Sorry for the delay in getting to you, I'm K27 and i will be reviewing your log for you.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.
Failure to reply in three (3) days will result in this topic being closed and I will remove it from my notifications, If you require more time then that is fine but please let me know.
Please disable Spybot's TeaTimer function, you can find instructions HERE, if you are unable to disable TeaTimer, please uninstall Spybot via "Programs and Features" in Control Panel, you can reinstall once we are done.
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them fromhereand just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
I need to see some additional information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
A small box will open, with an explanation about the tool.
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.
Instead of attaching, please copy/past both logs into your next reply.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
Then please Go here to run an online scannner from ESET.
Note: You will need to use Internet explorer for this scan
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Click the "Show Results" button
Then click the "Export to Text File" button and save the log to the desktop
Copy and paste that log as a reply to this topic and also let me know how things are now.
Please post back the ESET report and a fresh set of DDS logs.
C:\Users\Kaity\AppData\Roaming\Mozilla\Firefox\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll probably a variant of Win32/Adware.Gamevance.AG application
i did not fix the errors because you had me uncheck the box. if you need me to re-run the scan and get rid of the files please let me know.
Here's the attach - run #2
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 12/5/2008 4:21:54 AM
System Uptime: 6/2/2011 3:52:07 PM (7 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | Microprocessor | 2000/200mhz
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
Your Java is outdated
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Scroll down to where it says JDK 6 Update 25 (JDK or JRE)
Click the Download JRE button to the right
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u25 with JavaFX 1 License Agreement". Click on Continue. The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH Checked
Applications and Applets Trace and Log Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.
. Adobe Acrobat/Reader is out of date please update to the latest version from HERE(NOTE: On the Download page, please make sure to uncheck the box next to the "McAfee Scan" item as it is not needed) Once you have the latest version of Adobe Reader installed, please uninstall all outdated version that remain in the add/Remove programs list on your system in control panel.
Please post back the OTM log, and a fresh set of DDS logs. Also, please give a status report on how the system is now running. <---Important, please answer this
The fixes in this topic were written specifically for this user, following them may cause harm to your machine and render it a brick (useless)
If you are the original poster and would like further assistance please post a fresh HJT log in a NEW topic along with details of the problems you are having.
All other user's, please read THIS page and then please start a New Topic at the top of the Malware Removal Forum by clicking the button.
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
May 30th, 2011 12:00
Hi,
Welcome to Dell Community Malware Removal Forums,
Sorry for the delay in getting to you, I'm K27 and i will be reviewing your log for you.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.
Failure to reply in three (3) days will result in this topic being closed and I will remove it from my notifications, If you require more time then that is fine but please let me know.
Please disable Spybot's TeaTimer function, you can find instructions HERE, if you are unable to disable TeaTimer, please uninstall Spybot via "Programs and Features" in Control Panel, you can reinstall once we are done.
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
MBAM will automatically start and you will be asked to update the program before performing a scan.
On the Scanner tab:
Back at the main Scanner screen:
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
I need to see some additional information about what is happening in your machine.
Please perform the following scan:
- Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.com
- DDS.scr
- DDS.pif
- Double click on the DDS icon, allow it to run.
- A small box will open, with an explanation about the tool.
- When done, DDS will open two (2) logs
1. DDS.txt2. Attach.txt
Please note: You may have to disable any script protection running if the scan fails to run.After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
Please COPY/PASTE the MBAM log and BOTH DDS logs.
Thankyou,
K27.
dpedchenko
4 Posts
0
May 30th, 2011 21:00
Thank you K27 for your assistance. Still have the blasted pop ups.
Here is the MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6727
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
5/30/2011 10:34:07 PM
mbam-log-2011-05-30 (22-34-07).txt
Scan type: Quick scan
Objects scanned: 166000
Time elapsed: 6 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 33
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
Files Infected:
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
Here is Attach log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 12/5/2008 4:21:54 AM
System Uptime: 5/30/2011 10:35:51 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 123.097 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.852 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
10 Days Under The Sea
3 Days: Amulet Secret
A Gypsy's Tale: Tower of Secrets
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Adobe Shockwave Player 11
Advanced Audio FX Engine
Advanced Video FX Engine
Age of Oracles - Tara's Journey
AIM 7
AIM Toolbar
Algebra 2 4.1
Amanda Rose: The Game of Time
Ancient Spirits: Columbus' Legacy
Ankh - The Lost Treasures
AOL Install
AVG PC Tuneup 2011
Banctec Service Agreement
Bejeweled 2 Deluxe
Bloodline of the Fallen: Anna's Sacrifice
Book of Legends
Browser Address Error Redirector
Buried in Time
Caribbean Mah Jong
Chronicles of Albian
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conduit Engine
Conexant HDA D330 MDC V.92 Modem
Content Transfer
Deep Blue Sea 2: The Amulet of Light
Dell-eBay
Dell Best of Web
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Toolbar
Dell Touchpad
Dell V310-V510 Series
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card Utility
DELL0604
Digital Line Detect
Download Updater (AOL LLC)
Dream Chronicles - The Book of Air Collector's Edition
EarthLink Setup Files
Echoes Of Sorrow
EDocs
Elementals - The Magic Key
Empress of the Deep - The Darkest Secret
Epic Adventures - La Jangada
ERUNT 1.1j
Escape from Frankenstein's Castle
Faded Reality
Family Feud 2
Fiction Fixers Adventures in Wonderland
Fiction Fixers: The Curse of Oz
GameHouse
Goddess Chronicles
GoldWave v5.55
GoToAssist 8.0.0.514
Graboid Video 1.73
Grace's Quest: To Catch An Art Thief
Green Moon
Guardians of Magic: Amanda's Awakening
Hide and Secret 2
Hide and Secret 3
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
House of Night Screensaver Screensaver
House, MD
Immortal Lovers
Intel(R) Matrix Storage Manager
Jane Lucky
Java(TM) 6 Update 7
King Arthur
Kitty Luv v1.8
Kuros
Laptop Integrated Webcam Driver (1.04.01.1011)
Letters from Nowhere
Letters from Nowhere 2
Lexmark 3600-4600 Series
Lexmark Fax Solutions
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Lost Fortunes
Lost Lagoon - The Trail of Destiny
Magic Encyclopedia
Magic Encyclopedia - Moon Light
Malwarebytes' Anti-Malware
Master Thief - Skyscraper Sting
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mirror Mysteries
Modem Diagnostic Tool
Mortimer Beckett and the Lost King
Murder Island: Secret of Tantalus
Mystery of Mortlake Mansion
Nancy Drew Dossier - Lights, Camera, Curses
Neptune's Secret
NetWaiting
NetZeroInstallers
NOOK for PC
Norton Security Scan
NWZ-E340 WALKMAN Guide
ooVoo
ooVoo Toolbar (Remove Toolbar Only)
OutlookAddinSetup
PageRage Toolbar
Pirate Mysteries
Pony Luv v1.5
Primo
Princess Isabella - A Witch's Curse
Puzzling Paws
QuickSet
Rasputin's Curse
Robin's Quest
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Royal Trouble
Season Match 3: Curse of the Witch Crow
Secret Diaries: Florence Ashford
Secret of the Magic Crystals
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
SigmaTel Audio
Spirit of Wandering - The Legend
Spybot - Search & Destroy
Star Crossed Love
Switch Sound File Converter
Tamara the 13th
The Clockwork Man
The Clockwork Man - The Hidden World
The Conjurer
The Dracula Files
The Inquisitor
The Institute: A Becky Brogan Adventure
The Legend of Crystal Valley
The Lost Inca Prophecy
The Lost Kingdom Prophecy
The Magician's Handbook 2: BlackLore
The Magician's Handbook: Cursed Valley
The Otherside - Realm of Eons
The Tarot's Misfortune
Three Cards to Midnight
Trapped - The Abduction
Twisted Lands: Shadow Town
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Installer for WildTangent Games App
Vampire Brides - Love Over Death
Vampire Saga - Pandora's Box
Vampireville
Victorian Mysteries: Woman in White
Viewpoint Media Player
Virtual Villagers 5 - New Believers
VLC media player 1.0.1
WildTangent Games
WildTangent Games App (Dell Games)
Women's Murder Club - A Darker Shade of Grey
Women's Murder Club - Death in Scarlet
Women's Murder Club - Twice in a Blue Moon
Women's Murder Club: Little Black Lies
Xvid 1.2.1 final uninstall
Yontoo Layers Client 1.10.01
.
==== End Of File ===========================
Here is DDS log
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Kaity at 22:59:02 on 2011-05-30
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3061.1718 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\Windows\system32\lxdxcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Dell V310-V510 Series\dleamon.exe
C:\Program Files\Dell V310-V510 Series\ezprint.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kaity\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.bing.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081205
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: H - No File
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\tbPage.dll
mURLSearchHooks: H - No File
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Updater For ooVoo Toolbar: {442ae524-eba5-4b17-82f3-888d68bc999a} - c:\program files\oovootb\auxi\oovooAu.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\tbPage.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\tbPage.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [oovoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [dleamon.exe] "c:\program files\dell v310-v510 series\dleamon.exe"
mRun: [EzPrint] "c:\program files\dell v310-v510 series\ezprint.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\kaity\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\kaity\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - ?s=100000343&p=ZKman000&si=&a=yqH2oKVHybmGElCMerPfpw&n=2010051819
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games-uk.pogo.com/Online2/pogo/chuzzle_popcap/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-12-5 73728]
R2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2009-2-10 94208]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-12-28 1153368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-3 24652]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-5 111616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleaserv.exe [2010-6-13 98984]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-31 02:20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-31 02:20:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-31 02:15:23 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f7249497-73fe-4b27-ad7e-4844f97556ac}\mpengine.dll
2011-05-31 00:40:11 -------- d-----w- c:\users\kaity\appdata\roaming\Malwarebytes
2011-05-31 00:39:51 -------- d-----w- c:\programdata\Malwarebytes
2011-05-31 00:39:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-11 22:36:20 -------- d-----w- c:\program files\Trend Micro
2011-05-11 00:55:00 -------- d-----w- c:\users\kaity\appdata\local\WindowsUpdate
2011-05-11 00:47:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-03 22:21:41 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
.
==================== Find3M ====================
.
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-12 21:55:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35:36 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 22:59:38.15 ===============
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
May 31st, 2011 14:00
Hi,
MBAM got a not for us, but we still have work to do.
Please uninstall the following programs via "Programs and Features" in Control Panel:
Conduit Engine
Norton Security Scan
ooVoo Toolbar (Remove Toolbar Only)
PageRage Toolbar
Viewpoint Media Player
Then please reboot the system.....
Then Please Run HijackThis, and press "Do a System Scan Only".
1. When the scan is complete place a check mark next to the following entries:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {40d32ddb-06ea-47fe-8d1d-0fe50808257c} - (no file)
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...
Note:BE CAREFUL NOT to check any other boxes as this may harm the workings of Windows and your PC
Then Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
Then please Go here to run an online scannner from ESET.
Please post back the ESET report and a fresh set of DDS logs.
Thanks.
dpedchenko
4 Posts
0
June 2nd, 2011 20:00
Hello,
Sorry for the delay.. Here is the eset:
C:\Program Files\Trend Micro\HijackThis\backups\backup-20110531-215650-109.dll Win32/Toolbar.Zugo application
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts56.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch18.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts56.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch18.zip Win32/Bagle.gen.zip worm
C:\Users\Kait\AppData\Local\Temp\Low\jar_cache38076.tmp multiple threats
C:\Users\Kait\AppData\Local\Temp\Low\jar_cache56662.tmp multiple threats
C:\Users\Kaity\AppData\Roaming\Mozilla\Firefox\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll probably a variant of Win32/Adware.Gamevance.AG application
i did not fix the errors because you had me uncheck the box. if you need me to re-run the scan and get rid of the files please let me know.
Here's the attach - run #2
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 12/5/2008 4:21:54 AM
System Uptime: 6/2/2011 3:52:07 PM (7 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 121.415 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.852 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP532: 3/23/2011 9:09:11 PM - Windows Update
RP533: 4/23/2011 9:53:03 AM - Windows Update
RP534: 4/23/2011 7:11:33 PM - Windows Update
RP535: 4/27/2011 4:24:17 PM - Windows Update
RP536: 4/30/2011 10:05:34 AM - Scheduled Checkpoint
RP537: 5/1/2011 4:52:57 PM - Scheduled Checkpoint
RP538: 5/3/2011 3:25:56 PM - Scheduled Checkpoint
RP540: 5/3/2011 6:21:11 PM - Installed DirectX
RP541: 5/7/2011 1:30:28 AM - Scheduled Checkpoint
RP542: 5/10/2011 11:14:56 PM - Windows Update
RP543: 5/10/2011 11:31:04 PM - Windows Update
RP544: 5/10/2011 11:33:24 PM - Windows Update
RP545: 5/11/2011 6:57:30 AM - Removed AVG 2011
RP546: 5/12/2011 3:00:18 AM - Windows Update
RP547: 5/12/2011 3:00:31 AM - Scheduled Checkpoint
RP548: 5/14/2011 3:29:31 PM - Scheduled Checkpoint
RP549: 5/14/2011 3:41:20 PM - Windows Update
RP550: 5/30/2011 8:32:40 PM - Windows Update
RP551: 5/30/2011 10:13:33 PM - Windows Update
RP552: 5/30/2011 11:12:48 PM - Installed AVG 2011
RP553: 5/30/2011 11:13:26 PM - Installed AVG 2011
.
==== Installed Programs ======================
.
10 Days Under The Sea
3 Days: Amulet Secret
A Gypsy's Tale: Tower of Secrets
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Adobe Shockwave Player 11
Advanced Audio FX Engine
Advanced Video FX Engine
Age of Oracles - Tara's Journey
AIM 7
AIM Toolbar
Algebra 2 4.1
Amanda Rose: The Game of Time
Ancient Spirits: Columbus' Legacy
Ankh - The Lost Treasures
AOL Install
AVG 2011
AVG PC Tuneup 2011
Banctec Service Agreement
Bejeweled 2 Deluxe
Bloodline of the Fallen: Anna's Sacrifice
Book of Legends
Browser Address Error Redirector
Buried in Time
Caribbean Mah Jong
Chronicles of Albian
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HDA D330 MDC V.92 Modem
Content Transfer
Deep Blue Sea 2: The Amulet of Light
Dell-eBay
Dell Best of Web
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Toolbar
Dell Touchpad
Dell V310-V510 Series
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card Utility
DELL0604
Digital Line Detect
Download Updater (AOL LLC)
Dream Chronicles - The Book of Air Collector's Edition
EarthLink Setup Files
Echoes Of Sorrow
EDocs
Elementals - The Magic Key
Empress of the Deep - The Darkest Secret
Epic Adventures - La Jangada
ERUNT 1.1j
Escape from Frankenstein's Castle
ESET Online Scanner v3
Faded Reality
Family Feud 2
Fiction Fixers Adventures in Wonderland
Fiction Fixers: The Curse of Oz
GameHouse
Goddess Chronicles
GoldWave v5.55
GoToAssist 8.0.0.514
Graboid Video 1.73
Grace's Quest: To Catch An Art Thief
Green Moon
Guardians of Magic: Amanda's Awakening
Hide and Secret 2
Hide and Secret 3
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
House of Night Screensaver Screensaver
House, MD
Immortal Lovers
Intel(R) Matrix Storage Manager
Jane Lucky
Java(TM) 6 Update 7
King Arthur
Kitty Luv v1.8
Kuros
Laptop Integrated Webcam Driver (1.04.01.1011)
Letters from Nowhere
Letters from Nowhere 2
Lexmark 3600-4600 Series
Lexmark Fax Solutions
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Lost Fortunes
Lost Lagoon - The Trail of Destiny
Magic Encyclopedia
Magic Encyclopedia - Moon Light
Malwarebytes' Anti-Malware
Master Thief - Skyscraper Sting
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mirror Mysteries
Modem Diagnostic Tool
Mortimer Beckett and the Lost King
Murder Island: Secret of Tantalus
Mystery of Mortlake Mansion
Nancy Drew Dossier - Lights, Camera, Curses
Neptune's Secret
NetWaiting
NetZeroInstallers
NOOK for PC
Norton Security Scan
NWZ-E340 WALKMAN Guide
ooVoo
OutlookAddinSetup
PageRage Toolbar
Pirate Mysteries
Pony Luv v1.5
Primo
Princess Isabella - A Witch's Curse
Puzzling Paws
QuickSet
Rasputin's Curse
Robin's Quest
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Royal Trouble
Season Match 3: Curse of the Witch Crow
Secret Diaries: Florence Ashford
Secret of the Magic Crystals
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
SigmaTel Audio
Spirit of Wandering - The Legend
Spybot - Search & Destroy
Star Crossed Love
Switch Sound File Converter
Tamara the 13th
The Clockwork Man
The Clockwork Man - The Hidden World
The Conjurer
The Dracula Files
The Inquisitor
The Institute: A Becky Brogan Adventure
The Legend of Crystal Valley
The Lost Inca Prophecy
The Lost Kingdom Prophecy
The Magician's Handbook 2: BlackLore
The Magician's Handbook: Cursed Valley
The Otherside - Realm of Eons
The Tarot's Misfortune
Three Cards to Midnight
Trapped - The Abduction
Twisted Lands: Shadow Town
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Installer for WildTangent Games App
Vampire Brides - Love Over Death
Vampire Saga - Pandora's Box
Vampireville
Victorian Mysteries: Woman in White
Virtual Villagers 5 - New Believers
VLC media player 1.0.1
WildTangent Games
WildTangent Games App (Dell Games)
Women's Murder Club - A Darker Shade of Grey
Women's Murder Club - Death in Scarlet
Women's Murder Club - Twice in a Blue Moon
Women's Murder Club: Little Black Lies
Xvid 1.2.1 final uninstall
Yontoo Layers Client 1.10.01
.
==== End Of File ===========================
DDS run #2:
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Kaity at 22:27:58 on 2011-06-02
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3061.1311 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\Windows\system32\lxdxcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Dell V310-V510 Series\dleamon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Dell V310-V510 Series\ezprint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG10\avgsrmax.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\AVG\AVG10\avgsrmax.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kaity\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.bing.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081205
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\tbPage.dll
mURLSearchHooks: H - No File
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\tbPage.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\tbPage.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [oovoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [dleamon.exe] "c:\program files\dell v310-v510 series\dleamon.exe"
mRun: [EzPrint] "c:\program files\dell v310-v510 series\ezprint.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\users\kaity\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\kaity\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - ?s=100000343&p=ZKman000&si=&a=yqH2oKVHybmGElCMerPfpw&n=2010051819
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games-uk.pogo.com/Online2/pogo/chuzzle_popcap/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-12-5 73728]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2009-2-10 94208]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-5 111616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleaserv.exe [2010-6-13 98984]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-12-28 1153368]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-01 02:30:59 -------- d-----w- c:\program files\ESET
2011-05-31 03:16:28 -------- d-----w- c:\users\kaity\appdata\roaming\AVG10
2011-05-31 03:14:18 -------- d-----w- c:\windows\system32\drivers\AVG
2011-05-31 03:14:18 -------- d-----w- c:\programdata\AVG10
2011-05-31 02:20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-31 02:20:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-31 02:15:23 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f7249497-73fe-4b27-ad7e-4844f97556ac}\mpengine.dll
2011-05-31 00:40:11 -------- d-----w- c:\users\kaity\appdata\roaming\Malwarebytes
2011-05-31 00:39:51 -------- d-----w- c:\programdata\Malwarebytes
2011-05-31 00:39:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-11 22:36:20 -------- d-----w- c:\program files\Trend Micro
2011-05-11 00:55:00 -------- d-----w- c:\users\kaity\appdata\local\WindowsUpdate
2011-05-11 00:47:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-15 01:28:18 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-16 20:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-03-12 21:55:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
.
============= FINISH: 22:30:27.77 ===============
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
June 3rd, 2011 12:00
Hi,
Please uninstall the "Page Rage" Toolbar via Add/Remove Programs in Control Panel and then reboot the system.
Please download OTM by OldTimer. Save it to your desktop.
Double click OTM.exe to start the tool.
----------------------------------------------------------------------
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExplorer\Toolbar]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"=-
"{9D425283-D487-4337-BAB6-AB8354A81457}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
:files
c:\program files\pagerage
C:\Users\Kaity\AppData\Roaming\Mozilla\Firefox\extensions\textlinks@playsushi.com
:commands
[emptytemp]
[reboot]
---------------------------------------------------------------------
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
.
Adobe Acrobat/Reader is out of date please update to the latest version from HERE (NOTE: On the Download page, please make sure to uncheck the box next to the "McAfee Scan" item as it is not needed)
Once you have the latest version of Adobe Reader installed, please uninstall all outdated version that remain in the add/Remove programs list on your system in control panel.
Please post back the OTM log, and a fresh set of DDS logs. Also, please give a status report on how the system is now running. <---Important, please answer this
Thanks.
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
June 7th, 2011 11:00
This topic is Inactive.....
The fixes in this topic were written specifically for this user, following them may cause harm to your machine and render it a brick (useless)
If you are the original poster and would like further assistance please post a fresh HJT log in a NEW topic along with details of the problems you are having.
All other user's, please read THIS page and then please start a New Topic at the top of the Malware Removal Forum by clicking the
button.