I guess the FBI got this PC... Or bad RansomWare (MoneyPak)

[MarkusRuckus]

see..

and the DDS...

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL

Internet Explorer: 9.0.8112.16421

Run by David at 21:40:59 on 2012-08-22

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.5387 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/?ilc=1

uWindow Title = Windows Internet Explorer provided by Yahoo!

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: N/A: {f4c28532-b9d0-4950-a2df-e83f9929242b} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll

mURLSearchHooks: Max EN Toolbar: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Program Files (x86)\P2P_Max\tbP2P0.dll

mURLSearchHooks: Download Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P0.dll

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Download Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P0.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO: Max EN Toolbar: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Program Files (x86)\P2P_Max\tbP2P0.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

BHO: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Search Assistant BHO: {c4b22c87-45ef-4f43-89f2-40db2078864e} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Toolbar BHO: {da71fd14-5f7b-46ae-b8b1-44074a38f331} - C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Max EN Toolbar: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Program Files (x86)\P2P_Max\tbP2P0.dll

TB: Download Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P0.dll

TB: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: MyFunCards: {210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - C:\Windows\SysWow64\Shdocvw.dll

EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe

uRun: [<NO NAME>] C:\Users\David\AppData\Local\Temp\hleo32.exe

mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe

mRun: [<NO NAME>]

mRun: [V0415Mon.exe] C:\Windows\V0415Mon.exe

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [MyFunCards Search Scope Monitor] "C:\PROGRA~2\MYFUNC~2\bar\1.bin\5msrchmn.exe" /m=2 /w /h

mRun: [MyFunCards_5m Browser Plugin Loader] C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbrmon.exe

StartupFolder: C:\Users\David\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\David\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZOOSKM~1.LNK - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - C:\Windows\SysWow64\Shdocvw.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{6B52D20A-8B31-47CA-BBBC-57DD80C5826D} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{82A4CFEA-4151-4588-A37A-5403FF50E6F4} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Download Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P0.dll

BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO-X64: StartNow Toolbar Helper - No File

BHO-X64: Max EN Toolbar: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Program Files (x86)\P2P_Max\tbP2P0.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

BHO-X64: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll

BHO-X64: BFlix Toolbar - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Search Assistant BHO: {c4b22c87-45ef-4f43-89f2-40db2078864e} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Toolbar BHO: {da71fd14-5f7b-46ae-b8b1-44074a38f331} - C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbar.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: Max EN Toolbar: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Program Files (x86)\P2P_Max\tbP2P0.dll

TB-X64: Download Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P0.dll

TB-X64: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll

TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: MyFunCards: {210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

EB-X64: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - No File

EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File

mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun-x64: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe

mRun-x64: [(Default)]

mRun-x64: [V0415Mon.exe] C:\Windows\V0415Mon.exe

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [MyFunCards Search Scope Monitor] "C:\PROGRA~2\MYFUNC~2\bar\1.bin\5msrchmn.exe" /m=2 /w /h

mRun-x64: [MyFunCards_5m Browser Plugin Loader] C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbrmon.exe

.

============= SERVICES / DRIVERS ===============

.

S1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]

S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]

S1 AvgTdiA;AVG Free8 Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

S2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~2\AVG\AVG8\avgemc.exe [2009-8-18 908056]

S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2009-8-18 297752]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 136176]

S2 MyFunCards_5mService;MyFunCardsService;C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe [2012-7-28 42528]

S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]

S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-11 250056]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [2010-10-29 167264]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 136176]

S3 netr28x;Linksys WPC600N/WMP600N Wireless-N Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\Windows\system32\DRIVERS\livecamv.sys --> C:\Windows\system32\DRIVERS\livecamv.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;C:\Windows\system32\DRIVERS\V0415Vid.sys --> C:\Windows\system32\DRIVERS\V0415Vid.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-08-23 01:13:00 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EBA65EFF-467F-4B1D-92B8-9631D8DBE761}\offreg.dll

2012-08-21 10:44:46 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EBA65EFF-467F-4B1D-92B8-9631D8DBE761}\mpengine.dll

2012-08-16 07:03:26 2769408 ----a-w- C:\Windows\System32\win32k.sys

2012-08-15 17:49:12 788480 ----a-w- C:\Windows\System32\localspl.dll

2012-08-15 17:49:12 623616 ----a-w- C:\Windows\SysWow64\localspl.dll

2012-08-10 19:54:30 -------- d-----w- C:\Users\David\AppData\Roaming\funkitron

2012-08-10 15:33:52 -------- d-----w- C:\Users\David\AppData\Roaming\iWinG

2012-08-10 15:33:52 -------- d-----w- C:\ProgramData\iWinG

2012-08-09 20:49:40 -------- d-----w- C:\Users\David\AppData\Roaming\Casual Arts

2012-08-09 20:49:40 -------- d-----w- C:\ProgramData\Casual Arts

2012-08-09 20:29:03 -------- d-----w- C:\ProgramData\Christmasville

2012-07-28 22:37:44 -------- d-----w- C:\Users\David\AppData\Roaming\casualArts

2012-07-28 22:37:44 -------- d-----w- C:\ProgramData\casualArts

2012-07-28 20:10:25 -------- d-----w- C:\Program Files (x86)\MyFunCards_5m

2012-07-28 20:10:17 -------- d---a-w- C:\Program Files (x86)\MyFunCards_5mEI

2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-08-15 00:35:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 00:35:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-28 03:28:35 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-28 03:21:17 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-28 03:20:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-28 03:16:25 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-28 03:12:35 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-28 00:27:12 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-28 00:19:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-28 00:18:16 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-28 00:12:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-28 00:07:44 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 21:42:56.64 ===============

and the attach..

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 6/21/2009 3:21:56 PM

System Uptime: 8/22/2012 8:47:23 PM (1 hours ago)

.

Motherboard: PEGATRON CORPORATION | | Benicia

Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2600/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 582 GiB total, 395.889 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 1.926 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

µTorrent

ActiveCheck component for HP Active Support Library

Adobe Acrobat 5.0

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

Ask Toolbar

AVG Free 8.5

BFlix Toolbar

Blubster 3.1.1

BufferChm

C4600

Compatibility Pack for the 2007 Office system

Conduit Engine

Coupon Printer for Windows

Creative Live! Central

Creative System Information

CyberLink DVD Suite Deluxe

Default Manager

Destination Component

DeviceDiscovery

DirectX for Managed Code Update (Summer 2004)

Driver Detective

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP Odometer

HP Officejet 6500 E710a-f Help

HP Picasso Media Center Add-In

HP Recovery Manager RSS

HP Support Information

HP Total Care Setup

HP Update

HPAsset component for HP Active Support Library

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

I.R.I.S. OCR

Java Auto Updater

Java 6 Update 22

KODAK Share Button App

LabelPrint

LightScribe System Software

LightScribe Template Designs - Fantasy Pack 1

LightScribeTemplateLabeler

MarketResearch

Marketsplash Shortcuts

Microsoft Live Search Toolbar

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCSetup

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyFunCards Toolbar

OpenOffice.org 3.3

P2P_Energy Toolbar

P2P_Max Toolbar

PictureMover

PIXresizer

Power2Go

PowerDirector

PS_AIO_05_C4600_Software_Min

Python 2.6 pywin32-212

Python 2.6.1

QuickTime

RealPlayer 7 Basic

Realtek High Definition Audio Driver

Roblox for David

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

SmartWebPrinting

SolutionCenter

sp44626

StartNow Toolbar

Status

Toolbox

TrayApp

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

WeatherBug

WebReg

WildTangent Games

Yahoo! Messenger

Yahoo! Search Protection

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

8/22/2012 9:10:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

8/22/2012 8:49:46 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/22/2012 8:49:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx64 AvgMfx64 AvgTdiA DfsC i8042prt NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6

8/22/2012 8:49:40 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/22/2012 8:49:40 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 8:49:40 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

8/22/2012 8:49:40 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 8:49:40 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 8:49:40 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/22/2012 8:49:40 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/22/2012 8:49:40 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 8:49:40 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/22/2012 8:49:40 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/22/2012 8:49:40 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/22/2012 8:49:40 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 8:49:40 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 8:49:40 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/22/2012 8:49:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/22/2012 8:49:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/22/2012 8:48:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/22/2012 8:48:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/22/2012 8:48:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

8/22/2012 8:48:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/22/2012 8:48:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/22/2012 8:37:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt

8/21/2012 6:43:58 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2680317).

8/21/2012 6:33:54 AM, Error: EventLog [6008] - The previous system shutdown at 11:34:02 PM on 8/20/2012 was unexpected.

8/21/2012 10:37:34 AM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.

8/21/2012 10:37:34 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.104, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

8/21/2012 10:36:48 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Photosmart C4600 series with shared resource name HP Photosmart C4600 series. Error 2114. The printer cannot be used by others on the network.

8/20/2012 10:15:42 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

8/16/2012 3:25:25 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

8/16/2012 3:25:25 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/16/2012 3:25:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/15/2012 7:08:30 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JAMIEE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{82A4CFEA-4151-4588-A37A-5403FF50E6F4}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

Thank you for looking at this. I would like to help them get this clean

[aliB]

hi

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

THEN

• Download RogueKiller and save it on your desktop.
  
• Quit all programs
  
• Start RogueKiller.exe.
  
• Wait until Prescan has finished ...
  
• Click on Scan

• Wait for the end of the scan.
  
• The report has been created on the desktop.
  
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
  
• The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

[MarkusRuckus]

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.23.06

Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

David :: DAVID-PC [administrator]

8/23/2012 10:25:04 AM

mbam-log-2012-08-23 (10-25-04).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 236918

Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 14

HKCR\CLSID\{c4b22c87-45ef-4f43-89f2-40db2078864e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4B22C87-45EF-4F43-89F2-40DB2078864E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4B22C87-45EF-4F43-89F2-40DB2078864E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4B22C87-45EF-4F43-89F2-40DB2078864E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyFunCards_5mbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{da71fd14-5f7b-46ae-b8b1-44074a38f331} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA71FD14-5F7B-46AE-B8B1-44074A38F331} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA71FD14-5F7B-46AE-B8B1-44074A38F331} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA71FD14-5F7B-46AE-B8B1-44074A38F331} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\MyFunCards_5m (Adware.MyFunCards) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\MyFunCards_5mEI (Adware.MyFunCards) -> Quarantined and deleted successfully.

Registry Values Detected: 4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyFunCards Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\MYFUNC~2\bar\1.bin\5msrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run| (Trojan.Agent) -> Data: C:\Users\David\AppData\Local\Temp\hleo32.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} (PUP.MyWebSearch) -> Data: 6!;¤AµÚ>¸ZVÂ -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 5

C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Local\Temp\hleo32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Users\David\Local Settings\Temporary Internet Files\Content.IE5\1B9F3719\MyFunCards.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.

(end)

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: David [Admin rights]

Mode: Scan -- Date: 08/23/2012 10:49:20

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] V0415Mon.exe -- C:\Windows\V0415Mon.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤

[sUSP PATH] HKLM\[...]\Wow6432Node\Run : V0415Mon.exe (C:\Windows\V0415Mon.exe) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++

--- User ---

[MBR] 5e7d37f348060595b0245f3204cc1081

[bSP] cbe1a3892920c024e3e7b9efc684338e : HP tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 596475 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1221582600 | Size: 14001 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: David [Admin rights]

Mode: Remove -- Date: 08/23/2012 10:50:30

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] V0415Mon.exe -- C:\Windows\V0415Mon.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤

[sUSP PATH] HKLM\[...]\Wow6432Node\Run : V0415Mon.exe (C:\Windows\V0415Mon.exe) -> DELETED

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++

--- User ---

[MBR] 5e7d37f348060595b0245f3204cc1081

[bSP] cbe1a3892920c024e3e7b9efc684338e : HP tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 596475 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1221582600 | Size: 14001 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: David [Admin rights]

Mode: Shortcuts HJfix -- Date: 08/23/2012 10:53:08

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] V0415Mon.exe -- C:\Windows\V0415Mon.exe -> KILLED [TermProc]

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤

Desktop: Success 1 / Fail 0

Quick launch: Success 0 / Fail 0

Programs: Success 6 / Fail 0

Start menu: Success 1 / Fail 0

User folder: Success 817 / Fail 0

My documents: Success 0 / Fail 0

My favorites: Success 0 / Fail 0

My pictures: Success 0 / Fail 0

My music: Success 2 / Fail 0

My videos: Success 0 / Fail 0

Local drives: Success 266 / Fail 0

Backup: [NOT FOUND]

Drives:

[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored

[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored

[E:] \Device\CdRom0 -- 0x5 --> Skipped

[F:] \Device\HarddiskVolume3 -- 0x2 --> Restored

[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored

[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored

[i:] \Device\HarddiskVolume6 -- 0x2 --> Restored

[J:] \Device\HarddiskVolume7 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[aliB]

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

Step 2

ESET Online Scanner

1. Click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
   
2. Click the button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the icon on your desktop.
      
   4. Check
      
   5. Click the button.
      
   6. Accept any security warnings from your browser.
      
   7. Check
      
   8. Push the Start button.
      
   9. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
      
   10. When the scan completes, push
       
   11. Push , and save the file to your desktop using a unique name, such as
       ESETScan. Include the contents of this report in your next reply.
       
   12. Push the button.
       
   13. Push
       
       Things i would like to see in your reply:
       • Malwarebytes Results.
         
       • Eset scanner report.
         
       • Update on how your computer is running

[MarkusRuckus]

Web pages are loading now, but horribly slow. much slower than other PCs with the same internet connect. It took about 3-4 minutes to load the eset page where I "accept the terms of use" before I could check the box.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.23.06

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

David :: DAVID-PC [administrator]

8/23/2012 2:19:13 PM

mbam-log-2012-08-23 (14-19-13).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230751

Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mdatact.dll probably a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined

C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mhtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined

C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mskin.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined

[aliB]

What browser are you using ? did you try a different one ?

[MarkusRuckus]

seems to only be happening in IE, chrome is fine.

[aliB]

see this link to reset internet explorer settings and try again: http://support.microsoft.com/kb/923737

[MarkusRuckus]

still the same issue after resetting settings. its not just pages, its all of IE. while its trying to load, I cant get to the options, I cant stop the page from loading. Its like the actual program more than the page and not every page. google.com loads fine, yahoo takes forever. strange.

[aliB]

try uninstall internet explorer 9 and reinstalling, see this link http://windows.microsoft.com/en-US/windows7/how-do-i-install-or-uninstall-internet-explorer-9

[MarkusRuckus]

Just figured it out. I was reading some posts about add in. disabled them one-by-one and found that the issue was resolved after disabling Shockwave plugin. I uninstalled it, restarted and reinstalled. all seems to be good. Thank you for all of your help.

[MarkusRuckus]

I can have it installed but I have to leave the add in disabled or the same hanging/freezing issue occurs.

[aliB]

I'd uninstall it for good and use a different browser when this add in is required.

[MarkusRuckus]

I found that the addin was called shockwave flash add in. once I removed it and reinstalled each separately now the addins each have their own listing, one is Flash active X and the other is Shockwave add in. now that they are separated, I can have both enabled and pages load fine. very odd. I think somethink was corrupted with the original plugins. Thanks again for the help. Everything seems to be running good again. You can close this issue if you would like.

[aliB]

Glad we could help

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.