Peelster1
-
Posts
32 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Peelster1
-
-
Ask, Retrogamer and Yahoo! toolbars were all uninstalled via Add or Remove Programs under Control Panel. Currently MBAM is blocking a malcious process from launching on every startup. If you need any logs and/or the message MBAM is giving me let me know. I successfully downloaded ComboFix and then began following the guide at the link you gave me. When I went to disable Windows Firewall I got the following message from Windows Firewall saying "Due to an unidentified problem, Windows cannot display Windows Firewall settings." The only button is "OK". I am unable to access the settings required to disable Windows Firewall in order to take the "preventative measures so that there are no conflicts with other programs when running ComboFix."
-
DDS.txt from the saved to Desktop scan.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Nick at 20:21:44 on 2012-07-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.476 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\PROGRA~1\RETROG~2\bar\1.bin\4wbrmon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PhotoStudio Expressions\PMMonitor.exe
C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
"C:\WINDOWS\System32\svchost.exe" -k LocalServiceDns
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uURLSearchHooks: N/A: {4cff1016-c2e2-4fdd-9c67-e32200c25ff9} - c:\program files\retrogamer_4w\bar\1.bin\4wSrcAs.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Toolbar BHO: {03123bb6-a811-407e-b323-66cf0be510b1} - c:\progra~1\retrog~2\bar\1.bin\4wbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Search Assistant BHO: {d757dbfc-1494-4647-a8b3-abd654988dd8} - c:\program files\retrogamer_4w\bar\1.bin\4wSrcAs.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: RefresherBand Class: {b24ba06e-fb7b-4757-95c2-dc01125f750e} - c:\progra~1\yrefre~1\YREFRE~1.DLL
TB: Retrogamer: {3392cfec-56f8-41ee-bdb4-4e301efd2c93} - c:\program files\retrogamer_4w\bar\1.bin\4wbar.dll
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dldtmon.exe] "c:\program files\dell v305\dldtmon.exe"
mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini
mRun: [uSBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [uSB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Retrogamer Search Scope Monitor] "c:\progra~1\retrog~2\bar\1.bin\4wsrchmn.exe" /m=2 /w /h
mRun: [Retrogamer_4w Browser Plugin Loader] c:\progra~1\retrog~2\bar\1.bin\4wbrmon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\photostudio expressions\PMMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\videoc~1.lnk - c:\program files\panasonic\videocam suite 2\VideoCamSuiteAutoStart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
Trusted Zone: vizzed.com\www
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2763F8DE-346C-4667-98D2-3993111B1FA6} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-7 654408]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-5-9 105984]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-7 22344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-8 40776]
S1 coqicavp;coqicavp;\??\c:\windows\system32\drivers\coqicavp.sys --> c:\windows\system32\drivers\coqicavp.sys [?]
S1 eaquwnwq;eaquwnwq;\??\c:\windows\system32\drivers\eaquwnwq.sys --> c:\windows\system32\drivers\eaquwnwq.sys [?]
S1 fdjdopff;fdjdopff;\??\c:\windows\system32\drivers\fdjdopff.sys --> c:\windows\system32\drivers\fdjdopff.sys [?]
S1 gxxbvgwq;gxxbvgwq;\??\c:\windows\system32\drivers\gxxbvgwq.sys --> c:\windows\system32\drivers\gxxbvgwq.sys [?]
S1 hfciwqcu;hfciwqcu;\??\c:\windows\system32\drivers\hfciwqcu.sys --> c:\windows\system32\drivers\hfciwqcu.sys [?]
S1 ieakgnib;ieakgnib;\??\c:\windows\system32\drivers\ieakgnib.sys --> c:\windows\system32\drivers\ieakgnib.sys [?]
S1 nqjuhdju;nqjuhdju;\??\c:\windows\system32\drivers\nqjuhdju.sys --> c:\windows\system32\drivers\nqjuhdju.sys [?]
S1 otvwtogq;otvwtogq;\??\c:\windows\system32\drivers\otvwtogq.sys --> c:\windows\system32\drivers\otvwtogq.sys [?]
S1 pljvprgz;pljvprgz;\??\c:\windows\system32\drivers\pljvprgz.sys --> c:\windows\system32\drivers\pljvprgz.sys [?]
S1 qlsgyfda;qlsgyfda;\??\c:\windows\system32\drivers\qlsgyfda.sys --> c:\windows\system32\drivers\qlsgyfda.sys [?]
S1 qvikqtje;qvikqtje;\??\c:\windows\system32\drivers\qvikqtje.sys --> c:\windows\system32\drivers\qvikqtje.sys [?]
S1 skkbnvwa;skkbnvwa;\??\c:\windows\system32\drivers\skkbnvwa.sys --> c:\windows\system32\drivers\skkbnvwa.sys [?]
S1 zbuqofzb;zbuqofzb;\??\c:\windows\system32\drivers\zbuqofzb.sys --> c:\windows\system32\drivers\zbuqofzb.sys [?]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2009-6-8 99568]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S2 Retrogamer_4wService;RetrogamerService;c:\progra~1\retrog~2\bar\1.bin\4wbarsvc.exe [2011-12-19 42504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
.
=============== Created Last 30 ================
.
2012-07-08 22:59:25 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-08 03:34:26 -------- d-----w- c:\documents and settings\nick\application data\Malwarebytes
2012-07-08 00:24:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-08 00:24:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-08 00:24:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-07 00:15:20 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1a3555e-3809-41f6-963b-fa134658127b}\mpengine.dll
2012-07-05 18:53:19 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M ====================
.
2012-05-16 01:55:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-16 01:55:52 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-16 01:55:52 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-02 17:59:00 1409 ----a-w- c:\windows\QTFont.for
2012-04-17 13:44:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-17 13:44:38 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 20:24:05.93 ===============
-
Here's the MBAM Quick Scan log. Beginning DDS scan.
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
Database version: v2012.07.08.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Nick :: RMPCOMPUTER [administrator]
Protection: Enabled
7/8/2012 7:01:54 PM
mbam-log-2012-07-08 (20-19-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 305581
Time elapsed: 1 hour(s), 16 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrcAs.dll (PUP.MyWebSearch) -> No action taken.
Registry Keys Detected: 17
HKCR\CLSID\{4cff1016-c2e2-4fdd-9c67-e32200c25ff9} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4CFF1016-C2E2-4FDD-9C67-E32200C25FF9} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4CFF1016-C2E2-4FDD-9C67-E32200C25FF9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{d757dbfc-1494-4647-a8b3-abd654988dd8} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D757DBFC-1494-4647-A8B3-ABD654988DD8} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D757DBFC-1494-4647-A8B3-ABD654988DD8} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D757DBFC-1494-4647-A8B3-ABD654988DD8} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{5fdf0490-af67-495b-921d-2257a38ed9fe} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{dbaff658-ddd6-44bc-a78d-8d2d4dea210c} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{BC2B63F7-B977-4A42-B633-799390097080} (PUP.MyWebSearch) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Retrogamer_4wService (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{03123bb6-a811-407e-b323-66cf0be510b1} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03123BB6-A811-407E-B323-66CF0BE510B1} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{03123BB6-A811-407E-B323-66CF0BE510B1} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{03123BB6-A811-407E-B323-66CF0BE510B1} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Retrogamer_4wbar Uninstall (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.
Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Retrogamer_4w Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\RETROG~2\bar\1.bin\4wbrmon.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{4CFF1016-C2E2-4FDD-9C67-E32200C25FF9} (PUP.MyWebSearch) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Retrogamer Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\RETROG~2\bar\1.bin\4wsrchmn.exe" /m=2 /w /h -> No action taken.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Nick\Local Settings\Application Data\{baebeb56-d64c-3f43-ac11-15634174457b}\n. -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 10
C:\Program Files\Retrogamer_4w\bar\1.bin\4wbrstub.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files\Retrogamer_4w\bar\1.bin\4wbrmon.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files\Retrogamer_4w\bar\1.bin\4wauxstb.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrcAs.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files\Retrogamer_4w\bar\1.bin\4wdlghk.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files\Retrogamer_4w\bar\1.bin\4wieovr.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrchMn.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files\Retrogamer_4w\bar\1.bin\4wbarsvc.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files\Retrogamer_4w\bar\1.bin\4wbar.dll (PUP.MyWebSearch) -> No action taken.
C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> No action taken.
(end)
-
Oh, "by" as in "created by". For some reason I thought you meant "by" as in "via". I have now updated MBAM from v2012.07.08.06 to v2012.07.08.07. MBAM has also detected more websites:
173.236.89.195
195.80.148.5
212.117.165.20
77.78.212.250 (I believe this one is the 77.something I was unable to screen cap earlier.)
MBAM Quick Scan is still scanning.
Also, I forgot to mention that My Secruity Essentials still suffers from that same error code even though My Secruity Shield seems to be removed and I also have a question. Should I continue to launch RKill every time I boot my computer or would it be interfering with the cleaning process? As of now, I am continuing to launch it upon start-up in an effort to stop any malcious processes from launching. (If there are any still attempting to launch, which I believe there is.)
-
Hello screen317,
Thank you for the fast reply. At first I only clicked Run for the first time I used DDS and it did produce the two logs. Would you like that log from the first scan or just the scan from where I download DDS and save it? By the way what do you mean by "download DDS by sUBs"? I'm not familar with sUBs. Also, all websites are detected as "outgoing". I will now update MBAM, run the Quick Scan, and post the log.
-
I was searching on Google yesterday when I started experience the Google Redirect Virus, I was able to pinpoint that it was Google when I went directly to the links that I wanted to go to in my URL bar instead of clicking on the link from Google. Shortly after that I had a pop-up for My Secruity Shield and my Internet Explorer displayed that the webpage (Google) was under a virus attack. I had never experienced either of these virus so I just clicked the X on the My Secruity Shield pop-up, intending to do a scan afterwards. Big mistake. My Secruity Shield infected my computer and made Windows Secruity Essentials unusable with Error code: 0x80070424. (Which as you probably know is the code for hijackware.) I hard-reset the computer and upon reboot My Secruity Shield was still active. I hard-reset again and this time I logged onto my other user. The other user appeared unaffected by My Security Shield except that Windows Secruity Essentials was still down. I then did some searching on the problem and followed the instructions at
http://www.bleepingcomputer.com/virus-removal/remove-my-security-shield
I did not do Step 20 as I had to get up for work in 6 hours and didn't have the time to sit up doing another download and then a scan. Also, I am still running RKill every time when I log onto my user that I was infected on.
Now My Secruity Shield seems to be gone and Malwarebytes is detecting (and blocking) malcious websites. The following is a list of the websites detected so far. All of them are in IP format.
78.41.203.125
206.161.121.3
64.34.127.185
195.80.148.5
There was also a 77.something that I was unable to screen cap in time.
I followed the instructions on the matter which were given by user BornSlippy at
http://forums.malwarebytes.org/index.php?showtopic=111851
who directed towards
http://forums.malwarebytes.org/index.php?showtopic=9573
I followed the directions and ran DDS, now I am posting my logs as instructed by Admin AdvancedSetup. (I also read somewhere not to attach the files because if any real-time interaction happened between my computer and any of yours, it would be possible that my computer would infect any computers that interacted with mine.
Below this point are the pasted logs.
LOGS TO BE POSTED AS NOTEPAD WON'T OPEN UNTIL I REBOOT.
Google Redirect, My Secruity Shield, Malcious Websites, & DDS log
in Resolved Malware Removal Logs
Posted
I just want you to know that I will be unable to use the infected computer until Friday because I will be up at a friend's campground. Even now I am not posting from that computer, otherwise I would proceed with the next steps you have given me.