Computer Problems [Archive] - Safer-Networking Forums

sargenthomegrown

2011-05-27, 01:25

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_24
Run by shell at 20:39:09 on 2011-05-25
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1012.246 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Works\WkCalRem.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\shell\dds(1).scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080725
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1411.0\npwinext.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: @c:\program files\msn toolbar\platform\5.0.1411.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1411.0\npwinext.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A33FA729-D155-4B23-842B-2C665ECABDB6} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [CSmileys] "c:\progra~1\crawler\smileys\CSmileysIM.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Bing Bar] "c:\program files\"msn toolbar\platform\5.0.1411.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [CyberDefender Registry Cleaner]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe"
mRun: [UnlockerAssistant] "c:\users\neale\set ups\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RtHDVCpl] "RtHDVCpl.exe"
mRun: [Windows Mobile-based device management] "%windir%\WindowsMobile\wmdcBase.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\users\shell\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\shell\appdata\roaming\micros~1\windows\startm~1\programs\startup\wkcalrem.lnk - c:\program files\microsoft works\WkCalRem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {6FAC4823-815E-4361-836E-46D65ED2550B} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shell\appdata\roaming\mozilla\firefox\profiles\rotpsu2k.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/#
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-8-19 21504]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-7-15 35088]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-7-14 1153368]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-3-18 1957672]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-8-27 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-7-24 36368]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-7-15 1201640]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-7-24 280392]
R3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2011-4-16 23608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-8-27 345432]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-8-27 566872]
S2 ZwankySearch Service;ZwankySearch Service;"c:\programdata\zwankysearch\zwankysearch149.exe" "c:\program files\zwankysearch\zwankysearch.dll" irurovugovu --> c:\programdata\zwankysearch\zwankysearch149.exe [?]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-24 30192]
S3 GSService;GSService;c:\windows\system32\GSService.exe [2011-4-16 745472]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2011-4-16 243712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-26 01:38:52 606738 ------r- c:\users\shell\dds(1).scr
2011-05-26 00:31:41 606738 ------r- c:\users\shell\dds.scr
2011-05-26 00:29:14 791393 ----a-w- c:\users\shell\erunt-setup.exe
2011-05-24 14:40:52 335872 ---ha-w- c:\programdata\31055608.exe
2011-05-24 14:34:47 406016 ---ha-w- c:\programdata\KWIlAQhICeLnJub.exe
2011-05-19 23:11:35 -------- d-----w- c:\users\shell\appdata\local\uTorrent
2011-05-19 22:50:17 711672 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2011-05-19 22:49:26 21976 ----a-w- c:\program files\mozilla firefox\plc4.dll
2011-05-19 22:48:49 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-19 22:48:46 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-19 22:48:42 715736 ----a-w- c:\program files\mozilla firefox\mozcrt19.dll
2011-05-19 22:48:08 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-05-19 22:47:35 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-19 22:47:34 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-19 22:47:34 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-19 22:47:21 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-19 22:47:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-19 22:47:00 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-11 16:50:54 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-27 23:06:31 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 23:06:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
==================== Find3M ====================
.
2011-04-22 18:29:38 12580112 ----a-w- c:\users\shell\Firefox Setup 4.0.exe
2011-04-16 19:12:51 27645760 ----a-w- c:\users\shell\TuneConvert_7.5.1-Setup.exe
2011-04-01 05:43:16 5688 ----a-w- c:\windows\system32\TuneConvertVideo.sys
2011-04-01 05:43:16 14392 ----a-w- c:\windows\system32\TuneConvertVideo.dll
2011-04-01 05:43:10 23608 ----a-w- c:\windows\system32\TuneConvertAudio.sys
2011-04-01 05:43:10 23608 ----a-w- c:\windows\system32\drivers\TuneConvertAudio.sys
2011-03-31 20:55:16 745472 ----a-w- c:\windows\system32\GSService.exe
2011-03-31 19:05:16 243712 ----a-w- c:\windows\system32\snmvtsvc.exe
2011-03-26 21:16:36 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-03-26 21:15:55 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56:25 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56:25 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 20:41:32.16 ===============

I know i apologize i pressed post before i was done and didn't want to post in a second post. But the computer keeps popping up with error messages such as; hard drive failure, disk space full, etc.. Along with those fake anti-virus programs that are viruses themselves. All this is slowing the computer down extremely.

ken545

2011-05-29, 04:16

:snwelcome:

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Ask Toolbar
ZwankySearch Service
Go to Programs and Features in the Control Panel and see if you can uninstall both these programs

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

sargenthomegrown

2011-05-29, 08:22

Thank you for the help. Here's that log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6708

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

5/29/2011 12:19:19 AM
mbam-log-2011-05-29 (00-19-19).txt

Scan type: Quick scan
Objects scanned: 232148
Time elapsed: 28 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 48
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 11
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4CF088BD-BE95-40A5-BE9B-677F8683EDEA} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{305C6CB1-9D31-4489-881D-5A8E2DC3FE14} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E79B1445-DFEA-4BEF-A786-E0C0F33C863B} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Smart-Shopper.IEButtonA.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Smart-Shopper.IEButtonA (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6FAC4823-815E-4361-836E-46D65ED2550B} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Smart-Shopper.IEButton.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Smart-Shopper.IEButton (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{911F251E-34FD-465E-B6CE-DF00FF49A6BE} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Smart-Shopper.HbAx.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Smart-Shopper.HbAx (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{FE4F1649-8909-49C0-87BA-24D65120DB46} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Smart-Shopper.IEButtonB.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Smart-Shopper.IEButtonB (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{022C671F-6CBA-4A03-A8F9-3B3A361B235A} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8AD815FC-607B-419F-8B70-D345A507A54E} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90F62EF7-58D1-4E8E-BB3E-CFB10BA9E47B} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42C7C39F-3128-4A17-BDB7-91C46032B5B9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Smart-Shopper.HbInfoBand (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Smart-Shopper.HbInfoBand.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Smart-Shopper.Smrt-ShprCtrl (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Smart-Shopper.Smrt-ShprCtrl.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ZwankySearch Service (Adware.ZwankySearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\mozilla firefox\extensions\{5f321a53-3f65-45f2-9903-587e3ca15404} (Adware.ZwankySearch) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{5f321a53-3f65-45f2-9903-587e3ca15404}\chrome (Adware.ZwankySearch) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{5f321a53-3f65-45f2-9903-587e3ca15404}\defaults (Adware.ZwankySearch) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{5f321a53-3f65-45f2-9903-587e3ca15404}\defaults\preferences (Adware.ZwankySearch) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\31055608.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully.
c:\programdata\kwilaqhicelnjub.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\Users\brenda\AppData\Local\Temp\0b386a82 (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\Users\brenda\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\brenda\local settings\temporary internet files\Low\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\mvbup.exe (Adware.DoubleD.gen) -> Quarantined and deleted successfully.
c:\Users\brenda\local settings\temporary internet files\Low\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\tdf.dat (Adware.BHO) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{5f321a53-3f65-45f2-9903-587e3ca15404}\chrome.manifest (Adware.ZwankySearch) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{5f321a53-3f65-45f2-9903-587e3ca15404}\install.rdf (Adware.ZwankySearch) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{5f321a53-3f65-45f2-9903-587e3ca15404}\chrome\zwankysearch.jar (Adware.ZwankySearch) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{5f321a53-3f65-45f2-9903-587e3ca15404}\defaults\preferences\prefs.js (Adware.ZwankySearch) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\data.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\exclude.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\matchingdata.zd5 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\pxtmpdata.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\running.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\stfsh.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\FF\chrome\content\AddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\FF\chrome\content\AddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\FF\components\stfffaddon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\simplified textual finder\1.4.0.3500\FF\components\stfffaddon.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper - comapre product prices.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper - compare travel rate.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper help.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\uninstall smartshopper.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.

ken545

2011-05-29, 14:33

:bigthumb:

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

sargenthomegrown

2011-05-29, 23:10

Took it a little while but scans done. Here you go.

ComboFix 11-05-28.01 - shell 05/29/2011 14:28:10.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1012.210 [GMT -5:00]
Running from: c:\users\shell\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Advanced Entry Provider
c:\program files\Advanced Entry Provider\4.4.0.2380\AEPCommon.dll
c:\program files\Advanced Entry Provider\4.4.0.2380\Data\config.md
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome.manifest
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome\AEPAddOn.jar
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome\content\AEPAddOn.js
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome\content\AEPAddOn.xul
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFAddOn.dll
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFAddOn.xpt
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFHelperComponent.js
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\install.rdf
c:\program files\Advanced Entry Provider\4.4.0.2380\unins000.dat
c:\program files\Advanced Entry Provider\4.4.0.2380\unins000.exe
c:\program files\Common Files\Uninstall
c:\program files\Real Search Enhancer
c:\program files\Real Search Enhancer\4.4.0.2520\Data\config.md
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome.manifest
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome\content\RSEAddOn.js
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome\content\RSEAddOn.xul
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome\RSEAddOn.jar
c:\program files\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFAddOn.dll
c:\program files\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFAddOn.xpt
c:\program files\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFHelperComponent.js
c:\program files\Real Search Enhancer\4.4.0.2520\FF\install.rdf
c:\program files\Real Search Enhancer\4.4.0.2520\RSE.dll
c:\program files\Real Search Enhancer\4.4.0.2520\RSECommon.dll
c:\program files\Real Search Enhancer\4.4.0.2520\unins000.dat
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\program files\Targeted Content Wizard
c:\program files\Targeted Content Wizard\1.4.0.3580\data\pxtmpdata.mx
c:\program files\Targeted Content Wizard\1.4.0.3580\data\TP_Config.mx
c:\program files\Targeted Content Wizard\1.4.0.3580\data\TP_Data.mx
c:\program files\Targeted Content Wizard\1.4.0.3580\data\TP_DomainExcludeList.mx
c:\program files\Targeted Content Wizard\1.4.0.3580\data\TP_DomainInterval.mx
c:\program files\Targeted Content Wizard\1.4.0.3580\data\TP_KeywordInterval.mx
c:\program files\Targeted Content Wizard\1.4.0.3580\data\TP_Rstatus.mx
c:\program files\Targeted Content Wizard\1.4.0.3580\FF\chrome.manifest
c:\program files\Targeted Content Wizard\1.4.0.3580\FF\chrome\content\FFAddOn.js
c:\program files\Targeted Content Wizard\1.4.0.3580\FF\chrome\content\FFAddOn.js.bak
c:\program files\Targeted Content Wizard\1.4.0.3580\FF\chrome\content\FFAddOn.xul
c:\program files\Targeted Content Wizard\1.4.0.3580\FF\chrome\content\FFAddOn.xul.bak
c:\program files\Targeted Content Wizard\1.4.0.3580\FF\components\FFHelperComponent.js
c:\program files\Targeted Content Wizard\1.4.0.3580\FF\components\ITCWFFComponent.xpt
c:\program files\Targeted Content Wizard\1.4.0.3580\FF\components\TCWFFAddOn.dll
c:\program files\Targeted Content Wizard\1.4.0.3580\FF\install.rdf
c:\program files\Targeted Content Wizard\1.4.0.3580\unins000.dat
c:\program files\Targeted Content Wizard\1.4.0.3580\unins000.exe
c:\users\shell\dds(1).scr
c:\users\shell\dds.scr
c:\users\shell\erunt-setup.exe
c:\users\shell\Firefox Setup 4.0.exe
c:\users\shell\mbam-setup-1.50.1.1100.exe
c:\users\shell\TuneConvert_7.5.1-Setup.exe
K:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-29 )))))))))))))))))))))))))))))))
.
.
2011-05-29 19:51 . 2011-05-29 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-29 19:51 . 2011-05-29 19:51 -------- d-----w- c:\users\brenda\AppData\Local\temp
2011-05-29 19:51 . 2011-05-29 19:57 -------- d-----w- c:\users\shell\AppData\Local\temp
2011-05-29 19:51 . 2011-05-29 19:51 -------- d-----w- c:\users\wyatt\AppData\Local\temp
2011-05-29 15:08 . 2011-05-29 15:08 -------- d-----w- c:\users\neale\AppData\Roaming\Malwarebytes
2011-05-29 03:28 . 2011-05-29 03:28 -------- d-----w- c:\users\shell\AppData\Roaming\Malwarebytes
2011-05-29 03:28 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 03:28 . 2011-05-29 03:28 -------- d-----w- c:\programdata\Malwarebytes
2011-05-29 03:27 . 2011-05-29 03:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-29 03:27 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-26 00:30 . 2011-05-26 00:30 -------- d-----w- c:\program files\ERUNT
2011-05-25 14:49 . 2011-05-25 15:01 -------- d-----w- c:\users\wyatt\AppData\Local\Adobe
2011-05-25 14:13 . 2011-05-25 14:13 -------- d-----w- c:\users\wyatt\AppData\Roaming\Webroot
2011-05-25 14:13 . 2011-05-25 14:13 -------- d-----w- c:\users\wyatt\AppData\Roaming\Apple Computer
2011-05-25 14:13 . 2011-05-25 14:13 -------- d-----w- c:\users\wyatt\AppData\Local\Apple Computer
2011-05-25 07:35 . 2011-05-25 07:35 -------- d--h--w- c:\programdata\WindowsSearch
2011-05-19 23:11 . 2011-05-19 23:11 -------- d-----w- c:\users\shell\AppData\Local\uTorrent
2011-05-19 22:50 . 2011-05-19 22:50 711672 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-05-19 22:49 . 2011-05-19 22:49 21976 ----a-w- c:\program files\Mozilla Firefox\plc4.dll
2011-05-19 22:48 . 2011-05-19 22:48 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-19 22:48 . 2011-05-19 22:48 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-19 22:48 . 2011-05-19 22:48 715736 ----a-w- c:\program files\Mozilla Firefox\mozcrt19.dll
2011-05-19 22:48 . 2011-05-19 22:48 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-05-19 22:47 . 2011-05-19 22:47 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-19 22:47 . 2011-05-19 22:47 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-19 22:47 . 2011-05-19 22:47 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-19 22:47 . 2011-05-19 22:47 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-19 22:47 . 2011-05-19 22:47 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-19 22:47 . 2011-05-19 22:47 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-11 16:50 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-01 05:43 . 2011-04-16 19:14 5688 ----a-w- c:\windows\system32\TuneConvertVideo.sys
2011-04-01 05:43 . 2011-04-16 19:14 14392 ----a-w- c:\windows\system32\TuneConvertVideo.dll
2011-04-01 05:43 . 2011-04-16 19:14 23608 ----a-w- c:\windows\system32\TuneConvertAudio.sys
2011-04-01 05:43 . 2011-04-16 19:14 23608 ----a-w- c:\windows\system32\drivers\TuneConvertAudio.sys
2011-03-31 20:55 . 2011-04-16 19:15 745472 ----a-w- c:\windows\system32\GSService.exe
2011-03-31 19:05 . 2011-04-16 19:15 243712 ----a-w- c:\windows\system32\snmvtsvc.exe
2011-03-26 21:16 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-03-26 21:15 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-03-10 16:12 . 2011-04-14 07:30 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12 . 2011-04-14 07:30 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00 . 2011-04-14 07:30 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56 . 2011-04-27 23:06 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 14:56 . 2011-04-27 23:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-27 23:06 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-27 23:06 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 14:56 . 2011-04-27 23:06 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 13:01 . 2011-04-27 23:06 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 12:53 . 2011-04-14 07:30 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49 . 2011-04-14 07:30 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-05-19 22:47 . 2011-05-19 22:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2009-06-25 09:53 311808 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-24 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-17 202256]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-05-27 375296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
.
c:\users\shell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-11-28 46432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-5-10 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-24 18:59 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 08:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-07 16:11 323392 ---ha-w- c:\users\brenda\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-03-11 17:44 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18 17920 ---ha-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-02 03:12 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-04-22 06:17 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-04-22 06:17 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
2007-08-27 09:21 1807696 ----a-w- c:\program files\Trend Micro\Internet Security 14\pccguide.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-04-22 06:17 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-05-11 13:26 4452352 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBC_McciTrayApp]
2007-02-28 19:35 1011200 ---ha-w- c:\program files\SBC\update\SST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteRanker]
2009-06-25 09:53 273920 ----a-w- c:\program files\SiteRanker\SiteRankTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-24 18:47 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 21:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3357085294-3780908524-2729905184-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000004
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-08-27 345432]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2007-08-27 923216]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2007-08-27 566872]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-02 30192]
R3 GSService;GSService;c:\windows\system32\GSService.exe [2011-03-31 745472]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2011-03-31 243712]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-11-06 29808]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-07-16 35088]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-21 1957672]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2010-07-15 1201640]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2007-08-27 280392]
S3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2011-04-01 23608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 23:45]
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 23:45]
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3357085294-3780908524-2729905184-1002Core.job
- c:\users\neale\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-03 08:30]
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3357085294-3780908524-2729905184-1002UA.job
- c:\users\neale\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-03 08:30]
.
2011-05-28 c:\windows\Tasks\Norton Security Scan for brenda.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-26 16:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\shell\AppData\Roaming\Mozilla\Firefox\Profiles\rotpsu2k.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/#
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
BHO-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\DVDVideoSoft\tbDVDV.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\DVDVideoSoft\tbDVDV.dll
WebBrowser-{A33FA729-D155-4B23-842B-2C665ECABDB6} - (no file)
WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - c:\program files\DVDVideoSoft\tbDVDV.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKCU-Run-CSmileys - c:\progra~1\Crawler\Smileys\CSmileysIM.exe
HKLM-Run-Bing Bar - c:\program filesmsn toolbar\Platform\5.0.1411.0\mswinext.exe
HKLM-Run-CyberDefender Registry Cleaner - (no file)
HKLM-Run-UnlockerAssistant - c:\users\neale\Set ups\Unlocker\UnlockerAssistant.exe
MSConfigStartUp-Ask and Record FLV Service - c:\users\neale\FLVSrvc.exe
MSConfigStartUp-CSmileys - c:\progra~1\Crawler\Smileys\CSmileysIM.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-ActiveWorlds 5.0 - c:\users\neale\UNWISE.EXE
AddRemove-BitZipper_is1 - c:\program files\BitZipper\unins000.exe
AddRemove-Cheat Engine 5.5_is1 - c:\program files\Cheat Engine\Cheat Engine\unins000.exe
AddRemove-Cheat Engine 5.6.1_is1 - c:\program files\Cheat Engine\unins000.exe
AddRemove-DVDVideoSoft Toolbar - c:\progra~1\DVDVID~1\UNWISE.EXE
AddRemove-Free M4a to MP3 Converter_is1 - c:\users\neale\Free M4a to MP3 Converter\unins000.exe
AddRemove-Free Studio_is1 - c:\program files\DVDVideoSoft\Free Studio\unins000.exe
AddRemove-Free Video to MP3 Converter_is1 - c:\program files\DVDVideoSoft\Free Video to MP3 Converter\unins000.exe
AddRemove-IconWorkshop - c:\users\neale\UnInstall.exe
AddRemove-ImTOO MPEG Encoder Standard - c:\users\neale\MPEG Encoder Standard\Uninstall.exe
AddRemove-My.Freeze.com NetAssistant - c:\program files\My.Freeze.com NetAssistant\settings_uninstall_app.exe
AddRemove-save2pc Light_is1 - c:\program files\1964\save2pc\unins000.exe
AddRemove-SnagIt5 - c:\program files\TechSmith\SnagIt\SIUNINST.EXE
AddRemove-Stagecast Creator 2 - c:\program files\Stagecast\Creator 2\Uninst.isu
AddRemove-Tux Paint_is1 - c:\users\neale\TuxPaint\unins000.exe
AddRemove-WinAce Archiver - c:\program files\WinAce\SXUNINST.EXE
AddRemove-Xvid_is1 - c:\program files\Xvid\unins000.exe
AddRemove-Youtube Downloader HD_is1 - c:\program files\Youtube Downloader HD\unins000.exe
AddRemove-{08234a0d-cf39-4dca-99f0-0c5cb496da81} - c:\program files\Bing Bar Installer\InstallManager.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\users\Public\Downloads\YouTube Downloader\uninstall.exe
AddRemove-{314AD191-596F-40C0-ACED-3AD78C9649F1}_is1 - c:\program files\HooTech WMA MP3 Converter\unins000.exe
AddRemove-{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1 - c:\users\neale\Set ups\Sothink Movie DVD Maker\Sothink Movie DVD Maker\unins000.exe
AddRemove-{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 - c:\program files\Inbox Toolbar\unins000.exe
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe
AddRemove-{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F}_is1 - c:\program files\Crawler\Radio\unins000.exe
AddRemove-{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1 - c:\users\neale\RegistryBooster\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-29 14:57
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\SST-8D41AEEB-0E78-4DC3-9106-667543A5538E.tmp 145912 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,46,c8,16,02,1e,e9,48,b4,53,44,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,46,c8,16,02,1e,e9,48,b4,53,44,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-29 15:05:55
ComboFix-quarantined-files.txt 2011-05-29 20:05
.
Pre-Run: 28,403,691,520 bytes free
Post-Run: 54,604,402,688 bytes free
.
- - End Of File - - 5F55789F07FC3E43CA87A9F0012D4E6B

ken545

2011-05-29, 23:19

BitTorrent DNA

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

I'd like you to read this
http://forums.spybot.info/showthread.php?t=282

Please uninstall the programs listed above (in red) if you would like to proceed

Let me know what you want to do

sargenthomegrown

2011-05-31, 03:51

I do wish to continue. See this isn't my computer. It's my girlfriends mom's computer and she asked me to help. I used ya'll once before for my computer so
knew you could help with her's. I removed bittorrent. but Idk what the DNA is.

ken545

2011-05-31, 04:06

You need to explain to her the dangers of File Sharing, your downloading that file from and unknown source and a good percentage of those files contain malware, its like playing Russian Roulette malwarewise.

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

sargenthomegrown

2011-06-01, 05:05

here it is.

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmartShopper13.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\Program Files\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFAddOn.dll.vir a variant of Win32/Adware.DoubleD.AK application
C:\Qoobox\Quarantine\C\Program Files\Real Search Enhancer\4.4.0.2520\RSE.dll.vir a variant of Win32/Adware.DoubleD.AK application
C:\Qoobox\Quarantine\C\Program Files\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFAddOn.dll.vir a variant of Win32/Adware.DoubleD.AP application
C:\Qoobox\Quarantine\C\Program Files\Targeted Content Wizard\1.4.0.3580\FF\components\TCWFFAddOn.dll.vir a variant of Win32/Adware.DoubleD.AK application
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmartShopper13.zip Win32/Bagle.gen.zip worm
C:\Users\brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2JJ3IWVB\ea434[1].pdf JS/Exploit.Pdfka.OXB.Gen trojan
C:\Users\brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\HandyGamez Toolbar\2.4.0.10440\bin\mvbup.exe a variant of Win32/Adware.DoubleD.AG application
C:\Users\neale\AppData\LocalLow\MyWebSearch\bar\setups\mwsautSp.exe a variant of Win32/Toolbar.MyWebSearch.K application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U7U6SU8\upgrade[3].cab multiple threats
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I2U1B0FY\upgrade[1].cab multiple threats
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S9UUANMN\upgrade[3].cab multiple threats
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUIPRLFG\upgrade[3].cab multiple threats

ken545

2011-06-01, 11:04

Hi,

You need to enable windows to Show all Files and Folders
Instructions for your Operating System HERE (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

C:\Users\neale\AppData\LocalLow\MyWebSearch <--Delete this

Qoobox are backups of what Combofix removed, we will deal with that when were done.

There are a bunch of bad files in Spybots recovery folder, open Spybot and go to Recovery and remove it all.

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

Let me know how things are running now ?

sargenthomegrown

2011-06-03, 02:28

The computer is running faster now. But when I go to log into
her mother's name all her desktop is gone and start menu programs.

ken545

2011-06-03, 03:18

Hi,

We just do malware removal on this forum, what I would like you to do is post here , all us forums work together helping one another, link them to this thread so they can see what we have done
http://forums.whatthetech.com/index.php?showforum=119

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

Safe Surfn
Ken

sargenthomegrown

2011-06-03, 23:41

So does this mean I'm malware free now?

ken545

2011-06-04, 00:12

Hi,

Your logs look fine, depends on how you feel everything is working. As long as your not getting redirects or pop up windows , warnings about your infected , click here for a free scan , I would say your ok

sargenthomegrown

2011-06-04, 01:57

The internet is still running alot slower then normal.
It takes forever for a page to come up

ken545

2011-06-04, 02:01

If your using Internet Explorer, open IE and go to Tools > Internet Options> Advanced Tab> Reset Internet Explorer Setting > Reset. This may take about 30 seconds, ok your way out , close IE and then reopen it and see if it helped (it will set IE back to Company Defaults.)

Do you use Firefox ?

sargenthomegrown

2011-06-04, 02:20

I don't use IE. I only use firefox.

ken545

2011-06-04, 03:30

Not sure what version of FF you use, but you can open FF and go to Tools > Add Ones and disable all add ones and then see how it runs, if all is ok, add the add ones back one at a time , when your web pages open slowly again the last add one is the culprit

sargenthomegrown

2011-06-04, 03:52

I have FF 4.0.1 I believe. I disabled all the
add-ons and it is still running pretty slow.
But then again it could just be their internet
provider I'm not sure.

ken545

2011-06-04, 13:23

Why dont you post here on one of the forums we work very close to, like Safer its free but you will need to register.

http://forums.whatthetech.com/index.php?showforum=123

sargenthomegrown

2011-06-05, 00:14

well I thank you for all your help.
It was much appreciated.

ken545

2011-06-05, 00:59

Your very welcome,

Take care,
Ken :)