Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Baseline


  • This topic is locked This topic is locked
24 replies to this topic

#1 milielba

milielba

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 24 November 2009 - 07:06 PM

I have been infected by vundo.gen ab
Here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:25 PM, on 11/24/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.2\THGuard.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [kokadehuy] Rundll32.exe "c:\windows\system32\hizuriki.dll",a
O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZC
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.c...PUploader45.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgre...eensActivia.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: gudasene.dll c:\windows\system32\pehuraba.dll c:\windows\system32\hizuriki.dll
O21 - SSODL: toditizab - {4deb8c89-5f42-4e42-9dc8-858e6f0d431a} - (no file)
O21 - SSODL: mitevuriv - {d63283f1-6b7e-4327-8905-8b95d33855e2} - (no file)
O21 - SSODL: libifafeb - {c18ffeb2-c024-474f-8003-f0d19a8a5f2a} - (no file)
O21 - SSODL: nitahopuz - {c6afd853-2924-4586-b309-df5474881642} - (no file)
O21 - SSODL: fisunevaf - {0ad37cf9-4c49-4829-8d48-b04c9672b4cd} - (no file)
O21 - SSODL: ladugihit - {48ed6674-5e78-4ee0-b0b3-811fe1d0bb94} - c:\windows\system32\hizuriki.dll
O21 - SSODL: pufahayoy - {182ceb49-cad4-4366-96c5-1d37bcafbac9} - c:\windows\system32\pehuraba.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {4deb8c89-5f42-4e42-9dc8-858e6f0d431a} - (no file)
O22 - SharedTaskScheduler: gahurihor - {d63283f1-6b7e-4327-8905-8b95d33855e2} - (no file)
O22 - SharedTaskScheduler: gahurihor - {c18ffeb2-c024-474f-8003-f0d19a8a5f2a} - (no file)
O22 - SharedTaskScheduler: gahurihor - {c6afd853-2924-4586-b309-df5474881642} - (no file)
O22 - SharedTaskScheduler: gahurihor - {0ad37cf9-4c49-4829-8d48-b04c9672b4cd} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {48ed6674-5e78-4ee0-b0b3-811fe1d0bb94} - c:\windows\system32\hizuriki.dll
O22 - SharedTaskScheduler: kupuhivus - {182ceb49-cad4-4366-96c5-1d37bcafbac9} - c:\windows\system32\pehuraba.dll (file missing)
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11535 bytes

    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 24 November 2009 - 07:35 PM

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 milielba

milielba

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 24 November 2009 - 08:51 PM

I have attached the files as zip files. I received an error that the post was too long.

Attached Files



#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 24 November 2009 - 09:00 PM

Hi,

Please do the following:


Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2



**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#5 milielba

milielba

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 24 November 2009 - 10:07 PM

After I ran combofix, I can't access the internet from that computer anymore. I get an error about a registry key that is marked to be deleted.
Here is the combo fix log:

ComboFix 09-11-24.02 - SYSTEM 11/24/2009 21:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.893 [GMT -6:00]
Running from: c:\windows\system32\config\systemprofile\Desktop\Trend Micro\ComboFix.exe
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\$recycle.bin\S-1-5-21-3771958223-2023274512-727475370-1000
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\IE3SH.exe
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWB3SH.dll
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\FunWebProducts
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\3.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\3.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\3.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\3.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\3.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\3.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\3.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\3.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\3.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\3.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\3.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\3.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\3.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\3.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\3.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\3.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
c:\program files\SGPSA
c:\program files\SGPSA\mtwb3sh.dll
c:\windows\010112010146116101.xxe
c:\windows\0101120101464855.xxe
c:\windows\0101120101465050.xxe
c:\windows\0101120101465249.xxe
c:\windows\0101120101465349.xxe
c:\windows\0101120101465649.xxe
c:\windows\bk23567.dat
c:\windows\rdr_1255745779.exe
c:\windows\system32\buhojazi.dll
c:\windows\system32\busirado.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\herutoho.dll
c:\windows\system32\hizuriki.dll
c:\windows\system32\hogumana.dll
c:\windows\system32\huwulita.dll
c:\windows\system32\kozodobe.dll
c:\windows\system32\kuzapiso.dll
c:\windows\system32\meyeyihi.dll
c:\windows\system32\mofomugo.dll
c:\windows\system32\reforola.dll
c:\windows\system32\tilufewa.dll
c:\windows\system32\veyozuli.dll
c:\windows\system32\vonineye.dll
c:\windows\system32\zadoleso.dll
c:\windows\Tasks\aecqldom.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

2009-11-25 03:48 . 2009-11-25 03:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-11-25 03:48 . 2009-11-25 03:48 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2009-11-25 03:48 . 2009-11-25 03:48 -------- d-----w- c:\users\matt\AppData\Local\temp
2009-11-25 03:48 . 2009-11-25 03:48 -------- d-----w- c:\users\Liz\AppData\Local\temp
2009-11-25 03:48 . 2009-11-25 03:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-25 03:48 . 2009-11-25 03:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-11-25 03:30 . 2009-11-25 03:31 49152 d-----w- C:\32788R22FWJFW
2009-11-25 02:39 . 2009-11-25 02:39 4096 d-----w- C:\JustZIPit
2009-11-25 02:39 . 2009-11-25 02:39 386560 ----a-w- c:\windows\System32\config\systemprofile\AppData\Roaming\Free-backup.info\JustZIPit\JustZIPit.exe
2009-11-25 02:39 . 2009-11-25 02:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Free-backup.info
2009-11-25 00:45 . 2009-11-25 00:45 -------- d-----w- c:\program files\Trend Micro
2009-11-24 03:16 . 2009-11-24 03:16 10752 ----a-w- c:\windows\DCEBoot.exe
2009-11-24 00:53 . 2009-11-24 00:53 -------- d-----w- c:\programdata\WindowsSearch
2009-11-23 04:10 . 2009-11-23 03:16 497944 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2009-11-23 04:10 . 2009-11-23 03:16 3963648 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-11-23 04:08 . 2009-11-23 03:16 877848 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2009-11-23 04:08 . 2009-11-23 03:16 1657112 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2009-11-23 03:17 . 2009-11-23 05:35 -------- d-----w- C:\$AVG
2009-11-23 03:17 . 2009-11-23 03:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-23 03:17 . 2009-11-23 03:17 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-23 03:17 . 2009-11-23 03:17 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-23 03:17 . 2009-11-23 03:17 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-23 03:17 . 2009-11-23 03:17 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-23 03:16 . 2009-11-25 00:33 4096 d-----w- c:\windows\system32\drivers\Avg
2009-11-23 03:15 . 2009-11-23 03:15 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-11-23 03:15 . 2009-11-23 03:15 -------- d-----w- c:\program files\AVG
2009-11-23 03:15 . 2009-11-23 03:15 4096 d-----w- c:\programdata\avg9
2009-11-22 19:06 . 2009-11-25 03:28 4096 d-----w- c:\program files\TrojanHunter 5.2
2009-11-22 18:30 . 2009-11-22 18:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\McAfee
2009-11-22 17:54 . 2009-11-22 17:54 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-11-22 15:32 . 2009-11-22 15:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\TrojanHunter
2009-11-22 06:17 . 2009-11-22 06:17 -------- d-----w- c:\program files\CCleaner
2009-11-22 06:11 . 2009-11-22 06:11 4096 d-----w- c:\program files\TrojanHunter 5.0
2009-11-22 05:50 . 2009-11-25 00:30 4096 d-----w- c:\programdata\PCPitstop
2009-11-22 05:50 . 2009-11-22 05:50 -------- d-----w- c:\program files\PCPitstop
2009-11-22 02:59 . 2009-11-04 22:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-22 02:59 . 2009-11-04 22:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-22 02:59 . 2009-11-04 22:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-22 02:59 . 2009-11-04 22:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-22 02:59 . 2009-11-04 22:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-22 02:59 . 2009-07-16 18:32 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-22 02:58 . 2009-11-22 02:59 -------- d-----w- c:\program files\McAfee.com
2009-11-22 02:58 . 2009-11-22 02:59 4096 d-----w- c:\program files\Common Files\McAfee
2009-11-22 02:58 . 2009-11-22 02:58 -------- d-----w- c:\users\TEMP\AppData\Local\Mozilla
2009-11-22 02:58 . 2009-11-25 00:29 4096 d-----w- c:\program files\McAfee
2009-11-22 02:46 . 2009-11-22 20:58 4096 d-----w- c:\programdata\McAfee
2009-11-22 02:38 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-22 02:38 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-22 02:38 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-22 02:38 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-22 02:36 . 2009-08-07 01:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-22 02:36 . 2009-08-07 00:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-22 02:08 . 2009-11-22 02:08 0 ----a-w- c:\windows\nsreg.dat
2009-11-22 02:07 . 2009-11-22 02:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2009-11-11 06:28 . 2009-11-11 06:28 247280 ----a-w- c:\users\TEMP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-10-31 15:51 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-31 15:51 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-31 15:50 . 2009-10-31 15:50 -------- d-----w- c:\program files\iPod
2009-10-31 15:50 . 2009-10-31 15:51 4096 d-----w- c:\program files\iTunes
2009-10-31 15:50 . 2009-10-31 15:51 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-31 15:47 . 2009-10-31 15:48 4096 d-----w- c:\program files\QuickTime
2009-10-29 01:58 . 2009-10-29 01:58 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 06:03 . 2007-04-10 09:04 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-10-31 15:53 . 2008-11-24 01:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2009-10-31 15:50 . 2007-12-25 17:43 -------- d-----w- c:\program files\Common Files\Apple
2009-10-19 02:33 . 2009-10-19 02:33 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ooVoo Details
2009-10-18 14:18 . 2009-10-16 03:04 8240 ----a-w- c:\windows\fs1235.dat
2009-10-17 13:02 . 2007-10-07 06:48 58896 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-16 20:20 . 2009-10-15 22:03 29 ----a-w- c:\windows\bk20856.dat
2009-10-15 12:01 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-15 11:54 . 2007-10-06 20:20 8192 d-----w- c:\programdata\Microsoft Help
2009-10-11 00:36 . 2009-10-11 00:28 -------- d-----w- c:\program files\PlaySushi
2009-09-30 01:34 . 2007-11-25 15:41 58896 ----a-w- c:\users\matt\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-20 04:39 . 2008-10-29 17:27 58896 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-14 09:44 . 2009-10-14 21:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-12 13:00 . 2008-11-11 00:48 58896 ----a-w- c:\users\TEMP\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-10 17:30 . 2009-10-14 21:32 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 12:24 . 2009-10-14 21:29 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 10:55 . 2009-08-22 12:31 8192 ----a-w- c:\users\Public\mtwb.dat
2009-08-31 13:55 . 2009-10-14 21:31 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-08-31 13:55 . 2009-10-14 21:31 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-08-29 00:42 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 12:39 . 2009-09-02 23:53 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-02 23:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22 . 2009-10-14 21:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 21:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-14 21:31 71680 ----a-w- c:\windows\system32\iesetup.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update"="c:\users\Default\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"AcerOrbicamRibbon"="c:\program files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-29 754712]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-29 244512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-23 2020120]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2008-11-10 2057216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Liz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3771958223-2023274512-727475370-1002]
"EnableNotificationsRef"=dword:00000001

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [11/22/2009 9:17 PM 161800]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [11/22/2009 9:15 PM 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [11/22/2009 9:17 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [11/22/2009 9:17 PM 360584]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [4/10/2007 4:11 AM 50688]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/22/2009 9:16 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [11/22/2009 9:16 PM 2304192]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [11/21/2009 11:50 PM 90352]
R2 X4HSX32Ex;X4HSX32Ex;c:\program files\Free Ride Games\X4HSX32Ex.sys [12/19/2008 10:02 PM 29856]
.
Contents of the 'Scheduled Tasks' folder

2009-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3771958223-2023274512-727475370-1002Core.job
- c:\users\Default\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-02 02:54]

2009-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3771958223-2023274512-727475370-1002UA.job
- c:\users\Default\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-02 02:54]

2009-11-22 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-22 18:22]

2009-11-22 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-22 18:22]

2009-11-25 c:\windows\Tasks\User_Feed_Synchronization-{63A03D36-4E5F-4208-A186-418FA1F8141A}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]

2009-11-25 c:\windows\Tasks\User_Feed_Synchronization-{E63C9BD3-FBDC-4D57-B6E9-3C60F118C076}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://en.us.acer.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://edits.mywebse...arch.jhtml?p=ZC
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
FF - ProfilePath - c:\windows\System32\config\SYSTEM~1\AppData\Roaming\Mozilla\Firefox\Profiles\pf0onznw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: browser.startup.homepage - hxxp://search.notepad.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Free Ride Games\npExentCtl.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Default\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\TEMP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe
HKLM-Run-kokadehuy - c:\windows\system32\hizuriki.dll
HKLM-Run-eRecoveryService - (no file)
SharedTaskScheduler-{4deb8c89-5f42-4e42-9dc8-858e6f0d431a} - (no file)
SharedTaskScheduler-{d63283f1-6b7e-4327-8905-8b95d33855e2} - (no file)
SharedTaskScheduler-{c18ffeb2-c024-474f-8003-f0d19a8a5f2a} - (no file)
SharedTaskScheduler-{c6afd853-2924-4586-b309-df5474881642} - (no file)
SharedTaskScheduler-{0ad37cf9-4c49-4829-8d48-b04c9672b4cd} - (no file)
SharedTaskScheduler-{48ed6674-5e78-4ee0-b0b3-811fe1d0bb94} - c:\windows\system32\hizuriki.dll
SharedTaskScheduler-{182ceb49-cad4-4366-96c5-1d37bcafbac9} - c:\windows\system32\pehuraba.dll
SSODL-toditizab-{4deb8c89-5f42-4e42-9dc8-858e6f0d431a} - (no file)
SSODL-mitevuriv-{d63283f1-6b7e-4327-8905-8b95d33855e2} - (no file)
SSODL-libifafeb-{c18ffeb2-c024-474f-8003-f0d19a8a5f2a} - (no file)
SSODL-nitahopuz-{c6afd853-2924-4586-b309-df5474881642} - (no file)
SSODL-fisunevaf-{0ad37cf9-4c49-4829-8d48-b04c9672b4cd} - (no file)
SSODL-ladugihit-{48ed6674-5e78-4ee0-b0b3-811fe1d0bb94} - c:\windows\system32\hizuriki.dll
SSODL-pufahayoy-{182ceb49-cad4-4366-96c5-1d37bcafbac9} - c:\windows\system32\pehuraba.dll
AddRemove-AcerOrbiCamDrv - c:\program files\Common Files\Acer\OrbiCam\BIN\SETUP.EXE UNINSTALL REMOVEPROMPT
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
AddRemove-GridVista - c:\windows\UnInst32.exe GridV.UNI
AddRemove-LManager - c:\windows\UnInst32.exe LManager.UNI
AddRemove-Monopoly - c:\program files\Yahoo! Games\Monopoly\Uninstall.exe {6517CFDF-B7A4-77B6-2371-C76608D3C976}



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-24 21:53
ComboFix-quarantined-files.txt 2009-11-25 03:53

Pre-Run: 31,394,951,168 bytes free
Post-Run: 31,395,368,960 bytes free

- - End Of File - - 546382BAB2FBFCC4D8A3535122FC7370

#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 24 November 2009 - 10:19 PM

Hi, while I'm analyzing your log, reboot a couple of times, that will get rid of the message and may restore your internet connection, if it doesn't try this:

if your network icon appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair.

Posted Image

If you have no task bar icon do this:

  • Click on the Start button.
  • Click on the Settings menu option.
  • Click on the Control Panel option.
  • When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
  • You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
  • click on the Repair menu option.

Posted Image

Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#7 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 24 November 2009 - 10:38 PM

Hi,

Your log is showing you have both AVG and McAfee installed. Having two AV's causes system slowdowns, conflicts and crashes. Please let me know which one you want to keep, they both have removal tools to assist in removing all traces of them.


NEXT

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://forums.whatthetech.com/Baseline_t108490.html&view=findpost&p=613221#entry613221

Collect::
c:\windows\fs1235.dat
c:\windows\bk20856.dat
c:\users\Public\mtwb.dat

DDS::
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZC
Trusted Zone: internet

DirLook::
c:\windows\system32\%APPDATA%

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.



Also, please include how your computer is running now and if there are any outstanding issues and if you have your connection back.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#8 milielba

milielba

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 24 November 2009 - 10:53 PM

I restarted and got my internet back but then the automatic updates started installing service pack 2. So I will not be able to run the scan tonight because 5:30 am comes quickly. I will post results after work tomorrow. And I will remove AVG and keep McAfee.

#9 milielba

milielba

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 25 November 2009 - 07:41 PM

I added the script like you said and the computer sets an error code about some plug and play setting and the computer will restart. Is that normal??

#10 milielba

milielba

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 25 November 2009 - 08:15 PM

It worked so I attached the log, very long.

Attached Files


    Advertisements

Register to Remove


#11 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 25 November 2009 - 08:51 PM

Good,

run the AVG removal tool, make sure all of it is gone:

http://www.avg.com/f.../avgremover.exe


NEXT

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

**Vista users - right click on the IE icon and run as administrator

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


In your next reply please include
  • MBAM Log
  • Kaspersky report

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#12 milielba

milielba

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 26 November 2009 - 06:53 AM

MBAM is first: Malwarebytes' Anti-Malware 1.41 Database version: 3235 Windows 6.0.6002 Service Pack 2 11/25/2009 10:47:18 PM mbam-log-2009-11-25 (22-47-18).txt Scan type: Quick Scan Objects scanned: 89878 Time elapsed: 11 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 58 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. Now the kaspersky: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Thursday, November 26, 2009 Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, November 26, 2009 04:43:02 Records in database: 3292281 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 168865 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 02:49:08 No threats found. Scanned area is clean. Selected area has been scanned.

#13 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 26 November 2009 - 08:55 AM

Please post a fresh DDS and Attach.txt and advise how your computer is running now and if there are any outstanding issues

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#14 milielba

milielba

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 26 November 2009 - 11:01 AM

Here is the DDS: DDS (Ver_09-11-24.02) - NTFSx86 Run by SYSTEM at 10:55:34.77 on Thu 11/26/2009 Internet Explorer: 8.0.6001.18828 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1078 [GMT -6:00] SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Acer\ALaunch\ALaunchSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Acer\Empowering Technology\eNet\eNet Service.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\PCPitstop\PCPitstopScheduleService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe C:\Acer\Empowering Technology\ePower\ePowerSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\DllHost.exe C:\Windows\system32\config\systemprofile\Desktop\Trend Micro\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://en.us.acer.yahoo.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [AcerOrbicamRibbon] "c:\program files\acer\orbicam10\OrbiCam.exe" /hide mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe" mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe" mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe /runonstartup" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: internet Trusted Zone: mcafee.com DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\windows\system32\config\system~1\appdata\roaming\mozilla\firefox\profiles\pf0onznw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\progra~1\sonyon~1\npsoe.dll FF - plugin: c:\program files\free ride games\npExentCtl.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-4-10 50688] R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-11-21 90352] R2 X4HSX32Ex;X4HSX32Ex;c:\program files\free ride games\X4HSX32Ex.sys [2008-12-19 29856] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-24 21504] =============== Created Last 30 ================ 2009-11-26 04:44:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-26 04:32:21 0 d-----w- c:\windows\system32\config\system~1\appdata\roaming\Malwarebytes 2009-11-26 04:32:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-26 04:32:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-26 04:32:08 0 d-----w- c:\programdata\Malwarebytes 2009-11-26 04:32:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-25 12:12:55 0 d-----w- c:\program files\Windows Portable Devices 2009-11-25 12:12:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-11-25 12:12:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-25 12:11:04 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-11-25 12:11:04 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-11-25 12:11:04 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-11-25 12:09:16 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-11-25 12:09:16 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-11-25 12:09:16 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-11-25 05:03:42 0 d-----w- c:\windows\system32\eu-ES 2009-11-25 05:03:42 0 d-----w- c:\windows\system32\ca-ES 2009-11-25 05:03:36 0 d-----w- c:\windows\system32\vi-VN 2009-11-25 05:01:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-11-25 04:45:09 0 d-----w- c:\windows\system32\EventProviders 2009-11-25 04:28:03 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 03:57:19 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2009-11-25 03:57:05 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-11-25 03:57:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-11-25 03:56:37 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-25 03:56:37 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-25 03:56:30 714240 ----a-w- c:\windows\system32\timedate.cpl 2009-11-25 03:35:54 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-25 03:35:04 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-25 03:04:08 98816 ----a-w- c:\windows\sed.exe 2009-11-25 03:04:08 77312 ----a-w- c:\windows\MBR.exe 2009-11-25 03:04:08 260608 ----a-w- c:\windows\PEV.exe 2009-11-25 03:04:08 161792 ----a-w- c:\windows\SWREG.exe 2009-11-25 02:39:27 1401 ----a-w- C:\JustZIPit.lnk 2009-11-25 02:39:27 0 d-----w- c:\windows\system32\config\system~1\appdata\roaming\Free-backup.info 2009-11-25 02:39:27 0 d-----w- C:\JustZIPit 2009-11-25 00:45:06 0 d-----w- c:\program files\Trend Micro 2009-11-24 03:16:36 10752 ----a-w- c:\windows\DCEBoot.exe 2009-11-24 00:53:10 0 d-----w- c:\programdata\WindowsSearch 2009-11-23 03:15:41 0 d-----w- c:\program files\AVG 2009-11-23 03:15:25 0 d-----w- c:\programdata\avg9 2009-11-22 19:06:12 0 d-----w- c:\program files\TrojanHunter 5.2 2009-11-22 18:30:27 0 d-----w- c:\windows\system32\config\system~1\appdata\roaming\McAfee 2009-11-22 17:54:08 0 d-sh--w- c:\windows\system32\%APPDATA% 2009-11-22 15:32:57 0 d-----w- c:\windows\system32\config\system~1\appdata\roaming\TrojanHunter 2009-11-22 06:17:05 0 d-----w- c:\program files\CCleaner 2009-11-22 06:11:22 0 d-----w- c:\program files\TrojanHunter 5.0 2009-11-22 05:50:59 0 d-----w- c:\programdata\PCPitstop 2009-11-22 05:50:58 0 d-----w- c:\program files\PCPitstop 2009-11-22 03:02:17 10895 ----a-w- c:\windows\system32\Config.MPF 2009-11-22 02:59:51 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-11-22 02:59:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-11-22 02:59:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-11-22 02:59:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-11-22 02:59:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-11-22 02:59:42 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-11-22 02:58:56 0 d-----w- c:\program files\McAfee.com 2009-11-22 02:58:52 0 d-----w- c:\program files\common files\McAfee 2009-11-22 02:58:40 0 d-----w- c:\program files\McAfee 2009-11-22 02:46:06 0 d-----w- c:\programdata\McAfee 2009-11-22 02:38:49 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-11-22 02:36:22 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-11-22 02:36:07 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-11-22 02:36:07 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-31 15:51:48 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-10-31 15:51:48 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-10-31 15:50:45 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} ==================== Find3M ==================== 2009-11-26 01:00:34 51200 ----a-w- c:\windows\inf\infpub.dat 2009-11-26 01:00:34 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-11-26 01:00:34 143360 ----a-w- c:\windows\inf\infstor.dat 2009-11-25 12:12:43 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-25 04:53:53 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont 2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-10-01 01:01:54 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll 2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2008-10-29 19:31:28 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 10:55:49.95 =============== The Attach is zipped and attached. Otherwise the computer appears to be working perfectly. I have not run into any issues so far.

Attached Files



#15 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 26 November 2009 - 05:32 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DDS::
BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
Trusted Zone: internet

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Visit ADOBEand download the latest version of Acrobat Reader (version 9.2)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users