w- c:\program files\Synaptics
2010-02-21 20:59:09 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2010-02-21 20:59:08 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2010-02-21 20:59:08 193456 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-02-21 20:59:08 163840 ----a-w- c:\windows\system32\SynCOM.dll
2010-02-21 20:59:08 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-02-21 20:59:08 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-02-21 20:53:11 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-02-21 20:51:44 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-02-21 20:51:07 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-21 20:51:07 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-21 20:51:07 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-21 20:47:40 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-02-21 20:47:39 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-02-21 20:47:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-02-21 20:47:26 0 d-----w- c:\programdata\Symantec
2010-02-21 20:47:26 0 d-----w- c:\program files\Symantec
2010-02-21 20:47:26 0 d-----w- c:\program files\common files\Symantec Shared
2010-02-21 20:33:34 45568 ----a-w- c:\windows\system32\drivers\bcm4sbxp.sys
2010-02-21 20:33:32 0 d-----w- c:\program files\Broadcom
2010-02-21 19:51:23 0 d-----w- c:\program files\Cisco
2010-02-21 19:48:46 773882 ----a-w- c:\windows\system32\oem5.inf
2010-02-21 19:47:28 0 d-----w- c:\program files\Dell
2010-02-21 19:42:48 0 d-----w- c:\programdata\SupportSoft
2010-02-21 19:42:15 0 d-----w- c:\program files\Dell Support Center
2010-02-21 19:42:15 0 d-----w- c:\program files\common files\supportsoft
2010-02-21 19:41:27 0 d-----w- c:\programdata\Dell
2010-02-21 19:40:19 0 d-sh--w- c:\windows\Installer
2010-02-21 19:39:46 0 d-----w- C:\Dell Management Packs
2010-02-21 19:36:04 0 d-----w- C:\Vostro Drivers
2010-02-21 19:31:18 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 19:25:49 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2010-02-21 19:21:19 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-02-21 19:21:02 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-02-21 19:20:52 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-02-21 19:20:52 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-02-20 23:59:52 0 d-----w- c:\windows\Panther
2010-02-20 23:59:14 22 ---ha-r- c:\windows\dell_version
2010-02-20 23:59:14 0 d-----w- c:\windows\system32\OEM
2010-02-20 23:51:41 0 d-----w- C:\Windows.old
2010-02-20 21:49:18 8192 --s-a-r- C:\BOOTSECT.BAK

==================== Find3M ====================

2010-02-28 18:37:38 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-02-28 18:37:38 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-28 18:37:35 86016 ----a-w- c:\windows\inf\infstor.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2008-01-21 02:43:47 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:17:19.52 ===============


And I uploaded the zipped "Attach" file, like instructed by the D.D.S. prompt.

Hi,

Delete C:\Windows.old\Program Files\ShoppingReport folder. Otherwise looks good :)

Hi,

Delete C:\Windows.old\Program Files\ShoppingReport folder. Otherwise looks good :)

Is it totally clean and ready to be used now?

Thank you very much for your assistance, much appreciated. :thanks::rockon:

Yes, should be safe to use now :)

thanks again :rockon:

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.