Solved My girlfriend's computer has two viruses

Status
Not open for further replies.
R

rcmeyer99

Posts: 67   +0
Not sure how she did it, but my girlfriend downloaded both the searchya and babylon viruses. I think she may have done this when she updated Mozilla Firefox, even after I asked her not to use this internet explorer after the last virus she got. I am including the Malwarebytes log and the Gmer log. The DDS scanner I was unable to download

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.16.05

Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Nicole :: NICOLE-PC [administrator]

3/16/2012 11:53:09 PM
mbam-log-2012-03-16 (23-53-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198686
Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-17 01:26:25
Windows 6.0.6002 Service Pack 2
Running: 4i9b70yh.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39B5EDF8-6943-63A2-E761-309780A92C92}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39B5EDF8-6943-63A2-E761-309780A92C92}@haikbfdjheonepap 0x6B 0x61 0x6E 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39B5EDF8-6943-63A2-E761-309780A92C92}@iacklbokghlgbnjplp 0x6A 0x61 0x6F 0x70 ...

---- EOF - GMER 1.0.15 ----


These viruses have really been nasty to the computer. Currently I can only run in safe mode, because if I try to run in regular mode the computer will freeze up and then when I restart the computer it does a 3 stage check of the C drive.



Thanks
 
Please clarify this for me:

1. How is the malware "nasty" to the computer? > what symptoms are you having?
2. What 3 stage checkup are you referring to? A full check disk to scan and fix has 5 stages.
3. Can you access the internet?
4. Try this for DDS:

Please download the corresponding file for your operating system:

XP.

Vista

Windows 7

Extract (unzip) the file onto your desktop, double-click on it and choose Yes to merge the file into the registry when prompted. Afterwards you should then be able to run DDS.scr.
=======================================
I'll be glad to help but need some information to know what to workaround.

You are actually in Safe Mode with Networking, not just Safe Mode.
======================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
 
By nasty, I mean that these virus' have taken control of the computer. As far as the check disk, when it did go into that on start up, it first scanned then would delete from some i$30 file 79255 if I remember correctly then would check all security files. There would actually be a prompt that would say stage (1 of 3), (2 of 3) and then (3 of 3).
 
Some of the symptoms are: whenever I try to run Malwarebytes in regular mode the computer freezes, can not run Firefox or internet explorer without the computer immediately freezing, can run Google chrome for a short time without freezing. Before I knew the computer was infected, I tried updating my Google SketchUp and it kept saying that there was a download in progress please try again. That was for a day and a half.
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Nicole at 11:09:57 on 2012-03-17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.4712 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {F9BBF004-6E40-4019-8214-C43A37E1D058} - No File
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [ChromeFrameHelper] "C:\Users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1068.1\chrome_frame_helper.exe" --startup
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{7B38DDF4-6E38-49FD-9495-D4338553812A} : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{FCB31D2E-FEF8-4B29-ABAB-282EA967C4CD} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1068.1\npchrome_frame.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Yahooo Search Protection: {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
BHO-X64: YSPManager - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Updater For Simppull Toolbar: {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO-X64: Updater For Simppull Toolbar - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {F9BBF004-6E40-4019-8214-C43A37E1D058} - No File
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R3 arusb_lhx;SMCWUSB-N2 802.11n Wireless device driver;C:\Windows\system32\DRIVERS\arusb_lhx.sys --> C:\Windows\system32\DRIVERS\arusb_lhx.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-4 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-27 136176]
S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 Andbus;LGE Android Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-4-29 1431888]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-27 136176]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 Aswrdrxpems;Aswrdrxpems; [x]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-1-21 89920]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-1 652360]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-17 03:16:13 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
2012-03-17 03:16:09 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2012-03-17 03:16:08 -------- d-----w- C:\ProgramData\STOPzilla!
2012-03-17 03:16:08 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2012-03-17 02:42:03 -------- d-----w- C:\Users\Nicole\AppData\Local\VS Revo Group
2012-03-17 01:55:55 -------- d-sh--w- C:\found.001
2012-03-17 00:47:01 -------- d-----w- C:\Users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
2012-03-17 00:45:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-17 00:45:56 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-16 20:57:57 -------- d-sh--w- C:\found.000
2012-03-16 19:57:23 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05C4C0D2-B407-474E-9BD1-F491066EFBA9}\mpengine.dll
2012-03-15 19:27:53 -------- d-----w- C:\Program Files\iPod
2012-03-15 19:27:51 -------- d-----w- C:\Program Files\iTunes
2012-03-15 19:27:51 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-15 00:20:06 -------- d-----w- C:\Users\Nicole\AppData\Roaming\DVDVideoSoft
2012-03-15 00:20:06 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2012-03-15 00:20:06 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2012-03-15 00:10:01 -------- d-----w- C:\Program Files (x86)\FoxTabVideoConverter
2012-03-14 22:55:18 23376 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2012-03-14 22:55:06 546640 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2012-03-14 22:55:02 481104 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2012-03-12 22:15:34 -------- d-----w- C:\Program Files (x86)\AWS
2012-03-12 18:34:03 29696 ----a-w- C:\Windows\System32\drivers\tunnel.sys
2012-03-12 18:34:03 225280 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-03-03 03:10:33 -------- d-----w- C:\Fonts, new
2012-02-24 05:26:47 -------- d-----w- C:\Program Files (x86)\Conduit
2012-02-24 05:08:27 -------- d-----w- C:\Program Files (x86)\v-Grabber
2012-02-24 05:08:13 -------- d-----w- C:\Users\Nicole\AppData\Roaming\Babylon
2012-02-24 05:08:13 -------- d-----w- C:\Users\Nicole\AppData\Local\Babylon
2012-02-24 05:08:13 -------- d-----w- C:\ProgramData\Babylon
2012-02-23 19:09:44 29008 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2012-02-23 19:09:42 390992 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2012-02-23 19:09:42 231248 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2012-02-23 19:09:40 100176 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2012-02-23 19:09:34 132944 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2012-02-23 19:09:34 104272 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2012-02-23 19:09:32 67408 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2012-02-23 19:09:32 456528 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2012-02-23 19:09:30 808784 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2012-02-18 18:37:24 680448 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-18 18:37:24 621056 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-18 18:37:22 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
.
==================== Find3M ====================
.
2012-03-10 15:39:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 16:23:26 41184 ----a-w- C:\Windows\avastSS.scr
2012-02-23 16:12:43 817496 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-02-23 16:10:38 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-01-19 15:22:08 45936 ----a-r- C:\Windows\System32\SBBD.EXE
2012-01-09 16:16:54 708096 ----a-w- C:\Windows\System32\rdpencom.dll
2012-01-09 15:54:08 613376 ----a-w- C:\Windows\SysWow64\rdpencom.dll
2012-01-09 14:27:49 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
============= FINISH: 11:10:26.92 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 1/16/2011 10:35:34 PM
System Uptime: 3/16/2012 11:36:38 PM (12 hours ago)
.
Motherboard: Dell Inc. | | 0G254H
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | CPU | 2493/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 399.986 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 7.713 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02AE1028&REV_02\3&172E68DD&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02AE1028&REV_02\3&172E68DD&0&FB
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
AC3Filter (remove only)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.4.7
AlphaPlugins RedEyes
Apple Application Support
Apple Software Update
Autodesk Content Service
Autodesk Design Review 2012
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Autodesk Material Library 2011 Medium Image library
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Autodesk Material Library Low Resolution Image Library 2012
Autodesk Material Library Medium Resolution Image Library 2012
avast! Free Antivirus
Compatibility Pack for the 2007 Office system
DivX Web Player
Elevatorarchitect for Autodesk(R) Revit(R) 32bit
Eye Candy 3
Eye Candy 3.1 for After Effects Demo
FARO LS 1.1.406.58
Filter Forge 2.009
Fotomatic 1.3v
FoxTab Video Converter
Free 3GP Video Converter version 5.0.6.221
Google Chrome
Google Chrome Frame
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
Java Auto Updater
Java(TM) 6 Update 30
Jungle Gin Screen Saver #1
LG Android Driver
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft Works
Microsoft XML Parser
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
STOPzilla
Ultimate Media Player v2011.5.7.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VC80CRTRedist - 8.0.50727.762
virtualPhotographer 1.5.6
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
Visual Studio 2008 x64 Redistributables
WeatherBug
Winamp
Winamp Detector Plug-in
WinRAR 4.00 (32-bit)
Yahoo! BrowserPlus 2.9.8
Yahoo! Detect
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/16/2012 9:37:03 PM, Error: EventLog [6008] - The previous system shutdown at 9:14:40 PM on 3/16/2012 was unexpected.
3/16/2012 8:58:40 PM, Error: EventLog [6008] - The previous system shutdown at 8:43:27 PM on 3/16/2012 was unexpected.
3/16/2012 8:28:43 PM, Error: EventLog [6008] - The previous system shutdown at 8:10:44 PM on 3/16/2012 was unexpected.
3/16/2012 7:37:10 PM, Error: EventLog [6008] - The previous system shutdown at 6:28:18 PM on 3/16/2012 was unexpected.
3/16/2012 6:20:00 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
3/16/2012 6:14:56 PM, Error: EventLog [6008] - The previous system shutdown at 4:49:33 PM on 3/16/2012 was unexpected.
3/16/2012 6:13:32 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
3/16/2012 4:41:37 PM, Error: EventLog [6008] - The previous system shutdown at 4:36:13 PM on 3/16/2012 was unexpected.
3/16/2012 4:07:13 PM, Error: EventLog [6008] - The previous system shutdown at 3:38:46 PM on 3/16/2012 was unexpected.
3/16/2012 11:55:57 AM, Error: EventLog [6008] - The previous system shutdown at 3:28:00 AM on 3/16/2012 was unexpected.
3/16/2012 11:50:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/16/2012 11:39:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi Beep is3srv SASDIFSV SASKUTIL spldr Wanarpv6
3/16/2012 11:39:29 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/16/2012 11:38:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/16/2012 11:38:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/16/2012 11:38:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/16/2012 11:38:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/16/2012 11:38:11 PM, Error: EventLog [6008] - The previous system shutdown at 11:35:12 PM on 3/16/2012 was unexpected.
3/16/2012 11:34:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep is3srv
3/16/2012 11:34:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
3/16/2012 11:34:59 PM, Error: Service Control Manager [7000] - The Autodesk Content Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/16/2012 11:30:23 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/16/2012 11:30:23 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
3/16/2012 11:30:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/16/2012 11:30:23 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/16/2012 11:30:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/16/2012 11:28:54 PM, Error: EventLog [6008] - The previous system shutdown at 11:27:25 PM on 3/16/2012 was unexpected.
3/16/2012 10:47:58 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/16/2012 10:42:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
3/16/2012 10:06:01 PM, Error: EventLog [6008] - The previous system shutdown at 10:01:53 PM on 3/16/2012 was unexpected.
3/15/2012 2:25:00 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/14/2012 7:01:14 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242007: Security Update for Microsoft Visual Studio 2008 Service Pack 1 XML Editor (KB2251487).
3/10/2012 12:21:48 PM, Error: EventLog [6008] - The previous system shutdown at 12:19:48 PM on 3/10/2012 was unexpected.
.
==== End Of File ===========================
 
The computer that is infected can be connected to the internet, but only in safe mode with networking. If I try in normal mode it will freeze.
 
I was wondering if there is any corrective measures that can be done? I haven't heard back from anyone since Saturday morning. The computer still can only be run in safe mode with networking. Searchya and Babylon no longer show up as being on the computer because I removed them, but the Searchya and Babylon tool bars still show up. I did a google search and found that both are viruses. Is there a way to remove the rest of them easily?
 
In talking with my girlfriend this morning, I found out that she had run malwarebytes earlier on the 16th. The program had frozen according to her, but I found this log in the history.


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.16.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Nicole :: NICOLE-PC [administrator]

3/16/2012 10:16:48 PM
mbam-log-2012-03-16 (22-16-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 30786
Time elapsed: 2 minute(s), 52 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Nicole\Documents\Downloads\VideoConverterSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Nicole\Documents\Downloads\video_downloader (1).exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
C:\Users\Nicole\Documents\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.

(end)
 
The computer went into chkdsk mode again this morning and I was able to take this pic.
 

Attachments

  • IMG_20120320_112310.jpg
    IMG_20120320_112310.jpg
    183.9 KB · Views: 3
All in time- I've been sick.

When you open the Error Check (chkdsk) check both boxes, reboot and let the scan continue- there will be 5 steps. It will take a while. Have a cup of coffee and read a book while it's running.

System will reboot when through. Once it has run to completion and rebooted, it shouldn't start up again by itself.

Okay to use Safe Mode with Networking. After malware is removed, normal Mode should be okay.
==========================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=======================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
========================================
I'll remove the toolbars with wcript after Combofix.

Please be patient- I am 2 days behind.
 
ComboFix 12-03-21.02 - Nicole 03/21/2012 19:00:27.8.4 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.5072 [GMT -5:00]
Running from: c:\users\Nicole\Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 15:39 . 2011-07-14 15:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 16:23 . 2012-01-04 06:11 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2012-01-04 06:11 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-23 16:23 . 2012-01-02 22:32 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2012-01-04 06:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2012-01-04 06:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2012-01-04 06:12 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2012-01-04 06:12 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2012-01-04 06:12 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 16:10 . 2012-01-04 06:12 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 15:18 . 2011-01-17 07:35 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-19 15:22 . 2012-01-19 15:22 45936 ----a-r- c:\windows\system32\SBBD.EXE
2012-01-12 05:50 . 2012-01-12 05:50 18944 ----a-r- c:\users\Nicole\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-01-04 08:15 . 2011-04-30 16:28 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-01-03 14:25 . 2012-02-18 18:37 404992 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2011-12-09 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-27 39408]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]
"ChromeFrameHelper"="c:\users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1068.1\chrome_frame_helper.exe" [2012-03-15 96752]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000Core.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000UA.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f9bbf004-6e40-4019-8214-c43a37e1d058} - (no file)
BHO-{C4B8BAB4-1667-11DF-A242-BA9455D89593} - c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{F9BBF004-6E40-4019-8214-C43A37E1D058} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-21 20:26:15 - machine was rebooted
.
Pre-Run: 433,527,361,536 bytes free
Post-Run: 433,461,280,768 bytes free
.
 
Here is the ESET scan log

C:\Program Files (x86)\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application
C:\Program Files (x86)\FoxTabVideoConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.H application
 
Okay, I think we're almost through:

First, please note: All below were enabled when you ran Combofix:
AV: avast! Antivirus *Enabled/
SP: avast! Antivirus *Enabled/
SP: STOPzilla Anti-Spyware *Enabled/
SP: Windows Defender *Enabled/
Click to expand...
Please note Combofix instructions:
Before you run the Combofix scan, please disable any security software you have running.
Click to expand...
and again:
# .Close/disable all anti virus and anti malware programs
(If you need help with this, please see HERE)
Click to expand...
=====================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
c:\users\Nicole\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
C:\Program Files (x86)\FoxTabVideoConverter\VideoConverter.exe 
C:\Program Files (x86)\FoxTabVideoConverter\Uninstall\Uninstall.exe 
DDS::
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: Updater For Simppull Toolbar: {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO-X64: Updater For Simppull Toolbar - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"=- 
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00, 59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00, \

Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
1. I have remove entries for the Yahoo Companion! It comes bundled with many third party applications
2. I have also removed entries for the Simpull Toolbar by W3i, LLC, which also comes bundled with various third party applications> Reference was made to their Privacy Policy but their site brought a WOT "Warning- this is a dangerous site".
3. Combofix is missing this entire section:>>>>==== SERVICES / DRIVERS ==== between Reg Loading Points (REGEDIT4) and Contents of the 'Scheduled Tasks' folder
===================
Please run Malwarebytes again. The program did not finish:
Time elapsed: 2 minute(s), 52 second(s) aborted]
Follow this direction:
Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
When scan has finished, you will see this image:
scan-finished.jpg

  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.

Please leave the logs in the next reply.

Note: I have included the 2 files from Eset in the Combofix script. Looks like download site was CNET. They are requioring an Active X download with their programs.
 
Tried turning off Windows Defender and I got an error message that reads:

Application failed to initialize: 0x800106ba. A problem caused this program's service to stop. To start the service, restart your computer or search Help and Support for how to start a service manually.
 
ComboFix 12-03-22.01 - Nicole 03/24/2012 12:44:21.8.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.4198 [GMT -5:00]
Running from: c:\users\Nicole\Documents\Downloads\ComboFix.exe
Command switches used :: c:\users\Nicole\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\FoxTabVideoConverter\Uninstall\Uninstall.exe"
"c:\program files (x86)\FoxTabVideoConverter\VideoConverter.exe"
"c:\users\Nicole\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FoxTabVideoConverter\Uninstall\Uninstall.exe
c:\program files (x86)\FoxTabVideoConverter\VideoConverter.exe
c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
c:\users\Nicole\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
J:\Autorun.inf
J:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-24 17:56 . 2012-03-24 17:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-24 17:56 . 2012-03-24 17:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-24 17:56 . 2012-03-24 17:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-24 17:56 . 2012-03-24 17:56 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-03-24 06:12 . 2012-03-24 06:12 -------- d-----w- c:\users\Nicole\AppData\Roaming\com.socialbox.socialbox
2012-03-23 20:07 . 2012-03-23 20:07 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8592EBD0-50CA-4A4A-BCCE-A5AC4E1E79C8}\offreg.dll
2012-03-23 19:50 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8592EBD0-50CA-4A4A-BCCE-A5AC4E1E79C8}\mpengine.dll
2012-03-22 15:06 . 2012-03-22 15:06 -------- d-----w- c:\program files (x86)\ESET
2012-03-22 08:00 . 2012-03-22 08:00 -------- d-----w- C:\e5176b4be44ced2d25f828d6e97a
2012-03-22 00:11 . 2012-03-24 17:59 -------- d-----w- c:\users\Nicole\AppData\Local\temp
2012-03-21 08:04 . 2012-03-21 08:04 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-03-20 15:58 . 2012-03-20 15:58 -------- d-----w- C:\0c572bb179cde750a8df677364
2012-03-17 03:16 . 2012-01-12 14:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-03-17 02:42 . 2012-03-17 02:42 -------- d-----w- c:\users\Nicole\AppData\Local\VS Revo Group
2012-03-17 01:55 . 2012-03-17 01:55 -------- d-----w- C:\found.001
2012-03-17 00:47 . 2012-03-17 00:47 -------- d-----w- c:\users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
2012-03-17 00:45 . 2012-03-17 00:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-17 00:45 . 2012-03-17 00:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-16 20:57 . 2012-03-16 20:57 -------- d-----w- C:\found.000
2012-03-15 19:27 . 2012-03-15 19:27 -------- d-----w- c:\program files\iPod
2012-03-15 19:27 . 2012-03-15 19:28 -------- d-----w- c:\program files\iTunes
2012-03-15 19:27 . 2012-03-15 19:28 -------- d-----w- c:\program files (x86)\iTunes
2012-03-15 00:20 . 2012-03-15 00:20 -------- d-----w- c:\users\Nicole\AppData\Roaming\DVDVideoSoft
2012-03-15 00:20 . 2012-03-15 00:20 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-03-15 00:20 . 2012-03-15 00:20 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-03-15 00:10 . 2012-03-24 17:56 -------- d-----w- c:\program files (x86)\FoxTabVideoConverter
2012-03-12 22:15 . 2012-03-12 22:15 -------- d-----w- c:\program files (x86)\AWS
2012-03-12 18:34 . 2010-02-18 13:49 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-03-12 18:34 . 2010-02-18 11:59 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-03 03:10 . 2012-03-03 03:20 -------- d-----w- C:\Fonts, new
2012-02-24 05:26 . 2012-02-24 05:26 -------- d-----w- c:\program files (x86)\Conduit
2012-02-24 05:08 . 2012-02-24 05:27 -------- d-----w- c:\program files (x86)\v-Grabber
2012-02-24 05:08 . 2012-03-15 00:10 293 ----a-w- C:\user.js
2012-02-24 05:08 . 2012-03-17 02:52 -------- d-----w- c:\users\Nicole\AppData\Roaming\Babylon
2012-02-24 05:08 . 2012-03-17 02:52 -------- d-----w- c:\users\Nicole\AppData\Local\Babylon
2012-02-24 05:08 . 2012-02-24 05:08 -------- d-----w- c:\programdata\Babylon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 15:39 . 2011-07-14 15:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 16:23 . 2012-01-04 06:11 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2012-01-04 06:11 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-23 16:23 . 2012-01-02 22:32 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2012-01-04 06:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2012-01-04 06:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2012-01-04 06:12 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2012-01-04 06:12 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2012-01-04 06:12 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 16:10 . 2012-01-04 06:12 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 14:18 . 2011-01-17 07:35 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-19 15:22 . 2012-01-19 15:22 45936 ----a-r- c:\windows\system32\SBBD.EXE
2012-01-04 08:15 . 2011-04-30 16:28 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-01-03 14:25 . 2012-02-18 18:37 404992 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@ )))))))))))))))))))))))))))))))))))))))))

Edit: 23 posts for Lengthy SnapShot reviewed and deleted by Bobbye.
 
Edit: Lengthy Combofix SnapShot reviewed and deleted by Bobbye.
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-27 39408]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
"ChromeFrameHelper"="c:\users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1077.3\chrome_frame_helper.exe" [2012-03-23 96752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000Core.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000UA.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-FoxTab Video Converter - c:\program files (x86)\FoxTabVideoConverter\Uninstall\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
c:\program files (x86)\Secunia\PSI\PSIA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Secunia\PSI\sua.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2012-03-24 13:04:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-24 18:04
ComboFix2.txt 2012-03-22 01:26
.
Pre-Run: 533,714,022,400 bytes free
Post-Run: 533,576,019,968 bytes free
.
- - End Of File - - 75BDA5318A7CE12A3C4AB7516B5F662B
 
Previous posts were Combofix obviously. Here is the newest log from Malwarebytes.


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.24.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Nicole :: NICOLE-PC [administrator]

3/24/2012 3:00:20 PM
mbam-log-2012-03-24 (15-00-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 705842
Time elapsed: 2 hour(s), 36 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Program Files (x86)\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\FoxTabVideoConverter\Uninstall\Uninstall.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Nicole\Documents\Downloads\Softango_VideoConverter_Multi.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\Fast Browser Search\IE\SearchGuardPlus.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\Windows.old\Program Files\Fast Browser Search\IE\update.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.

(end)
 
Okay, hopefully this will finish clearing most of the bad entries up:

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
C:\user.js
Folder::
c:\program files (x86)\Conduit
c:\program files (x86)\v-Grabber
c:\users\Nicole\AppData\Roaming\Babylon
c:\users\Nicole\AppData\Local\Babylon
c:\programdata\Babylon
C:\e5176b4be44ced2d25f828d6e97a
c:\users\Nicole\AppData\Local\temp
C:\0c572bb179cde750a8df677364
C:\found.001.
C:\found.000
Registry::
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]

Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Please search the system for any of the following:
1. v-Grabber
2.PC Performer Setup463.exe >> Trojan downloader activity, Spyware like activity
it's location is C:Users\....\Appdata\Local\Temp\PC Performer Setup463.exe
3. InstallBrain
4. BundleInstaller.IB
The following are in a folder named Windows.old:
Fast Browser Search
SearchGuardPlus
Fbsearch

Delete or uninstall all you find. you may have to open the hidden files and olders in Folder Options. Whe finished, use Windows Explorer to access Computer> Local Drive(C)> Programs > Do a right click? Delete on any program folders you see for the above (AFTER you uninstall them!)
===========================================
First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-----------------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
  • Extract it to the directory on your hard drive you created C:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Let me know how system is doing when finished.
 
Here is the latest combofix list. I did not transfer over some of the lines as they were redundant from last time.

ComboFix 12-03-22.01 - Nicole 03/28/2012 16:15:04.9.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.4525 [GMT -5:00]
Running from: c:\users\Nicole\Documents\Downloads\ComboFix.exe
Command switches used :: c:\users\Nicole\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
FILE ::
"C:\user.js"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0c572bb179cde750a8df677364
c:\0c572bb179cde750a8df677364\$shtdwn$.req
c:\0c572bb179cde750a8df677364\1028\eula.rtf
c:\0c572bb179cde750a8df677364\1028\HotFixInstallerUI.dll
c:\0c572bb179cde750a8df677364\1031\eula.rtf
c:\0c572bb179cde750a8df677364\1031\HotFixInstallerUI.dll
c:\0c572bb179cde750a8df677364\1033\eula.rtf
c:\0c572bb179cde750a8df677364\1033\HotFixInstallerUI.dll
c:\0c572bb179cde750a8df677364\1036\eula.rtf
c:\0c572bb179cde750a8df677364\1036\HotFixInstallerUI.dll
c:\0c572bb179cde750a8df677364\1040\eula.rtf
c:\0c572bb179cde750a8df677364\1040\HotFixInstallerUI.dll
c:\0c572bb179cde750a8df677364\1041\eula.rtf
c:\0c572bb179cde750a8df677364\1041\HotFixInstallerUI.dll
c:\0c572bb179cde750a8df677364\1042\eula.rtf
c:\0c572bb179cde750a8df677364\1042\HotFixInstallerUI.dll
c:\0c572bb179cde750a8df677364\1046\eula.rtf
c:\0c572bb179cde750a8df677364\1046\HotFixInstallerUI.dll
c:\0c572bb179cde750a8df677364\1049\eula.rtf
c:\0c572bb179cde750a8df677364\1049\HotFixInstallerUI.dll
c:\0c572bb179cde750a8df677364\2052\eula.rtf
c:\0c572bb179cde750a8df677364\2052\HotFixInstallerUI.dll
c:\0c572bb179cde750a8df677364\3082\eula.rtf
c:\0c572bb179cde750a8df677364\3082\HotFixInstallerUI.dll
c:\0c572bb179cde750a8df677364\DHtmlHeader.html
c:\0c572bb179cde750a8df677364\header.bmp
c:\0c572bb179cde750a8df677364\HotFixInstaller.exe
c:\0c572bb179cde750a8df677364\ParameterInfo.xml
c:\0c572bb179cde750a8df677364\VS90SP1-KB2251487.msp
c:\0c572bb179cde750a8df677364\watermark.bmp
C:\e5176b4be44ced2d25f828d6e97a
c:\e5176b4be44ced2d25f828d6e97a\$shtdwn$.req
c:\e5176b4be44ced2d25f828d6e97a\1028\eula.rtf
c:\e5176b4be44ced2d25f828d6e97a\1028\HotFixInstallerUI.dll
c:\e5176b4be44ced2d25f828d6e97a\1031\eula.rtf
c:\e5176b4be44ced2d25f828d6e97a\1031\HotFixInstallerUI.dll
c:\e5176b4be44ced2d25f828d6e97a\1033\eula.rtf
c:\e5176b4be44ced2d25f828d6e97a\1033\HotFixInstallerUI.dll
c:\e5176b4be44ced2d25f828d6e97a\1036\eula.rtf
c:\e5176b4be44ced2d25f828d6e97a\1036\HotFixInstallerUI.dll
c:\e5176b4be44ced2d25f828d6e97a\1040\eula.rtf
c:\e5176b4be44ced2d25f828d6e97a\1040\HotFixInstallerUI.dll
c:\e5176b4be44ced2d25f828d6e97a\1041\eula.rtf
c:\e5176b4be44ced2d25f828d6e97a\1041\HotFixInstallerUI.dll
c:\e5176b4be44ced2d25f828d6e97a\1042\eula.rtf
c:\e5176b4be44ced2d25f828d6e97a\1042\HotFixInstallerUI.dll
c:\e5176b4be44ced2d25f828d6e97a\1046\eula.rtf
c:\e5176b4be44ced2d25f828d6e97a\1046\HotFixInstallerUI.dll
c:\e5176b4be44ced2d25f828d6e97a\1049\eula.rtf
c:\e5176b4be44ced2d25f828d6e97a\1049\HotFixInstallerUI.dll
c:\e5176b4be44ced2d25f828d6e97a\2052\eula.rtf
c:\e5176b4be44ced2d25f828d6e97a\2052\HotFixInstallerUI.dll
c:\e5176b4be44ced2d25f828d6e97a\3082\eula.rtf
c:\e5176b4be44ced2d25f828d6e97a\3082\HotFixInstallerUI.dll
c:\e5176b4be44ced2d25f828d6e97a\DHtmlHeader.html
c:\e5176b4be44ced2d25f828d6e97a\header.bmp
c:\e5176b4be44ced2d25f828d6e97a\HotFixInstaller.exe
c:\e5176b4be44ced2d25f828d6e97a\ParameterInfo.xml
c:\e5176b4be44ced2d25f828d6e97a\VS90SP1-KB2251487.msp
c:\e5176b4be44ced2d25f828d6e97a\watermark.bmp
C:\found.000
c:\found.000\dir0000.chk\b[8].gif
c:\found.000\dir0000.chk\beacon[2].js
c:\found.000\dir0000.chk\dk[3].js
c:\found.000\dir0000.chk\dref=http%253A%252F%252Fwww.mevio[1].js
c:\found.000\dir0000.chk\elie-saab-10511-2[1].jpg
c:\found.000\dir0000.chk\elie-saab-10511-5[1].jpg
c:\found.000\dir0000.chk\happy-socks03header[1].jpg
c:\found.000\dir0000.chk\img[2].js
c:\found.000\dir0000.chk\impCACNUKP5.js
c:\found.000\dir0000.chk\MevioBPFX[1].swf
c:\found.000\dir0000.chk\tntwo[2].js
C:\found.001.
c:\found.001.\dir0000.chk\26\9C5BDd01
c:\found.001.\dir0000.chk\D5\F04FAd01
c:\found.001.\dir0001.chk\14\3C689d01
c:\found.001.\dir0001.chk\97\66531d01
c:\found.001.\dir0002.chk\73\252B3d01
c:\found.001.\dir0002.chk\84\1B39Ad01
c:\found.001.\dir0003.chk\79\2407Fd01
c:\found.001.\dir0003.chk\83\E422Ad01
c:\found.001.\dir0004.chk\B2\CC636d01
c:\found.001.\dir0004.chk\BD\47AEAd01
c:\found.001.\dir0004.chk\F3\51E7Cd01
c:\found.001.\dir0005.chk\06\DC571d01
c:\found.001.\dir0005.chk\4C\D3363d01
c:\found.001.\dir0005.chk\54\E76A4d01
c:\found.001.\dir0005.chk\E0\6A2FEd01
c:\found.001.\dir0006.chk\B88B8d01
c:\found.001.\dir0007.chk\9FD4Ad01
c:\found.001.\dir0008.chk\E841Bd01
c:\found.001.\file0000.chk
c:\found.001.\file0001.chk
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\program files (x86)\v-Grabber
c:\program files (x86)\v-Grabber\appicon.ico
c:\program files (x86)\v-Grabber\converter\ffmpeg.exe
c:\program files (x86)\v-Grabber\imageformats\qjpeg4.dll
c:\program files (x86)\v-Grabber\libgcc_s_dw2-1.dll
c:\program files (x86)\v-Grabber\libstdc++-6.dll
c:\program files (x86)\v-Grabber\mingwm10.dll
c:\program files (x86)\v-Grabber\phonon4.dll
c:\program files (x86)\v-Grabber\QtCore4.dll
c:\program files (x86)\v-Grabber\QtGui4.dll
c:\program files (x86)\v-Grabber\QtNetwork4.dll
c:\program files (x86)\v-Grabber\QtWebKit4.dll
c:\program files (x86)\v-Grabber\youtubeDL.exe
c:\programdata\Babylon
C:\user.js
c:\users\Nicole\AppData\Local\Babylon
c:\users\Nicole\AppData\Local\temp\is2FE3.tmp
c:\users\Nicole\AppData\Local\temp\jusched.log
c:\users\Nicole\AppData\Local\temp\LEX1DEC.tmp
c:\users\Nicole\AppData\Local\temp\ms3953.tmp
c:\users\Nicole\AppData\Local\temp\MSIb35ad.LOG
c:\users\Nicole\AppData\Local\temp\Nicole.bmp
c:\users\Nicole\AppData\Local\temp\WKS1CE2.tmp
c:\users\Nicole\AppData\Local\temp\WKS48B5.tmp
c:\users\Nicole\AppData\Local\temp\WKS48B6.tmp
c:\users\Nicole\AppData\Local\temp\WKS48B7.tmp
c:\users\Nicole\AppData\Local\temp\wmplog00.sqm
c:\users\Nicole\AppData\Local\temp\wmplog01.sqm
c:\users\Nicole\AppData\Local\temp\wmplog02.sqm
c:\users\Nicole\AppData\Local\temp\wmplog03.sqm
c:\users\Nicole\AppData\Local\temp\wmplog04.sqm
c:\users\Nicole\AppData\Local\temp\wmplog05.sqm
c:\users\Nicole\AppData\Local\temp\wmplog06.sqm
c:\users\Nicole\AppData\Roaming\Babylon
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 21:20 . 2012-03-28 21:21 -------- d-----w- c:\users\Nicole\AppData\Local\Temp
2012-03-28 21:17 . 2012-03-28 21:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-28 21:17 . 2012-03-28 21:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-28 21:17 . 2012-03-28 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-28 21:17 . 2012-03-28 21:17 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-03-24 06:12 . 2012-03-24 06:12 -------- d-----w- c:\users\Nicole\AppData\Roaming\com.socialbox.socialbox
2012-03-23 20:07 . 2012-03-23 20:07 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8592EBD0-50CA-4A4A-BCCE-A5AC4E1E79C8}\offreg.dll
2012-03-23 19:50 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8592EBD0-50CA-4A4A-BCCE-A5AC4E1E79C8}\mpengine.dll
2012-03-22 15:06 . 2012-03-22 15:06 -------- d-----w- c:\program files (x86)\ESET
2012-03-21 08:04 . 2012-03-21 08:04 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-03-17 03:16 . 2012-01-12 14:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-03-17 02:42 . 2012-03-17 02:42 -------- d-----w- c:\users\Nicole\AppData\Local\VS Revo Group
2012-03-17 00:47 . 2012-03-17 00:47 -------- d-----w- c:\users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
2012-03-17 00:45 . 2012-03-17 00:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-17 00:45 . 2012-03-17 00:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-15 19:27 . 2012-03-15 19:27 -------- d-----w- c:\program files\iPod
2012-03-15 19:27 . 2012-03-15 19:28 -------- d-----w- c:\program files\iTunes
2012-03-15 19:27 . 2012-03-15 19:28 -------- d-----w- c:\program files (x86)\iTunes
2012-03-15 00:20 . 2012-03-15 00:20 -------- d-----w- c:\users\Nicole\AppData\Roaming\DVDVideoSoft
2012-03-15 00:20 . 2012-03-15 00:20 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-03-15 00:20 . 2012-03-15 00:20 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-03-15 00:10 . 2012-03-24 17:56 -------- d-----w- c:\program files (x86)\FoxTabVideoConverter
2012-03-12 22:15 . 2012-03-12 22:15 -------- d-----w- c:\program files (x86)\AWS
2012-03-12 18:34 . 2010-02-18 13:49 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-03-12 18:34 . 2010-02-18 11:59 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-03 03:10 . 2012-03-03 03:20 -------- d-----w- C:\Fonts, new
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 15:39 . 2011-07-14 15:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 16:23 . 2012-01-04 06:11 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2012-01-04 06:11 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-23 16:23 . 2012-01-02 22:32 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2012-01-04 06:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2012-01-04 06:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2012-01-04 06:12 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2012-01-04 06:12 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2012-01-04 06:12 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 16:10 . 2012-01-04 06:12 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 14:18 . 2011-01-17 07:35 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-19 15:22 . 2012-01-19 15:22 45936 ----a-r- c:\windows\system32\SBBD.EXE
2012-01-04 08:15 . 2011-04-30 16:28 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-01-03 14:25 . 2012-02-18 18:37 404992 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
 
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-27 39408]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
"ChromeFrameHelper"="c:\users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1077.3\chrome_frame_helper.exe" [2012-03-23 96752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000Core.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000UA.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
c:\program files (x86)\Secunia\PSI\PSIA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Secunia\PSI\sua.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-03-28 16:24:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-28 21:24
ComboFix2.txt 2012-03-24 18:04
ComboFix3.txt 2012-03-22 01:26
.
Pre-Run: 519,093,501,952 bytes free
Post-Run: 520,125,612,032 bytes free
.
- - End Of File - - A92BD519CA51BE6ADA509A910C8D0549
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:13 AM, on 3/29/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1081.2\chrome_frame_helper.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Updater For Simppull Toolbar - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ChromeFrameHelper] "C:\Users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1081.2\chrome_frame_helper.exe" --startup
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1081.2\npchrome_frame.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8670 bytes
 
Also went through the files and found v-grabber, Fast Browser Search and FBsearch. I removed them from the C: drive.
 
Status
Not open for further replies.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
JerryBels
  • Locked
Inactive My Chrome is infected with scripts loading on each page
Replies
3
Views
9K
Broni
Broni

Latest posts

Back