Jump to content

Peelster1

Honorary Members
 View Profile  See their activity

  • Posts

    32

  • Joined

  • Last visited

 Content Type 

Everything posted by Peelster1

  1. Peelster1
    I just want you to know that I will be unable to use the infected computer until Friday because I will be up at a friend's campground. Even now I am not posting from that computer, otherwise I would proceed with the next steps you have given me.
  2. Peelster1
    Ask, Retrogamer and Yahoo! toolbars were all uninstalled via Add or Remove Programs under Control Panel. Currently MBAM is blocking a malcious process from launching on every startup. If you need any logs and/or the message MBAM is giving me let me know. I successfully downloaded ComboFix and then began following the guide at the link you gave me. When I went to disable Windows Firewall I got the following message from Windows Firewall saying "Due to an unidentified problem, Windows cannot display Windows Firewall settings." The only button is "OK". I am unable to access the settings required to disable Windows Firewall in order to take the "preventative measures so that there are no conflicts with other programs when running ComboFix."
  3. Peelster1
    DDS.txt from the saved to Desktop scan. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Nick at 20:21:44 on 2012-07-08 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.476 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\system32\dldtcoms.exe C:\Program Files\Common Files\Nuance\dgnsvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\STacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\DellTPad\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Dell V305\dldtmon.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\PROGRA~1\RETROG~2\bar\1.bin\4wbrmon.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\PhotoStudio Expressions\PMMonitor.exe C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\Dell V305\dldtMsdMon.exe C:\Program Files\DellTPad\Apntex.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe "C:\WINDOWS\System32\svchost.exe" -k LocalServiceDns C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ uURLSearchHooks: N/A: {4cff1016-c2e2-4fdd-9c67-e32200c25ff9} - c:\program files\retrogamer_4w\bar\1.bin\4wSrcAs.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Toolbar BHO: {03123bb6-a811-407e-b323-66cf0be510b1} - c:\progra~1\retrog~2\bar\1.bin\4wbar.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Search Assistant BHO: {d757dbfc-1494-4647-a8b3-abd654988dd8} - c:\program files\retrogamer_4w\bar\1.bin\4wSrcAs.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: RefresherBand Class: {b24ba06e-fb7b-4757-95c2-dc01125f750e} - c:\progra~1\yrefre~1\YREFRE~1.DLL TB: Retrogamer: {3392cfec-56f8-41ee-bdb4-4e301efd2c93} - c:\program files\retrogamer_4w\bar\1.bin\4wbar.dll TB: {00000000-0000-0000-0000-000000000000} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [dldtmon.exe] "c:\program files\dell v305\dldtmon.exe" mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe" mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini mRun: [uSBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe mRun: [uSB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [Retrogamer Search Scope Monitor] "c:\progra~1\retrog~2\bar\1.bin\4wsrchmn.exe" /m=2 /w /h mRun: [Retrogamer_4w Browser Plugin Loader] c:\progra~1\retrog~2\bar\1.bin\4wbrmon.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\photostudio expressions\PMMonitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\videoc~1.lnk - c:\program files\panasonic\videocam suite 2\VideoCamSuiteAutoStart.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: mswsock.dll Trusted Zone: vizzed.com\www DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{2763F8DE-346C-4667-98D2-3993111B1FA6} : DhcpNameServer = 209.18.47.61 209.18.47.62 Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?] R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-7 654408] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-5-9 105984] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-7 22344] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-8 40776] S1 coqicavp;coqicavp;\??\c:\windows\system32\drivers\coqicavp.sys --> c:\windows\system32\drivers\coqicavp.sys [?] S1 eaquwnwq;eaquwnwq;\??\c:\windows\system32\drivers\eaquwnwq.sys --> c:\windows\system32\drivers\eaquwnwq.sys [?] S1 fdjdopff;fdjdopff;\??\c:\windows\system32\drivers\fdjdopff.sys --> c:\windows\system32\drivers\fdjdopff.sys [?] S1 gxxbvgwq;gxxbvgwq;\??\c:\windows\system32\drivers\gxxbvgwq.sys --> c:\windows\system32\drivers\gxxbvgwq.sys [?] S1 hfciwqcu;hfciwqcu;\??\c:\windows\system32\drivers\hfciwqcu.sys --> c:\windows\system32\drivers\hfciwqcu.sys [?] S1 ieakgnib;ieakgnib;\??\c:\windows\system32\drivers\ieakgnib.sys --> c:\windows\system32\drivers\ieakgnib.sys [?] S1 nqjuhdju;nqjuhdju;\??\c:\windows\system32\drivers\nqjuhdju.sys --> c:\windows\system32\drivers\nqjuhdju.sys [?] S1 otvwtogq;otvwtogq;\??\c:\windows\system32\drivers\otvwtogq.sys --> c:\windows\system32\drivers\otvwtogq.sys [?] S1 pljvprgz;pljvprgz;\??\c:\windows\system32\drivers\pljvprgz.sys --> c:\windows\system32\drivers\pljvprgz.sys [?] S1 qlsgyfda;qlsgyfda;\??\c:\windows\system32\drivers\qlsgyfda.sys --> c:\windows\system32\drivers\qlsgyfda.sys [?] S1 qvikqtje;qvikqtje;\??\c:\windows\system32\drivers\qvikqtje.sys --> c:\windows\system32\drivers\qvikqtje.sys [?] S1 skkbnvwa;skkbnvwa;\??\c:\windows\system32\drivers\skkbnvwa.sys --> c:\windows\system32\drivers\skkbnvwa.sys [?] S1 zbuqofzb;zbuqofzb;\??\c:\windows\system32\drivers\zbuqofzb.sys --> c:\windows\system32\drivers\zbuqofzb.sys [?] S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2009-6-8 99568] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664] S2 Retrogamer_4wService;RetrogamerService;c:\progra~1\retrog~2\bar\1.bin\4wbarsvc.exe [2011-12-19 42504] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 253088] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664] . =============== Created Last 30 ================ . 2012-07-08 22:59:25 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-07-08 03:34:26 -------- d-----w- c:\documents and settings\nick\application data\Malwarebytes 2012-07-08 00:24:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-07-08 00:24:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-08 00:24:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-07 00:15:20 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1a3555e-3809-41f6-963b-fa134658127b}\mpengine.dll 2012-07-05 18:53:19 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll . ==================== Find3M ==================== . 2012-05-16 01:55:53 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-05-16 01:55:52 476960 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-05-16 01:55:52 472864 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-02 17:59:00 1409 ----a-w- c:\windows\QTFont.for 2012-04-17 13:44:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-17 13:44:38 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ============= FINISH: 20:24:05.93 ===============
  4. Peelster1
    Here's the MBAM Quick Scan log. Beginning DDS scan. Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.08.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Nick :: RMPCOMPUTER [administrator] Protection: Enabled 7/8/2012 7:01:54 PM mbam-log-2012-07-08 (20-19-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 305581 Time elapsed: 1 hour(s), 16 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrcAs.dll (PUP.MyWebSearch) -> No action taken. Registry Keys Detected: 17 HKCR\CLSID\{4cff1016-c2e2-4fdd-9c67-e32200c25ff9} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4CFF1016-C2E2-4FDD-9C67-E32200C25FF9} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4CFF1016-C2E2-4FDD-9C67-E32200C25FF9} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{d757dbfc-1494-4647-a8b3-abd654988dd8} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D757DBFC-1494-4647-A8B3-ABD654988DD8} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D757DBFC-1494-4647-A8B3-ABD654988DD8} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D757DBFC-1494-4647-A8B3-ABD654988DD8} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{5fdf0490-af67-495b-921d-2257a38ed9fe} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{dbaff658-ddd6-44bc-a78d-8d2d4dea210c} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{BC2B63F7-B977-4A42-B633-799390097080} (PUP.MyWebSearch) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\Retrogamer_4wService (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{03123bb6-a811-407e-b323-66cf0be510b1} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03123BB6-A811-407E-B323-66CF0BE510B1} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{03123BB6-A811-407E-B323-66CF0BE510B1} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{03123BB6-A811-407E-B323-66CF0BE510B1} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Retrogamer_4wbar Uninstall (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken. Registry Values Detected: 4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Retrogamer_4w Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\RETROG~2\bar\1.bin\4wbrmon.exe -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{4CFF1016-C2E2-4FDD-9C67-E32200C25FF9} (PUP.MyWebSearch) -> Data: -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Retrogamer Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\RETROG~2\bar\1.bin\4wsrchmn.exe" /m=2 /w /h -> No action taken. HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Nick\Local Settings\Application Data\{baebeb56-d64c-3f43-ac11-15634174457b}\n. -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 10 C:\Program Files\Retrogamer_4w\bar\1.bin\4wbrstub.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\Retrogamer_4w\bar\1.bin\4wbrmon.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files\Retrogamer_4w\bar\1.bin\4wauxstb.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrcAs.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\Retrogamer_4w\bar\1.bin\4wdlghk.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\Retrogamer_4w\bar\1.bin\4wieovr.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrchMn.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files\Retrogamer_4w\bar\1.bin\4wbarsvc.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files\Retrogamer_4w\bar\1.bin\4wbar.dll (PUP.MyWebSearch) -> No action taken. C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> No action taken. (end)
  5. Peelster1
    Oh, "by" as in "created by". For some reason I thought you meant "by" as in "via". I have now updated MBAM from v2012.07.08.06 to v2012.07.08.07. MBAM has also detected more websites: 173.236.89.195 195.80.148.5 212.117.165.20 77.78.212.250 (I believe this one is the 77.something I was unable to screen cap earlier.) MBAM Quick Scan is still scanning. Also, I forgot to mention that My Secruity Essentials still suffers from that same error code even though My Secruity Shield seems to be removed and I also have a question. Should I continue to launch RKill every time I boot my computer or would it be interfering with the cleaning process? As of now, I am continuing to launch it upon start-up in an effort to stop any malcious processes from launching. (If there are any still attempting to launch, which I believe there is.)
  6. Peelster1
    Hello screen317, Thank you for the fast reply. At first I only clicked Run for the first time I used DDS and it did produce the two logs. Would you like that log from the first scan or just the scan from where I download DDS and save it? By the way what do you mean by "download DDS by sUBs"? I'm not familar with sUBs. Also, all websites are detected as "outgoing". I will now update MBAM, run the Quick Scan, and post the log.
  7. Peelster1
    I was searching on Google yesterday when I started experience the Google Redirect Virus, I was able to pinpoint that it was Google when I went directly to the links that I wanted to go to in my URL bar instead of clicking on the link from Google. Shortly after that I had a pop-up for My Secruity Shield and my Internet Explorer displayed that the webpage (Google) was under a virus attack. I had never experienced either of these virus so I just clicked the X on the My Secruity Shield pop-up, intending to do a scan afterwards. Big mistake. My Secruity Shield infected my computer and made Windows Secruity Essentials unusable with Error code: 0x80070424. (Which as you probably know is the code for hijackware.) I hard-reset the computer and upon reboot My Secruity Shield was still active. I hard-reset again and this time I logged onto my other user. The other user appeared unaffected by My Security Shield except that Windows Secruity Essentials was still down. I then did some searching on the problem and followed the instructions at http://www.bleepingcomputer.com/virus-removal/remove-my-security-shield I did not do Step 20 as I had to get up for work in 6 hours and didn't have the time to sit up doing another download and then a scan. Also, I am still running RKill every time when I log onto my user that I was infected on. Now My Secruity Shield seems to be gone and Malwarebytes is detecting (and blocking) malcious websites. The following is a list of the websites detected so far. All of them are in IP format. 78.41.203.125 206.161.121.3 64.34.127.185 195.80.148.5 There was also a 77.something that I was unable to screen cap in time. I followed the instructions on the matter which were given by user BornSlippy at http://forums.malwarebytes.org/index.php?showtopic=111851 who directed towards http://forums.malwarebytes.org/index.php?showtopic=9573 I followed the directions and ran DDS, now I am posting my logs as instructed by Admin AdvancedSetup. (I also read somewhere not to attach the files because if any real-time interaction happened between my computer and any of yours, it would be possible that my computer would infect any computers that interacted with mine. Below this point are the pasted logs. LOGS TO BE POSTED AS NOTEPAD WON'T OPEN UNTIL I REBOOT.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.