TechSpot

My girlfriend's computer has two viruses

By rcmeyer99
Mar 17, 2012
  1. Not sure how she did it, but my girlfriend downloaded both the searchya and babylon viruses. I think she may have done this when she updated Mozilla Firefox, even after I asked her not to use this internet explorer after the last virus she got. I am including the Malwarebytes log and the Gmer log. The DDS scanner I was unable to download

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.16.05

    Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Nicole :: NICOLE-PC [administrator]

    3/16/2012 11:53:09 PM
    mbam-log-2012-03-16 (23-53-09).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 198686
    Time elapsed: 2 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-17 01:26:25
    Windows 6.0.6002 Service Pack 2
    Running: 4i9b70yh.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39B5EDF8-6943-63A2-E761-309780A92C92}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39B5EDF8-6943-63A2-E761-309780A92C92}@haikbfdjheonepap 0x6B 0x61 0x6E 0x70 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39B5EDF8-6943-63A2-E761-309780A92C92}@iacklbokghlgbnjplp 0x6A 0x61 0x6F 0x70 ...

    ---- EOF - GMER 1.0.15 ----


    These viruses have really been nasty to the computer. Currently I can only run in safe mode, because if I try to run in regular mode the computer will freeze up and then when I restart the computer it does a 3 stage check of the C drive.



    Thanks
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please clarify this for me:

    1. How is the malware "nasty" to the computer? > what symptoms are you having?
    2. What 3 stage checkup are you referring to? A full check disk to scan and fix has 5 stages.
    3. Can you access the internet?
    4. Try this for DDS:

    Please download the corresponding file for your operating system:

    XP.

    Vista

    Windows 7

    Extract (unzip) the file onto your desktop, double-click on it and choose Yes to merge the file into the registry when prompted. Afterwards you should then be able to run DDS.scr.
    =======================================
    I'll be glad to help but need some information to know what to workaround.

    You are actually in Safe Mode with Networking, not just Safe Mode.
    ======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
     
  3. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    By nasty, I mean that these virus' have taken control of the computer. As far as the check disk, when it did go into that on start up, it first scanned then would delete from some i$30 file 79255 if I remember correctly then would check all security files. There would actually be a prompt that would say stage (1 of 3), (2 of 3) and then (3 of 3).
     
  4. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    Some of the symptoms are: whenever I try to run Malwarebytes in regular mode the computer freezes, can not run Firefox or internet explorer without the computer immediately freezing, can run Google chrome for a short time without freezing. Before I knew the computer was infected, I tried updating my Google SketchUp and it kept saying that there was a download in progress please try again. That was for a day and a half.
     
  5. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
    Run by Nicole at 11:09:57 on 2012-03-17
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.4712 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    uURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    TB: {F9BBF004-6E40-4019-8214-C43A37E1D058} - No File
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "C:\Users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
    uRun: [ChromeFrameHelper] "C:\Users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1068.1\chrome_frame_helper.exe" --startup
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    TCP: Interfaces\{7B38DDF4-6E38-49FD-9495-D4338553812A} : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    TCP: Interfaces\{FCB31D2E-FEF8-4B29-ABAB-282EA967C4CD} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1068.1\npchrome_frame.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Yahooo Search Protection: {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
    BHO-X64: YSPManager - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Updater For Simppull Toolbar: {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
    BHO-X64: Updater For Simppull Toolbar - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    TB-X64: {F9BBF004-6E40-4019-8214-C43A37E1D058} - No File
    mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R3 arusb_lhx;SMCWUSB-N2 802.11n Wireless device driver;C:\Windows\system32\DRIVERS\arusb_lhx.sys --> C:\Windows\system32\DRIVERS\arusb_lhx.sys [?]
    S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    S2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
    S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-4 44768]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-27 136176]
    S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
    S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    S3 Andbus;LGE Android Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
    S3 AndDiag;LGE Android USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
    S3 AndGps;LGE Android USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
    S3 ANDModem;LGE Android USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-4-29 1431888]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-27 136176]
    S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 Aswrdrxpems;Aswrdrxpems; [x]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-1-21 89920]
    S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-1 652360]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-03-17 03:16:13 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
    2012-03-17 03:16:09 -------- d-----w- C:\Program Files (x86)\STOPzilla!
    2012-03-17 03:16:08 -------- d-----w- C:\ProgramData\STOPzilla!
    2012-03-17 03:16:08 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
    2012-03-17 02:42:03 -------- d-----w- C:\Users\Nicole\AppData\Local\VS Revo Group
    2012-03-17 01:55:55 -------- d-sh--w- C:\found.001
    2012-03-17 00:47:01 -------- d-----w- C:\Users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
    2012-03-17 00:45:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-03-17 00:45:56 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-03-16 20:57:57 -------- d-sh--w- C:\found.000
    2012-03-16 19:57:23 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05C4C0D2-B407-474E-9BD1-F491066EFBA9}\mpengine.dll
    2012-03-15 19:27:53 -------- d-----w- C:\Program Files\iPod
    2012-03-15 19:27:51 -------- d-----w- C:\Program Files\iTunes
    2012-03-15 19:27:51 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-03-15 00:20:06 -------- d-----w- C:\Users\Nicole\AppData\Roaming\DVDVideoSoft
    2012-03-15 00:20:06 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
    2012-03-15 00:20:06 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
    2012-03-15 00:10:01 -------- d-----w- C:\Program Files (x86)\FoxTabVideoConverter
    2012-03-14 22:55:18 23376 ----a-r- C:\Windows\SysWow64\SZIO5.dll
    2012-03-14 22:55:06 546640 ----a-r- C:\Windows\SysWow64\SZComp5.dll
    2012-03-14 22:55:02 481104 ----a-r- C:\Windows\SysWow64\SZBase5.dll
    2012-03-12 22:15:34 -------- d-----w- C:\Program Files (x86)\AWS
    2012-03-12 18:34:03 29696 ----a-w- C:\Windows\System32\drivers\tunnel.sys
    2012-03-12 18:34:03 225280 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-03-03 03:10:33 -------- d-----w- C:\Fonts, new
    2012-02-24 05:26:47 -------- d-----w- C:\Program Files (x86)\Conduit
    2012-02-24 05:08:27 -------- d-----w- C:\Program Files (x86)\v-Grabber
    2012-02-24 05:08:13 -------- d-----w- C:\Users\Nicole\AppData\Roaming\Babylon
    2012-02-24 05:08:13 -------- d-----w- C:\Users\Nicole\AppData\Local\Babylon
    2012-02-24 05:08:13 -------- d-----w- C:\ProgramData\Babylon
    2012-02-23 19:09:44 29008 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
    2012-02-23 19:09:42 390992 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
    2012-02-23 19:09:42 231248 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
    2012-02-23 19:09:40 100176 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
    2012-02-23 19:09:34 132944 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
    2012-02-23 19:09:34 104272 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
    2012-02-23 19:09:32 67408 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
    2012-02-23 19:09:32 456528 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
    2012-02-23 19:09:30 808784 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
    2012-02-18 18:37:24 680448 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-02-18 18:37:24 621056 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-02-18 18:37:22 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
    .
    ==================== Find3M ====================
    .
    2012-03-10 15:39:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-23 16:23:26 41184 ----a-w- C:\Windows\avastSS.scr
    2012-02-23 16:12:43 817496 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-02-23 16:10:38 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
    2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
    2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
    2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
    2012-01-19 15:22:08 45936 ----a-r- C:\Windows\System32\SBBD.EXE
    2012-01-09 16:16:54 708096 ----a-w- C:\Windows\System32\rdpencom.dll
    2012-01-09 15:54:08 613376 ----a-w- C:\Windows\SysWow64\rdpencom.dll
    2012-01-09 14:27:49 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    .
    ============= FINISH: 11:10:26.92 ===============
     
  6. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 1/16/2011 10:35:34 PM
    System Uptime: 3/16/2012 11:36:38 PM (12 hours ago)
    .
    Motherboard: Dell Inc. | | 0G254H
    Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | CPU | 2493/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 684 GiB total, 399.986 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 7.713 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02AE1028&REV_02\3&172E68DD&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02AE1028&REV_02\3&172E68DD&0&FB
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    AC3Filter (remove only)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop 7.0
    Adobe Reader 9.4.7
    AlphaPlugins RedEyes
    Apple Application Support
    Apple Software Update
    Autodesk Content Service
    Autodesk Design Review 2012
    Autodesk Material Library 2011
    Autodesk Material Library 2011 Base Image library
    Autodesk Material Library 2011 Medium Image library
    Autodesk Material Library 2012
    Autodesk Material Library Base Resolution Image Library 2012
    Autodesk Material Library Low Resolution Image Library 2012
    Autodesk Material Library Medium Resolution Image Library 2012
    avast! Free Antivirus
    Compatibility Pack for the 2007 Office system
    DivX Web Player
    Elevatorarchitect for Autodesk(R) Revit(R) 32bit
    Eye Candy 3
    Eye Candy 3.1 for After Effects Demo
    FARO LS 1.1.406.58
    Filter Forge 2.009
    Fotomatic 1.3v
    FoxTab Video Converter
    Free 3GP Video Converter version 5.0.6.221
    Google Chrome
    Google Chrome Frame
    Google SketchUp 8
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
    Java Auto Updater
    Java(TM) 6 Update 30
    Jungle Gin Screen Saver #1
    LG Android Driver
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729
    Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729
    Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729
    Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 Runtime
    Microsoft Works
    Microsoft XML Parser
    Secunia PSI (2.0.0.4003)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    STOPzilla
    Ultimate Media Player v2011.5.7.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    VC80CRTRedist - 8.0.50727.762
    virtualPhotographer 1.5.6
    Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177
    Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
    Visual Studio 2008 x64 Redistributables
    WeatherBug
    Winamp
    Winamp Detector Plug-in
    WinRAR 4.00 (32-bit)
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Detect
    Yahoo! Messenger
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/16/2012 9:37:03 PM, Error: EventLog [6008] - The previous system shutdown at 9:14:40 PM on 3/16/2012 was unexpected.
    3/16/2012 8:58:40 PM, Error: EventLog [6008] - The previous system shutdown at 8:43:27 PM on 3/16/2012 was unexpected.
    3/16/2012 8:28:43 PM, Error: EventLog [6008] - The previous system shutdown at 8:10:44 PM on 3/16/2012 was unexpected.
    3/16/2012 7:37:10 PM, Error: EventLog [6008] - The previous system shutdown at 6:28:18 PM on 3/16/2012 was unexpected.
    3/16/2012 6:20:00 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
    3/16/2012 6:14:56 PM, Error: EventLog [6008] - The previous system shutdown at 4:49:33 PM on 3/16/2012 was unexpected.
    3/16/2012 6:13:32 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    3/16/2012 4:41:37 PM, Error: EventLog [6008] - The previous system shutdown at 4:36:13 PM on 3/16/2012 was unexpected.
    3/16/2012 4:07:13 PM, Error: EventLog [6008] - The previous system shutdown at 3:38:46 PM on 3/16/2012 was unexpected.
    3/16/2012 11:55:57 AM, Error: EventLog [6008] - The previous system shutdown at 3:28:00 AM on 3/16/2012 was unexpected.
    3/16/2012 11:50:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/16/2012 11:39:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi Beep is3srv SASDIFSV SASKUTIL spldr Wanarpv6
    3/16/2012 11:39:29 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/16/2012 11:38:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/16/2012 11:38:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    3/16/2012 11:38:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/16/2012 11:38:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/16/2012 11:38:11 PM, Error: EventLog [6008] - The previous system shutdown at 11:35:12 PM on 3/16/2012 was unexpected.
    3/16/2012 11:34:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep is3srv
    3/16/2012 11:34:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
    3/16/2012 11:34:59 PM, Error: Service Control Manager [7000] - The Autodesk Content Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/16/2012 11:30:23 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    3/16/2012 11:30:23 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    3/16/2012 11:30:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    3/16/2012 11:30:23 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/16/2012 11:30:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/16/2012 11:28:54 PM, Error: EventLog [6008] - The previous system shutdown at 11:27:25 PM on 3/16/2012 was unexpected.
    3/16/2012 10:47:58 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    3/16/2012 10:42:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
    3/16/2012 10:06:01 PM, Error: EventLog [6008] - The previous system shutdown at 10:01:53 PM on 3/16/2012 was unexpected.
    3/15/2012 2:25:00 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/14/2012 7:01:14 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242007: Security Update for Microsoft Visual Studio 2008 Service Pack 1 XML Editor (KB2251487).
    3/10/2012 12:21:48 PM, Error: EventLog [6008] - The previous system shutdown at 12:19:48 PM on 3/10/2012 was unexpected.
    .
    ==== End Of File ===========================
     
  7. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    The computer that is infected can be connected to the internet, but only in safe mode with networking. If I try in normal mode it will freeze.
     
  8. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    I was wondering if there is any corrective measures that can be done? I haven't heard back from anyone since Saturday morning. The computer still can only be run in safe mode with networking. Searchya and Babylon no longer show up as being on the computer because I removed them, but the Searchya and Babylon tool bars still show up. I did a google search and found that both are viruses. Is there a way to remove the rest of them easily?
     
  9. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    In talking with my girlfriend this morning, I found out that she had run malwarebytes earlier on the 16th. The program had frozen according to her, but I found this log in the history.


    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.16.05

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Nicole :: NICOLE-PC [administrator]

    3/16/2012 10:16:48 PM
    mbam-log-2012-03-16 (22-16-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 30786
    Time elapsed: 2 minute(s), 52 second(s) [aborted]

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Users\Nicole\Documents\Downloads\VideoConverterSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Users\Nicole\Documents\Downloads\video_downloader (1).exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
    C:\Users\Nicole\Documents\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.

    (end)
     
  10. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    The computer went into chkdsk mode again this morning and I was able to take this pic.
     

    Attached Files:

  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    All in time- I've been sick.

    When you open the Error Check (chkdsk) check both boxes, reboot and let the scan continue- there will be 5 steps. It will take a while. Have a cup of coffee and read a book while it's running.

    System will reboot when through. Once it has run to completion and rebooted, it shouldn't start up again by itself.

    Okay to use Safe Mode with Networking. After malware is removed, normal Mode should be okay.
    ==========================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =======================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ========================================
    I'll remove the toolbars with wcript after Combofix.

    Please be patient- I am 2 days behind.
     
  12. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    ComboFix 12-03-21.02 - Nicole 03/21/2012 19:00:27.8.4 - x64 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.5072 [GMT -5:00]
    Running from: c:\users\Nicole\Documents\Downloads\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))
    .
    .
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-10 15:39 . 2011-07-14 15:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-23 16:23 . 2012-01-04 06:11 41184 ----a-w- c:\windows\avastSS.scr
    2012-02-23 16:23 . 2012-01-04 06:11 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-02-23 16:23 . 2012-01-02 22:32 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-02-23 16:12 . 2012-01-04 06:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-02-23 16:12 . 2012-01-04 06:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-02-23 16:10 . 2012-01-04 06:12 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-02-23 16:10 . 2012-01-04 06:12 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-02-23 16:10 . 2012-01-04 06:12 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-02-23 16:10 . 2012-01-04 06:12 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-02-23 15:18 . 2011-01-17 07:35 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-19 15:22 . 2012-01-19 15:22 45936 ----a-r- c:\windows\system32\SBBD.EXE
    2012-01-12 05:50 . 2012-01-12 05:50 18944 ----a-r- c:\users\Nicole\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
    2012-01-04 08:15 . 2011-04-30 16:28 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
    2012-01-03 14:25 . 2012-02-18 18:37 404992 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2011-12-09 1517368]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-27 39408]
    "Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]
    "ChromeFrameHelper"="c:\users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1068.1\chrome_frame_helper.exe" [2012-03-15 96752]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
    .
    2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
    .
    2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000Core.job
    - c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
    .
    2012-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000UA.job
    - c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-02-23 16:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{f9bbf004-6e40-4019-8214-c43a37e1d058} - (no file)
    BHO-{C4B8BAB4-1667-11DF-A242-BA9455D89593} - c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
    Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    WebBrowser-{F9BBF004-6E40-4019-8214-C43A37E1D058} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-03-21 20:26:15 - machine was rebooted
    .
    Pre-Run: 433,527,361,536 bytes free
    Post-Run: 433,461,280,768 bytes free
    .
     
  13. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    will run ESET scan later tonight
     
  14. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    Here is the ESET scan log

    C:\Program Files (x86)\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application
    C:\Program Files (x86)\FoxTabVideoConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.H application
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, I think we're almost through:

    First, please note: All below were enabled when you ran Combofix:
    Please note Combofix instructions:
    and again:
    =====================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\users\Nicole\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
    C:\Program Files (x86)\FoxTabVideoConverter\VideoConverter.exe 
    C:\Program Files (x86)\FoxTabVideoConverter\Uninstall\Uninstall.exe 
    DDS::
    uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    uURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    BHO-X64: Updater For Simppull Toolbar: {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
    BHO-X64: Updater For Simppull Toolbar - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"=- 
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    RegLock::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00, 59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00, \
    
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    1. I have remove entries for the Yahoo Companion! It comes bundled with many third party applications
    2. I have also removed entries for the Simpull Toolbar by W3i, LLC, which also comes bundled with various third party applications> Reference was made to their Privacy Policy but their site brought a WOT "Warning- this is a dangerous site".
    3. Combofix is missing this entire section:>>>>==== SERVICES / DRIVERS ==== between Reg Loading Points (REGEDIT4) and Contents of the 'Scheduled Tasks' folder
    ===================
    Please run Malwarebytes again. The program did not finish:
    Time elapsed: 2 minute(s), 52 second(s) aborted]
    Follow this direction:
    Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.

    Please leave the logs in the next reply.

    Note: I have included the 2 files from Eset in the Combofix script. Looks like download site was CNET. They are requioring an Active X download with their programs.
     
  16. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    Tried turning off Windows Defender and I got an error message that reads:

    Application failed to initialize: 0x800106ba. A problem caused this program's service to stop. To start the service, restart your computer or search Help and Support for how to start a service manually.
     
  17. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    Found everything to turn it off.
     
  18. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    ComboFix 12-03-22.01 - Nicole 03/24/2012 12:44:21.8.4 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.4198 [GMT -5:00]
    Running from: c:\users\Nicole\Documents\Downloads\ComboFix.exe
    Command switches used :: c:\users\Nicole\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files (x86)\FoxTabVideoConverter\Uninstall\Uninstall.exe"
    "c:\program files (x86)\FoxTabVideoConverter\VideoConverter.exe"
    "c:\users\Nicole\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\FoxTabVideoConverter\Uninstall\Uninstall.exe
    c:\program files (x86)\FoxTabVideoConverter\VideoConverter.exe
    c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    c:\users\Nicole\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
    J:\Autorun.inf
    J:\Setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-24 17:56 . 2012-03-24 17:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-03-24 17:56 . 2012-03-24 17:56 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-03-24 17:56 . 2012-03-24 17:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-24 17:56 . 2012-03-24 17:56 -------- d-----w- c:\users\AppData\AppData\Local\temp
    2012-03-24 06:12 . 2012-03-24 06:12 -------- d-----w- c:\users\Nicole\AppData\Roaming\com.socialbox.socialbox
    2012-03-23 20:07 . 2012-03-23 20:07 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8592EBD0-50CA-4A4A-BCCE-A5AC4E1E79C8}\offreg.dll
    2012-03-23 19:50 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8592EBD0-50CA-4A4A-BCCE-A5AC4E1E79C8}\mpengine.dll
    2012-03-22 15:06 . 2012-03-22 15:06 -------- d-----w- c:\program files (x86)\ESET
    2012-03-22 08:00 . 2012-03-22 08:00 -------- d-----w- C:\e5176b4be44ced2d25f828d6e97a
    2012-03-22 00:11 . 2012-03-24 17:59 -------- d-----w- c:\users\Nicole\AppData\Local\temp
    2012-03-21 08:04 . 2012-03-21 08:04 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-03-20 15:58 . 2012-03-20 15:58 -------- d-----w- C:\0c572bb179cde750a8df677364
    2012-03-17 03:16 . 2012-01-12 14:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
    2012-03-17 02:42 . 2012-03-17 02:42 -------- d-----w- c:\users\Nicole\AppData\Local\VS Revo Group
    2012-03-17 01:55 . 2012-03-17 01:55 -------- d-----w- C:\found.001
    2012-03-17 00:47 . 2012-03-17 00:47 -------- d-----w- c:\users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
    2012-03-17 00:45 . 2012-03-17 00:47 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-03-17 00:45 . 2012-03-17 00:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-03-16 20:57 . 2012-03-16 20:57 -------- d-----w- C:\found.000
    2012-03-15 19:27 . 2012-03-15 19:27 -------- d-----w- c:\program files\iPod
    2012-03-15 19:27 . 2012-03-15 19:28 -------- d-----w- c:\program files\iTunes
    2012-03-15 19:27 . 2012-03-15 19:28 -------- d-----w- c:\program files (x86)\iTunes
    2012-03-15 00:20 . 2012-03-15 00:20 -------- d-----w- c:\users\Nicole\AppData\Roaming\DVDVideoSoft
    2012-03-15 00:20 . 2012-03-15 00:20 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
    2012-03-15 00:20 . 2012-03-15 00:20 -------- d-----w- c:\program files (x86)\DVDVideoSoft
    2012-03-15 00:10 . 2012-03-24 17:56 -------- d-----w- c:\program files (x86)\FoxTabVideoConverter
    2012-03-12 22:15 . 2012-03-12 22:15 -------- d-----w- c:\program files (x86)\AWS
    2012-03-12 18:34 . 2010-02-18 13:49 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-03-12 18:34 . 2010-02-18 11:59 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2012-03-03 03:10 . 2012-03-03 03:20 -------- d-----w- C:\Fonts, new
    2012-02-24 05:26 . 2012-02-24 05:26 -------- d-----w- c:\program files (x86)\Conduit
    2012-02-24 05:08 . 2012-02-24 05:27 -------- d-----w- c:\program files (x86)\v-Grabber
    2012-02-24 05:08 . 2012-03-15 00:10 293 ----a-w- C:\user.js
    2012-02-24 05:08 . 2012-03-17 02:52 -------- d-----w- c:\users\Nicole\AppData\Roaming\Babylon
    2012-02-24 05:08 . 2012-03-17 02:52 -------- d-----w- c:\users\Nicole\AppData\Local\Babylon
    2012-02-24 05:08 . 2012-02-24 05:08 -------- d-----w- c:\programdata\Babylon
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-10 15:39 . 2011-07-14 15:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-23 16:23 . 2012-01-04 06:11 41184 ----a-w- c:\windows\avastSS.scr
    2012-02-23 16:23 . 2012-01-04 06:11 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-02-23 16:23 . 2012-01-02 22:32 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-02-23 16:12 . 2012-01-04 06:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-02-23 16:12 . 2012-01-04 06:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-02-23 16:10 . 2012-01-04 06:12 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-02-23 16:10 . 2012-01-04 06:12 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-02-23 16:10 . 2012-01-04 06:12 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-02-23 16:10 . 2012-01-04 06:12 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-02-23 14:18 . 2011-01-17 07:35 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-19 15:22 . 2012-01-19 15:22 45936 ----a-r- c:\windows\system32\SBBD.EXE
    2012-01-04 08:15 . 2011-04-30 16:28 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
    2012-01-03 14:25 . 2012-02-18 18:37 404992 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@ )))))))))))))))))))))))))))))))))))))))))

    Edit: 23 posts for Lengthy SnapShot reviewed and deleted by Bobbye.
     
  19. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    Edit: Lengthy Combofix SnapShot reviewed and deleted by Bobbye.
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
    c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll [BU]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-27 39408]
    "Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
    "ChromeFrameHelper"="c:\users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1077.3\chrome_frame_helper.exe" [2012-03-23 96752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
    .
    2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
    .
    2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000Core.job
    - c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
    .
    2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000UA.job
    - c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-02-23 16:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    AddRemove-FoxTab Video Converter - c:\program files (x86)\FoxTabVideoConverter\Uninstall\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    c:\program files (x86)\Secunia\PSI\PSIA.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Secunia\PSI\sua.exe
    c:\program files (x86)\Windows Media Player\wmplayer.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-24 13:04:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-24 18:04
    ComboFix2.txt 2012-03-22 01:26
    .
    Pre-Run: 533,714,022,400 bytes free
    Post-Run: 533,576,019,968 bytes free
    .
    - - End Of File - - 75BDA5318A7CE12A3C4AB7516B5F662B
     
  20. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    Previous posts were Combofix obviously. Here is the newest log from Malwarebytes.


    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.24.03

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Nicole :: NICOLE-PC [administrator]

    3/24/2012 3:00:20 PM
    mbam-log-2012-03-24 (15-00-20).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 705842
    Time elapsed: 2 hour(s), 36 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 5
    C:\Program Files (x86)\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Program Files (x86)\FoxTabVideoConverter\Uninstall\Uninstall.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Users\Nicole\Documents\Downloads\Softango_VideoConverter_Multi.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
    C:\Windows.old\Program Files\Fast Browser Search\IE\SearchGuardPlus.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.
    C:\Windows.old\Program Files\Fast Browser Search\IE\update.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.

    (end)
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, hopefully this will finish clearing most of the bad entries up:

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    C:\user.js
    Folder::
    c:\program files (x86)\Conduit
    c:\program files (x86)\v-Grabber
    c:\users\Nicole\AppData\Roaming\Babylon
    c:\users\Nicole\AppData\Local\Babylon
    c:\programdata\Babylon
    C:\e5176b4be44ced2d25f828d6e97a
    c:\users\Nicole\AppData\Local\temp
    C:\0c572bb179cde750a8df677364
    C:\found.001.
    C:\found.000
    Registry::
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
    
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Please search the system for any of the following:
    1. v-Grabber
    2.PC Performer Setup463.exe >> Trojan downloader activity, Spyware like activity
    it's location is C:Users\....\Appdata\Local\Temp\PC Performer Setup463.exe
    3. InstallBrain
    4. BundleInstaller.IB
    The following are in a folder named Windows.old:
    Fast Browser Search
    SearchGuardPlus
    Fbsearch


    Delete or uninstall all you find. you may have to open the hidden files and olders in Folder Options. Whe finished, use Windows Explorer to access Computer> Local Drive(C)> Programs > Do a right click? Delete on any program folders you see for the above (AFTER you uninstall them!)
    ===========================================
    First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

    Let me know how system is doing when finished.
     
  22. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    Here is the latest combofix list. I did not transfer over some of the lines as they were redundant from last time.

    ComboFix 12-03-22.01 - Nicole 03/28/2012 16:15:04.9.4 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.4525 [GMT -5:00]
    Running from: c:\users\Nicole\Documents\Downloads\ComboFix.exe
    Command switches used :: c:\users\Nicole\Desktop\cfscript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    FILE ::
    "C:\user.js"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\0c572bb179cde750a8df677364
    c:\0c572bb179cde750a8df677364\$shtdwn$.req
    c:\0c572bb179cde750a8df677364\1028\eula.rtf
    c:\0c572bb179cde750a8df677364\1028\HotFixInstallerUI.dll
    c:\0c572bb179cde750a8df677364\1031\eula.rtf
    c:\0c572bb179cde750a8df677364\1031\HotFixInstallerUI.dll
    c:\0c572bb179cde750a8df677364\1033\eula.rtf
    c:\0c572bb179cde750a8df677364\1033\HotFixInstallerUI.dll
    c:\0c572bb179cde750a8df677364\1036\eula.rtf
    c:\0c572bb179cde750a8df677364\1036\HotFixInstallerUI.dll
    c:\0c572bb179cde750a8df677364\1040\eula.rtf
    c:\0c572bb179cde750a8df677364\1040\HotFixInstallerUI.dll
    c:\0c572bb179cde750a8df677364\1041\eula.rtf
    c:\0c572bb179cde750a8df677364\1041\HotFixInstallerUI.dll
    c:\0c572bb179cde750a8df677364\1042\eula.rtf
    c:\0c572bb179cde750a8df677364\1042\HotFixInstallerUI.dll
    c:\0c572bb179cde750a8df677364\1046\eula.rtf
    c:\0c572bb179cde750a8df677364\1046\HotFixInstallerUI.dll
    c:\0c572bb179cde750a8df677364\1049\eula.rtf
    c:\0c572bb179cde750a8df677364\1049\HotFixInstallerUI.dll
    c:\0c572bb179cde750a8df677364\2052\eula.rtf
    c:\0c572bb179cde750a8df677364\2052\HotFixInstallerUI.dll
    c:\0c572bb179cde750a8df677364\3082\eula.rtf
    c:\0c572bb179cde750a8df677364\3082\HotFixInstallerUI.dll
    c:\0c572bb179cde750a8df677364\DHtmlHeader.html
    c:\0c572bb179cde750a8df677364\header.bmp
    c:\0c572bb179cde750a8df677364\HotFixInstaller.exe
    c:\0c572bb179cde750a8df677364\ParameterInfo.xml
    c:\0c572bb179cde750a8df677364\VS90SP1-KB2251487.msp
    c:\0c572bb179cde750a8df677364\watermark.bmp
    C:\e5176b4be44ced2d25f828d6e97a
    c:\e5176b4be44ced2d25f828d6e97a\$shtdwn$.req
    c:\e5176b4be44ced2d25f828d6e97a\1028\eula.rtf
    c:\e5176b4be44ced2d25f828d6e97a\1028\HotFixInstallerUI.dll
    c:\e5176b4be44ced2d25f828d6e97a\1031\eula.rtf
    c:\e5176b4be44ced2d25f828d6e97a\1031\HotFixInstallerUI.dll
    c:\e5176b4be44ced2d25f828d6e97a\1033\eula.rtf
    c:\e5176b4be44ced2d25f828d6e97a\1033\HotFixInstallerUI.dll
    c:\e5176b4be44ced2d25f828d6e97a\1036\eula.rtf
    c:\e5176b4be44ced2d25f828d6e97a\1036\HotFixInstallerUI.dll
    c:\e5176b4be44ced2d25f828d6e97a\1040\eula.rtf
    c:\e5176b4be44ced2d25f828d6e97a\1040\HotFixInstallerUI.dll
    c:\e5176b4be44ced2d25f828d6e97a\1041\eula.rtf
    c:\e5176b4be44ced2d25f828d6e97a\1041\HotFixInstallerUI.dll
    c:\e5176b4be44ced2d25f828d6e97a\1042\eula.rtf
    c:\e5176b4be44ced2d25f828d6e97a\1042\HotFixInstallerUI.dll
    c:\e5176b4be44ced2d25f828d6e97a\1046\eula.rtf
    c:\e5176b4be44ced2d25f828d6e97a\1046\HotFixInstallerUI.dll
    c:\e5176b4be44ced2d25f828d6e97a\1049\eula.rtf
    c:\e5176b4be44ced2d25f828d6e97a\1049\HotFixInstallerUI.dll
    c:\e5176b4be44ced2d25f828d6e97a\2052\eula.rtf
    c:\e5176b4be44ced2d25f828d6e97a\2052\HotFixInstallerUI.dll
    c:\e5176b4be44ced2d25f828d6e97a\3082\eula.rtf
    c:\e5176b4be44ced2d25f828d6e97a\3082\HotFixInstallerUI.dll
    c:\e5176b4be44ced2d25f828d6e97a\DHtmlHeader.html
    c:\e5176b4be44ced2d25f828d6e97a\header.bmp
    c:\e5176b4be44ced2d25f828d6e97a\HotFixInstaller.exe
    c:\e5176b4be44ced2d25f828d6e97a\ParameterInfo.xml
    c:\e5176b4be44ced2d25f828d6e97a\VS90SP1-KB2251487.msp
    c:\e5176b4be44ced2d25f828d6e97a\watermark.bmp
    C:\found.000
    c:\found.000\dir0000.chk\b[8].gif
    c:\found.000\dir0000.chk\beacon[2].js
    c:\found.000\dir0000.chk\dk[3].js
    c:\found.000\dir0000.chk\dref=http%253A%252F%252Fwww.mevio[1].js
    c:\found.000\dir0000.chk\elie-saab-10511-2[1].jpg
    c:\found.000\dir0000.chk\elie-saab-10511-5[1].jpg
    c:\found.000\dir0000.chk\happy-socks03header[1].jpg
    c:\found.000\dir0000.chk\img[2].js
    c:\found.000\dir0000.chk\impCACNUKP5.js
    c:\found.000\dir0000.chk\MevioBPFX[1].swf
    c:\found.000\dir0000.chk\tntwo[2].js
    C:\found.001.
    c:\found.001.\dir0000.chk\26\9C5BDd01
    c:\found.001.\dir0000.chk\D5\F04FAd01
    c:\found.001.\dir0001.chk\14\3C689d01
    c:\found.001.\dir0001.chk\97\66531d01
    c:\found.001.\dir0002.chk\73\252B3d01
    c:\found.001.\dir0002.chk\84\1B39Ad01
    c:\found.001.\dir0003.chk\79\2407Fd01
    c:\found.001.\dir0003.chk\83\E422Ad01
    c:\found.001.\dir0004.chk\B2\CC636d01
    c:\found.001.\dir0004.chk\BD\47AEAd01
    c:\found.001.\dir0004.chk\F3\51E7Cd01
    c:\found.001.\dir0005.chk\06\DC571d01
    c:\found.001.\dir0005.chk\4C\D3363d01
    c:\found.001.\dir0005.chk\54\E76A4d01
    c:\found.001.\dir0005.chk\E0\6A2FEd01
    c:\found.001.\dir0006.chk\B88B8d01
    c:\found.001.\dir0007.chk\9FD4Ad01
    c:\found.001.\dir0008.chk\E841Bd01
    c:\found.001.\file0000.chk
    c:\found.001.\file0001.chk
    c:\program files (x86)\Conduit
    c:\program files (x86)\Conduit\Community Alerts\Alert.dll
    c:\program files (x86)\v-Grabber
    c:\program files (x86)\v-Grabber\appicon.ico
    c:\program files (x86)\v-Grabber\converter\ffmpeg.exe
    c:\program files (x86)\v-Grabber\imageformats\qjpeg4.dll
    c:\program files (x86)\v-Grabber\libgcc_s_dw2-1.dll
    c:\program files (x86)\v-Grabber\libstdc++-6.dll
    c:\program files (x86)\v-Grabber\mingwm10.dll
    c:\program files (x86)\v-Grabber\phonon4.dll
    c:\program files (x86)\v-Grabber\QtCore4.dll
    c:\program files (x86)\v-Grabber\QtGui4.dll
    c:\program files (x86)\v-Grabber\QtNetwork4.dll
    c:\program files (x86)\v-Grabber\QtWebKit4.dll
    c:\program files (x86)\v-Grabber\youtubeDL.exe
    c:\programdata\Babylon
    C:\user.js
    c:\users\Nicole\AppData\Local\Babylon
    c:\users\Nicole\AppData\Local\temp\is2FE3.tmp
    c:\users\Nicole\AppData\Local\temp\jusched.log
    c:\users\Nicole\AppData\Local\temp\LEX1DEC.tmp
    c:\users\Nicole\AppData\Local\temp\ms3953.tmp
    c:\users\Nicole\AppData\Local\temp\MSIb35ad.LOG
    c:\users\Nicole\AppData\Local\temp\Nicole.bmp
    c:\users\Nicole\AppData\Local\temp\WKS1CE2.tmp
    c:\users\Nicole\AppData\Local\temp\WKS48B5.tmp
    c:\users\Nicole\AppData\Local\temp\WKS48B6.tmp
    c:\users\Nicole\AppData\Local\temp\WKS48B7.tmp
    c:\users\Nicole\AppData\Local\temp\wmplog00.sqm
    c:\users\Nicole\AppData\Local\temp\wmplog01.sqm
    c:\users\Nicole\AppData\Local\temp\wmplog02.sqm
    c:\users\Nicole\AppData\Local\temp\wmplog03.sqm
    c:\users\Nicole\AppData\Local\temp\wmplog04.sqm
    c:\users\Nicole\AppData\Local\temp\wmplog05.sqm
    c:\users\Nicole\AppData\Local\temp\wmplog06.sqm
    c:\users\Nicole\AppData\Roaming\Babylon
    ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-28 21:20 . 2012-03-28 21:21 -------- d-----w- c:\users\Nicole\AppData\Local\Temp
    2012-03-28 21:17 . 2012-03-28 21:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-03-28 21:17 . 2012-03-28 21:17 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-03-28 21:17 . 2012-03-28 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-28 21:17 . 2012-03-28 21:17 -------- d-----w- c:\users\AppData\AppData\Local\temp
    2012-03-24 06:12 . 2012-03-24 06:12 -------- d-----w- c:\users\Nicole\AppData\Roaming\com.socialbox.socialbox
    2012-03-23 20:07 . 2012-03-23 20:07 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8592EBD0-50CA-4A4A-BCCE-A5AC4E1E79C8}\offreg.dll
    2012-03-23 19:50 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8592EBD0-50CA-4A4A-BCCE-A5AC4E1E79C8}\mpengine.dll
    2012-03-22 15:06 . 2012-03-22 15:06 -------- d-----w- c:\program files (x86)\ESET
    2012-03-21 08:04 . 2012-03-21 08:04 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-03-17 03:16 . 2012-01-12 14:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
    2012-03-17 02:42 . 2012-03-17 02:42 -------- d-----w- c:\users\Nicole\AppData\Local\VS Revo Group
    2012-03-17 00:47 . 2012-03-17 00:47 -------- d-----w- c:\users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
    2012-03-17 00:45 . 2012-03-17 00:47 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-03-17 00:45 . 2012-03-17 00:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-03-15 19:27 . 2012-03-15 19:27 -------- d-----w- c:\program files\iPod
    2012-03-15 19:27 . 2012-03-15 19:28 -------- d-----w- c:\program files\iTunes
    2012-03-15 19:27 . 2012-03-15 19:28 -------- d-----w- c:\program files (x86)\iTunes
    2012-03-15 00:20 . 2012-03-15 00:20 -------- d-----w- c:\users\Nicole\AppData\Roaming\DVDVideoSoft
    2012-03-15 00:20 . 2012-03-15 00:20 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
    2012-03-15 00:20 . 2012-03-15 00:20 -------- d-----w- c:\program files (x86)\DVDVideoSoft
    2012-03-15 00:10 . 2012-03-24 17:56 -------- d-----w- c:\program files (x86)\FoxTabVideoConverter
    2012-03-12 22:15 . 2012-03-12 22:15 -------- d-----w- c:\program files (x86)\AWS
    2012-03-12 18:34 . 2010-02-18 13:49 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-03-12 18:34 . 2010-02-18 11:59 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2012-03-03 03:10 . 2012-03-03 03:20 -------- d-----w- C:\Fonts, new
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-10 15:39 . 2011-07-14 15:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-23 16:23 . 2012-01-04 06:11 41184 ----a-w- c:\windows\avastSS.scr
    2012-02-23 16:23 . 2012-01-04 06:11 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-02-23 16:23 . 2012-01-02 22:32 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-02-23 16:12 . 2012-01-04 06:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-02-23 16:12 . 2012-01-04 06:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-02-23 16:10 . 2012-01-04 06:12 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-02-23 16:10 . 2012-01-04 06:12 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-02-23 16:10 . 2012-01-04 06:12 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-02-23 16:10 . 2012-01-04 06:12 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-02-23 14:18 . 2011-01-17 07:35 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-19 15:22 . 2012-01-19 15:22 45936 ----a-r- c:\windows\system32\SBBD.EXE
    2012-01-04 08:15 . 2011-04-30 16:28 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
    2012-01-03 14:25 . 2012-02-18 18:37 404992 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
     
  23. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
    c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll [BU]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-27 39408]
    "Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
    "ChromeFrameHelper"="c:\users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1077.3\chrome_frame_helper.exe" [2012-03-23 96752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
    .
    2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
    .
    2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000Core.job
    - c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
    .
    2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000UA.job
    - c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-02-23 16:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    c:\program files (x86)\Secunia\PSI\PSIA.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Secunia\PSI\sua.exe
    c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-28 16:24:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-28 21:24
    ComboFix2.txt 2012-03-24 18:04
    ComboFix3.txt 2012-03-22 01:26
    .
    Pre-Run: 519,093,501,952 bytes free
    Post-Run: 520,125,612,032 bytes free
    .
    - - End Of File - - A92BD519CA51BE6ADA509A910C8D0549
     
  24. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:03:13 AM, on 3/29/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1081.2\chrome_frame_helper.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Updater For Simppull Toolbar - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ChromeFrameHelper] "C:\Users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1081.2\chrome_frame_helper.exe" --startup
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\19.0.1081.2\npchrome_frame.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 8670 bytes
     
  25. rcmeyer99

    rcmeyer99 TS Rookie Topic Starter Posts: 68

    Also went through the files and found v-grabber, Fast Browser Search and FBsearch. I removed them from the C: drive.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...