Inactive Help with Family Computer

raguv2000 · Nov 30, 2010

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5220

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

30/11/2010 2:53:23 PM
mbam-log-2010-11-30 (14-53-23).txt

Scan type: Quick scan
Objects scanned: 317863
Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 108
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 47
Files Infected: 39

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{565DD573-549E-4da9-8CD7-6AE3DF25339A} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DE88BEB-F271-484A-BA71-01D30F439F0C} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{42C7C39F-3128-4a17-BDB7-91C46032B5B9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{AC5AB953-ED25-4f9c-87F0-B086B0178FFA} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160F76A-1992-4B17-A32D-0C706D159105} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C7C39F-3128-4A17-BDB7-91C46032B5B9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42C7C39F-3128-4A17-BDB7-91C46032B5B9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42C7C39F-3128-4A17-BDB7-91C46032B5B9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50AD41D2-B1F0-47CC-9EA7-395355EAEEBD} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8CEB185E-81A5-46D3-BC20-C555D605AFBD} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{CDC73256-A88D-4642-844E-A8F20B76789C} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D1063603-F045-475F-AFBC-8CBA7D5797FB} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A72522BA-9FF3-4C83-ABC6-9B476728A396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F5B8C69C-9B45-4a6a-9380-DF225C546AE7} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{629CD6C2-E4C5-4554-AEB8-12E4E2CD40FF} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.CMW.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.CMW (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C5762628-AE15-4ca6-96C4-B00DD17F3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2A743834-05F4-4ed4-8A1C-41332B10AC0C} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1081D532-7DE4-40BD-B912-388FA6B27C78} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.TCP.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.TCP (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D062E03E-65CA-49E4-9B15-31938BA98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883DFC00-8A21-411D-956C-73A4E4B7D16F} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A3E67DAA-DA01-4da5-98BE-3088B554A11E} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D95C7240-0282-4c01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Seekdns (Adware.Zwangi) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekdns (Adware.Zwangi) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790375B376555234AB96 (Malware.Trace) -> Value: SRS_IT_E8790375B376555234AB96 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\queryexplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\programdata\Seekdns (Adware.Zwangi) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.1.0.5240 (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.1.0.5240\FF (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.1.0.5240\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.1.0.5240\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.1.0.5240\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\content management wizard (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\content management wizard\1.1.0.1880 (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\customized platform advancer (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\customized platform advancer\4.1.0.1800 (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\customized platform advancer\4.1.0.1800\FF (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\customized platform advancer\4.1.0.1800\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\customized platform advancer\4.1.0.1800\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\customized platform advancer\4.1.0.1800\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet today (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\internet today\1.1.0.1230 (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464} (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files\queryexplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files\questservice (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\questservice\questservice_deleted_ (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\Seekdns (Adware.Zwangi) -> Quarantined and deleted successfully.
c:\program files\textual content provider (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\textual content provider\1.1.0.1610 (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\textual content provider\1.1.0.1610\for_anti_av (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\textual content provider\1.1.0.1610\for_anti_av\1.1.0.1610 (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\3.1.0.1840 (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\3.1.0.1840\FF (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\3.1.0.1840\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\3.1.0.1840\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\3.1.0.1840\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Guest\local settings\application data\internet today (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\Users\subhanee.supangan-pc.003\local settings\application data\internet today (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\Users\subhanee.supangan-pc.003\local settings\application data\textual content provider (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\Users\subhanee.supangan-pc.003\local settings\application data\textual content provider\1.1.0.1610 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\Users\subhanee.supangan-pc.003\local settings\application data\textual content provider\1.1.0.1610\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\Users\Guest\local settings\application data\web search operator (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\Users\Guest\local settings\application data\web search operator\3.1.0.1840 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\Users\subhanee.supangan-pc.003\local settings\application data\web search operator (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\Users\subhanee.supangan-pc.003\local settings\application data\web search operator\3.1.0.1840 (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\web search operator\3.1.0.1840\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\supansan\documents\downloads\popularscreensaverssetup2.3.67.1.zrman000 (1).exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\supansan\documents\downloads\popularscreensaverssetup2.3.67.1.zrman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\subhanee1\downloads\narutouzumakichronicles2pri-dm.exe (Adware.TryMedia) -> Quarantined and deleted successfully.
c:\Users\supansan\downloads\setup(2).exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Users\supansan\downloads\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Users\supangan 1\local settings\application data\opRSK (Malware.Trace) -> Quarantined and deleted successfully.
c:\programdata\Seekdns\seekdns122.exe (Adware.Zwangi) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.1.0.5240\acecommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.1.0.5240\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.1.0.5240\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.1.0.5240\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.1.0.5240\FF\components\aceffhelpercomponent.js (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\content management wizard\1.1.0.1880\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\customized platform advancer\4.1.0.1800\cpacommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\customized platform advancer\4.1.0.1800\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\customized platform advancer\4.1.0.1800\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\customized platform advancer\4.1.0.1800\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\customized platform advancer\4.1.0.1800\FF\components\cpaffhelpercomponent.js (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\internet today\1.1.0.1230\internettoday.ico (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\internet today\1.1.0.1230\microsoft.vc80.mfc.manifest (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\internet today\1.1.0.1230\skincrafterdll.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome.manifest (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\install.rdf (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome\queryexplorer.jar (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences\prefs.js (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files\Seekdns\seekdns.exe (Adware.Zwangi) -> Quarantined and deleted successfully.
c:\program files\web search operator\3.1.0.1840\wsocommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\3.1.0.1840\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\3.1.0.1840\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\3.1.0.1840\FF\components\wsoffaddon.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\3.1.0.1840\FF\components\wsoffhelpercomponent.js (Adware.Agent) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar uninstall instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\reset cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.

raguv2000 · Nov 30, 2010

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-30 15:18:31
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-75A7B2 rev.01.03B01
Running: 3tqi8szv.exe; Driver: C:\Users\SUBHAN~1.003\AppData\Local\Temp\pwlyrkow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

raguv2000 · Nov 30, 2010

DDS (Ver_10-11-27.01) - NTFSx86
Run by subhanee at 15:19:03.11 on 30/11/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.3036.1993 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\conime.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\subhanee.supangan-PC.003\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.theprizeday.com/today.php
uDefault_Page_URL = hxxp://everythingy.com/ie/home
uSearch Bar =
mStart Page = hxxp://www.myfastwebsearch.com/
mSearch Page = ${URL_SEARCHPAGE}
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.myfastwebsearch.com/
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80228
uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RebateInformer] c:\progra~1\rebate~1\REBATE~1.EXE /STARTUP
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [RGSC] c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
uRun: [Google Update] "c:\users\subhanee.supangan-pc.003\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\subhan~1.003\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://us1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\subhan~1.003\appdata\roaming\mozilla\firefox\profiles\dm2ge96q.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm491YECA&fl=0&ptb=Aa_F_69IO8DVyre0pSA.hQ&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77c0c093&searchfor=
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppanda3d.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\subhanee.supangan-pc.003\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\subhan~1.003\appdata\roaming\mozilla\firefox\profiles\dm2ge96q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-6-13 81920]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-30 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-30 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-30 60936]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca6538101039a3;Google Update Service (gupdate1ca6538101039a3);c:\program files\google\update\GoogleUpdate.exe [2009-11-14 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2008-3-27 116992]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TridVidx86;Trident TVMaster TM6000 Analog plus Digital Video Service x86;c:\windows\system32\drivers\TridVidx86.sys [2007-7-31 163456]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-11-30 06:38:41 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-11-30 06:38:39 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b16cbe82-99b8-48d4-9a67-022e29fdd6c8}\mpengine.dll
2010-11-30 06:38:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-30 06:28:22 -------- d-----w- c:\windows\en
2010-11-30 06:18:11 15712 ----a-w- c:\program files\common files\windows live\.cache\5c80be4c1cb905601\MeshBetaRemover.exe
2010-11-30 06:09:35 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-11-30 05:34:29 -------- d-----w- c:\program files\Windows Portable Devices
2010-11-30 05:31:12 -------- d-----w- c:\users\subhan~1.003\appdata\roaming\Avira
2010-11-30 05:24:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-30 05:24:09 -------- d-----w- c:\program files\Avira
2010-11-30 05:24:09 -------- d-----w- c:\progra~2\Avira
2010-11-30 05:19:55 -------- d-----w- c:\users\subhan~1.003\appdata\roaming\Multi File Downloader
2010-11-30 05:17:10 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-11-30 05:17:10 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-11-30 05:17:10 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-30 05:17:06 469256 ----a-w- c:\program files\common files\windows live\.cache\d2f6e9ad1cb904d08\InstallManager_WLE_WLE.exe
2010-11-30 05:16:56 94040 ----a-w- c:\program files\common files\windows live\.cache\cc2adc8d1cb904d06\DSETUP.dll
2010-11-30 05:16:56 525656 ----a-w- c:\program files\common files\windows live\.cache\cc2adc8d1cb904d06\DXSETUP.exe
2010-11-30 05:16:56 1691480 ----a-w- c:\program files\common files\windows live\.cache\cc2adc8d1cb904d06\dsetup32.dll
2010-11-30 05:16:48 94040 ----a-w- c:\program files\common files\windows live\.cache\c8e759ed1cb904d03\DSETUP.dll
2010-11-30 05:16:48 525656 ----a-w- c:\program files\common files\windows live\.cache\c8e759ed1cb904d03\DXSETUP.exe
2010-11-30 05:16:48 1691480 ----a-w- c:\program files\common files\windows live\.cache\c8e759ed1cb904d03\dsetup32.dll
2010-11-30 05:16:34 -------- d-----w- c:\users\subhan~1.003\appdata\local\Windows Live
2010-11-30 05:15:45 754688 ----a-w- c:\windows\system32\webservices.dll
2010-11-30 05:15:19 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-11-30 05:15:19 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-11-30 05:15:18 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-11-30 05:13:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-11-30 05:12:37 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-11-30 05:12:37 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-11-30 05:12:37 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-11-30 04:59:43 -------- d-----w- c:\users\subhan~1.003\appdata\roaming\Malwarebytes
2010-11-30 04:59:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 04:59:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 03:37:26 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-11-29 22:33:27 -------- d-----w- c:\windows\system32\vi-VN
2010-11-29 22:33:27 -------- d-----w- c:\windows\system32\eu-ES
2010-11-29 22:33:27 -------- d-----w- c:\windows\system32\ca-ES
2010-11-29 21:22:19 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-11-29 21:21:23 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-11-06 16:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 16:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-09-23 05:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 05:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2009-12-11 01:48:57 1974352 ----a-w- c:\program files\VisualBoyAdvance.exe

============= FINISH: 15:20:15.29 ===============

raguv2000 · Nov 30, 2010

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 13/06/2009 11:02:24 AM
System Uptime: 30/11/2010 2:55:50 PM (1 hours ago)

Motherboard: Dell Inc. | | 0U880P
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 451 GiB total, 255.841 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 10.185 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

==== Installed Programs ======================

100% Free Chess 7.30
1912 Titanic Mystery
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
AREA-51 (remove only)
Ares 2.1.2
AutoUpdate
Avira AntiVir Personal - Free Antivirus
BigFoot 4x4 Challenge
Bonjour
Cheat Engine 5.5
Combat Wings - Battle of Britain Arcade Edition (remove only)
Combined Community Codec Pack 2008-01-24
Compatibility Pack for the 2007 Office system
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Dell-eBay
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Resource CD
DigimonBattle Beta
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
Duelpro 2009
EA SPORTS online 2006
GameSpy Arcade
Google Chrome
Google Earth
Google Update Helper
Grand Theft Auto IV
GTA2
gtaTournament Client
gtaTournament Server
H.264 Decoder
Heroes In the Sky
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java(TM) 6 Update 11
Junk Mail filter update
Kaiba Corp Virtual Duel System 1.14
Kill Deal
KingMania
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Halo Trial
Microsoft Interactive Training
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MKV Splitter
MLB.com Shuffle 07 (remove only)
Monopoly Here & Now Edition (remove only)
Monopoly Tycoon
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MY CAMERA
Nanovor
Naruto Uzumaki Chronicles 2 Prima Official eGuide (remove only)
NHL06
Norton Security Scan
ONIMUSHA3 PC
Operation
Panda3D Game Engine
Pando Media Booster
PCTuneUp
Pokedexer
Pokemon Light
Pokemon PC 1.8
Pokemon World Online 1.52
POKéMON Simulator 4.5
PowerDVD
Princess Isabella
Project64 1.6
QuickTime
Realtek High Definition Audio Driver
Rockstar Games Social Club
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Sacred
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Shockwave
Shoddy Battle (a FREE GNU licensed Online Pokemon Battle Simula
Sketchpad
Skype web features
Skype™ 4.1
SoulMaster
Spelling Dictionaries Support For Adobe Reader 9
TV
U3Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Xvid 1.2.1 final uninstall
Yu-Gi-Oh! ONLINE 2

==== End Of File ===========================

raguv2000 · Nov 30, 2010

Thanks a lot...cousins filled it with malware... just trying to clean it up

Broni · Dec 1, 2010

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

Open SUPERAntiSpyware.
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Post SUPERAntiSpyware log.

raguv2000 · Dec 1, 2010

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 537s
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 134):
0x81E1E000 \SystemRoot\system32\ntkrnlpa.exe
0x821D7000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80696000 \SystemRoot\system32\drivers\acpi.sys
0x806DC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E5000 \SystemRoot\system32\drivers\msisadrv.sys
0x806ED000 \SystemRoot\system32\drivers\pci.sys
0x80714000 \SystemRoot\System32\drivers\partmgr.sys
0x80723000 \SystemRoot\system32\drivers\volmgr.sys
0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077C000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80783000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x80791000 \SystemRoot\system32\drivers\pciide.sys
0x80798000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A8000 \SystemRoot\system32\drivers\atapi.sys
0x807B0000 \SystemRoot\system32\drivers\ataport.SYS
0x807CE000 \SystemRoot\system32\drivers\fltmgr.sys
0x805B2000 \SystemRoot\system32\drivers\fileinfo.sys
0x80600000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x89C05000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89C76000 \SystemRoot\system32\drivers\ndis.sys
0x89D81000 \SystemRoot\system32\drivers\msrpc.sys
0x89DAC000 \SystemRoot\system32\drivers\NETIO.SYS
0x89E07000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89F17000 \SystemRoot\system32\drivers\volsnap.sys
0x89F50000 \SystemRoot\System32\Drivers\spldr.sys
0x89F58000 \SystemRoot\System32\Drivers\mup.sys
0x89F67000 \SystemRoot\System32\drivers\ecache.sys
0x89F8E000 \SystemRoot\system32\drivers\disk.sys
0x89F9F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89FC0000 \SystemRoot\system32\drivers\crcdisk.sys
0x89FE9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x89FF4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x89DE7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DA0C000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E329000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E3CA000 \SystemRoot\System32\drivers\watchdog.sys
0x8E80D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E89A000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8E8DB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E8E6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E924000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E933000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E94B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E951000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8E959000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E988000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E9C9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E9D4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E9EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E3D6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x805C2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x805D1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x805E5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EC02000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EC12000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EC1D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EC28000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EC2A000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EC54000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EC5E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EC6B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8ECA0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EE0C000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F041000 \SystemRoot\system32\drivers\portcls.sys
0x8F06E000 \SystemRoot\system32\drivers\drmk.sys
0x8F093000 \??\C:\Windows\system32\drivers\ACEDRV05.sys
0x8F0F2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F0FB000 \SystemRoot\System32\Drivers\Null.SYS
0x8F102000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F112000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F119000 \SystemRoot\System32\drivers\vga.sys
0x8F125000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F146000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F14E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F156000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F161000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F16F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8ECB1000 \SystemRoot\System32\drivers\tcpip.sys
0x8F178000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8F193000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F1A9000 \SystemRoot\system32\DRIVERS\smb.sys
0x8ED9B000 \SystemRoot\system32\drivers\afd.sys
0x8F1BD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F1EF000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8EDE3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F404000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F412000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F425000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F42B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F467000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F471000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F488000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8F4AB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F4B8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F4C3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8F4CB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F4D4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F4E4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F4E6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F4EF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x80C60000 \SystemRoot\System32\win32k.sys
0x8F4F7000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F501000 \SystemRoot\system32\DRIVERS\monitor.sys
0x80E80000 \SystemRoot\System32\TSDDD.dll
0x80EA0000 \SystemRoot\System32\cdd.dll
0x8F510000 \SystemRoot\system32\drivers\luafv.sys
0x8F52B000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8F540000 \SystemRoot\system32\drivers\spsys.sys
0x8F5F0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x89FC9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAB00E000 \SystemRoot\system32\drivers\HTTP.sys
0xAB07B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAB098000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAB0B1000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAB0C6000 \SystemRoot\system32\drivers\mrxdav.sys
0xAB0E7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAB106000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAB13F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAB157000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAB17F000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE004000 \SystemRoot\system32\drivers\peauth.sys
0xAE0E2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE0EC000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE0F8000 \SystemRoot\System32\Drivers\fastfat.SYS
0xAE120000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x779C0000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
424 C:\Windows\System32\smss.exe
556 csrss.exe
600 C:\Windows\System32\wininit.exe
608 csrss.exe
648 C:\Windows\System32\services.exe
672 C:\Windows\System32\winlogon.exe
696 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\audiodg.exe
1260 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\SLsvc.exe
1304 C:\Windows\System32\svchost.exe
1392 C:\Program Files\Dell\DellDock\DockLogin.exe
1472 C:\Windows\System32\svchost.exe
1668 C:\Windows\System32\spoolsv.exe
1692 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1704 C:\Windows\System32\svchost.exe
2004 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
2032 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
268 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
284 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
516 C:\Windows\System32\dwm.exe
548 C:\Windows\System32\taskeng.exe
592 C:\Windows\explorer.exe
996 C:\Windows\System32\taskeng.exe
772 C:\Program Files\Bonjour\mDNSResponder.exe
2084 C:\Windows\System32\svchost.exe
2108 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2296 C:\Windows\System32\svchost.exe
2336 C:\Windows\System32\svchost.exe
2436 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2480 C:\Windows\System32\SearchIndexer.exe
2724 C:\Program Files\Windows Defender\MSASCui.exe
2732 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2748 C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
2772 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2860 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2884 C:\Windows\System32\hkcmd.exe
2908 C:\Windows\System32\igfxpers.exe
2960 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
2984 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3068 C:\Program Files\Dell\DellDock\DellDock.exe
3112 C:\Program Files\iTunes\iTunesHelper.exe
3128 C:\Program Files\Windows Media Player\wmpnscfg.exe
3176 C:\Users\subhanee.supangan-PC.003\AppData\Local\Google\Update\GoogleUpdate.exe
3404 C:\Windows\System32\conime.exe
3776 C:\Windows\System32\svchost.exe
3900 C:\Program Files\Windows Media Player\wmpnetwk.exe
2384 WmiPrvSE.exe
3428 C:\Program Files\iPod\bin\iPodService.exe
3984 C:\Windows\System32\svchost.exe
2932 C:\Program Files\Internet Explorer\ielowutil.exe
3312 C:\Windows\System32\msiexec.exe
3772 C:\Windows\System32\SearchProtocolHost.exe
3204 C:\Windows\System32\SearchFilterHost.exe
3076 C:\Program Files\Mozilla Firefox\firefox.exe
2532 C:\Users\subhanee.supangan-PC.003\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c3700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-75A7B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Broni · Dec 1, 2010

That looks good

raguv2000 · Dec 1, 2010

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/01/2010 at 03:12 AM

Application Version : 4.46.1000

Core Rules Database Version : 5934
Trace Rules Database Version: 3746

Scan type : Complete Scan
Total Scan Time : 01:48:46

Memory items scanned : 279
Memory threats detected : 0
Registry items scanned : 8402
Registry threats detected : 24
File items scanned : 229534
File threats detected : 3

Adware.HBHelper
HKU\S-1-5-21-3795636149-1565154725-1217556812-1025\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-3795636149-1565154725-1217556812-1025\SOFTWARE\FunWebProducts
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version

Adware.Zango/ShoppingReport
HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}
HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\ProxyStubClsid
HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\ProxyStubClsid32
HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\TypeLib
HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\TypeLib#Version
HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}
HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\ProxyStubClsid
HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\ProxyStubClsid32
HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\TypeLib
HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\TypeLib#Version
HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}
HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\ProxyStubClsid
HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\ProxyStubClsid32
HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\TypeLib
HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\TypeLib#Version

Malware.Trace
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon#Taskman

Trojan.Unclassified/Loader-Suspicious
C:\CDHOME\BLUE\LOADER.EXE
C:\CDHOME\RED\LOADER.EXE

Trojan.Agent/Gen-Falprod
C:\USERS\SUPANGAN 1\DOCUMENTS\WINDS PRO\EMU\NO$GBA\NGZOOM.DLL

Broni · Dec 1, 2010

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Inactive Help with Family Computer

raguv2000

Posts: 27 +0

raguv2000

Posts: 27 +0

raguv2000

Posts: 27 +0

raguv2000

Posts: 27 +0

raguv2000

Posts: 27 +0

Broni

Posts: 56,041 +516

raguv2000

Posts: 27 +0

Broni

Posts: 56,041 +516

raguv2000

Posts: 27 +0

Broni

Posts: 56,041 +516

Similar threads

Latest posts