1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Funmoods and trojan.dropper

Discussion in 'Virus & Other Malware Removal' started by mightyhead, Jan 16, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. mightyhead

    mightyhead Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    3
    Fixing a friend's beleagured laptop. Ran Malwarebytes and added the log to the other logs requested at the bottom. Seems that IE is reloading the virus or I'm not removing it completely with the things I've tried.

    Thanks for your help.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:07:55 AM, on 1/16/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SafeSearch - {e27d5867-80de-4449-9c03-71707c0db05b} - C:\Program Files\SafeSearch\ie\adxloader.dll
    O3 - Toolbar: SafeSearch Toolbar - {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - C:\Program Files\SafeSearch\ie\adxloader.dll
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: RosettaStoneLtdController - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 5601 bytes

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
    Run by jeffrey hupe at 11:32:17 on 2013-01-16
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
    C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\RealVNC\VNC4\winvnc4.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uProxyOverride = <local>;*.local
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} -
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SafeSearch: {e27d5867-80de-4449-9c03-71707c0db05b} - c:\program files\safesearch\ie\adxloader.dll
    TB: SafeSearch Toolbar: {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - c:\program files\safesearch\ie\adxloader.dll
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 4.2.2.2 8.8.8.8 75.75.76.76
    TCP: Interfaces\{9C695DA6-6559-4246-9E02-35EF83FC451B} : DHCPNameServer = 4.2.2.2 8.8.8.8 75.75.76.76
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2013-01-16 08:36:05 -------- d-----w- c:\users\jeffrey hupe\appdata\local\temp
    2013-01-16 08:29:08 -------- d-sh--w- C:\$RECYCLE.BIN
    2013-01-16 07:28:26 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a67725b5-e259-4c5f-9848-ba874eecc074}\mpengine.dll
    2013-01-16 03:59:41 -------- d-----w- c:\users\jeffrey hupe\appdata\roaming\MSNInstaller
    2013-01-16 03:58:21 -------- d-----w- c:\programdata\BasicSeek
    2013-01-16 03:58:20 -------- d-----w- c:\program files\BasicSeek
    2013-01-16 03:06:38 388096 ----a-r- c:\users\jeffrey hupe\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2013-01-16 03:06:28 -------- d-----w- c:\program files\Trend Micro
    2013-01-16 02:29:04 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2013-01-16 02:28:19 88576 ----a-w- c:\windows\system32\wudriver.dll
    2013-01-16 02:27:57 33792 ----a-w- c:\windows\system32\wuapp.exe
    2013-01-16 02:27:57 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2013-01-16 01:23:23 -------- d-----w- c:\users\jeffrey hupe\appdata\roaming\Malwarebytes
    2013-01-16 01:23:02 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-16 01:22:56 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-16 01:22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-16 00:54:38 98816 ----a-w- c:\windows\sed.exe
    2013-01-16 00:54:38 256000 ----a-w- c:\windows\PEV.exe
    2013-01-16 00:54:38 208896 ----a-w- c:\windows\MBR.exe
    2013-01-16 00:40:12 -------- d-----w- c:\users\jeffrey hupe\appdata\local\Coupon Companion Plugin
    2013-01-16 00:39:30 -------- d-----w- c:\users\jeffrey hupe\appdata\roaming\Funmoods
    2013-01-15 22:59:08 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-15 22:59:07 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-15 21:32:21 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{334e9314-178b-42fa-8bbc-c2ec32383a8b}\gapaengine.dll
    2013-01-15 21:17:46 -------- d-----w- c:\program files\CCleaner
    2013-01-15 21:17:24 -------- d-----w- c:\program files\SafeSearch
    2013-01-15 20:46:55 4096000 ----a-w- c:\program files\GUT80E3.tmp
    2013-01-15 20:46:55 -------- d-----w- c:\program files\GUM80E2.tmp
    2013-01-15 20:46:10 -------- d-----w- c:\users\jeffrey hupe\appdata\local\{9AF304F5-BC82-4A61-9B3A-47559757768A}
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 11:34:48.77 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 8.3.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    Ask Toolbar
    Ask Toolbar Updater
    Bonjour
    Brother MFL-Pro Suite MFC-J415W
    Camera Support Core Library
    Camera Window
    Canon Camera Support Core Library
    Canon Camera Window for ZoomBrowser EX
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities PhotoStitch 3.1
    Canon Utilities ZoomBrowser EX
    CCleaner
    Conexant HD Audio
    D3DX10
    DIGOpt
    EPSON Printer Software
    EPSON Scan
    EPSON Stylus CX7400 Series Scanner Driver Update
    ESU for Microsoft Vista
    Google Earth
    Google Updater
    HDAUDIO Soft Data Fax Modem with SmartCP
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP Easy Setup - Frontend
    HP Help and Support
    HP Photosmart Essential 2.0
    HP Photosmart Essential2.5
    HP Quick Launch Buttons 6.20 B1
    HP QuickPlay 3.6
    HP Total Care Advisor
    HP Update
    HP User Guides 0057
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    iCloud
    iPhone Configuration Utility
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Expression Web
    Microsoft Expression Web MUI (English)
    Microsoft Expression Web Service Pack 1 (SP1)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project 2007 Service Pack 3 (SP3)
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio 2007 Service Pack 3 (SP3)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft UI Engine
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Works
    MobileMe Control Panel
    MovieEdit Task
    MSCU for Microsoft Vista
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Transfer
    My HP Games
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    PaperPort Image Printer
    PhotoStitch
    Primo
    PSSWCORE
    QuickTime
    Qwest Installer
    RAW Image Task 1.1
    RemoteCapture Task 1.0.3
    Rhapsody Player Engine
    Rosetta Stone Ltd Services
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Runtime
    Safari
    SafeSearch
    ScanSoft PaperPort 11
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB2553010)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    SkyCaddie Desktop
    SmartAudio
    Sony Picture Utility
    Synaptics Pointing Device Driver
    The Typing of The Dead US
    The Weather Channel Desktop 6
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Project 2007 Help (KB963668)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Visio 2007 Help (KB963666)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    VNC Mirror Driver 1.8.0
    VNC Personal Edition P4.4.3
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    .
    ==== End Of File ===========================

    This is where the ark.txt file should go, but I must be doing something wrong - it keeps coming out blank

    Malwarebytes file:

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.16.01

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    jeffrey hupe :: JEFFREYHUPE-NB [administrator]

    1/15/2013 6:24:05 PM
    mbam-log-2013-01-15 (18-24-05).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218321
    Time elapsed: 1 hour(s), 45 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 40
    HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\qnpn7rjv93lf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCU\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKCU\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    HKCU\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.

    Registry Values Detected: 4
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:58970 -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (PUP.FunMoods) -> Data: http://searchfunmoods.com/?f=2&a=do...AzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1979187632 -> Quarantined and deleted successfully.

    Registry Data Items Detected: 4
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://searchfunmoods.com/?f=1&a=do...AzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1979187632) Good: (http://www.google.com) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\jeffrey hupe\AppData\Local\chh.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\jeffrey hupe\AppData\Local\chh.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bad: (http://searchfunmoods.com/?f=1&a=do...AzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1979187632) Good: (http://www.google.com) -> Quarantined and repaired successfully.

    Folders Detected: 4
    C:\Program Files\E-Set 2011 (Rogue.FakeEset) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22 (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Quarantined and deleted successfully.

    Files Detected: 19
    C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\jeffrey hupe\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\jeffrey hupe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\jeffrey hupe\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\jeffrey hupe\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\jeffrey hupe\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\jeffrey hupe\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\jeffrey hupe\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\jeffrey hupe\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\jeffrey hupe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\Sqlite3.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\uninst.dat (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Quarantined and deleted successfully.

    (end)
     
  2. mightyhead

    mightyhead Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    3
    [FONT=&quot]ComboFix 13-01-27.03 - jeffrey hupe 01/27/2013 13:07:13.2.2 - x86
    Running from: c:\users\jeffrey hupe\Desktop\ComboFix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\BasicSeek
    c:\programdata\BasicSeek
    c:\programdata\BasicSeek\basicseek110.exe
    c:\users\jeffrey hupe\AppData\Roaming\Smart Engine
    c:\users\jeffrey hupe\AppData\Roaming\Smart Engine\Instructions.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-27 to 2013-01-27 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-27 23:34 . 2013-01-27 23:34 -------- d-----w- c:\users\jeffrey hupe\AppData\Local\temp
    2013-01-27 23:34 . 2013-01-27 23:34 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-27 19:39 . 2013-01-27 19:39 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A847969A-66AD-4150-918D-661D3A222E26}\MpKsl2c1efbb5.sys
    2013-01-27 10:26 . 2013-01-15 09:49 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A847969A-66AD-4150-918D-661D3A222E26}\mpengine.dll
    2013-01-16 21:53 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
    2013-01-16 21:53 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
    2013-01-16 19:17 . 2013-01-16 19:17 100352 ----a-w- C:\kftcrkow.sys
    2013-01-16 03:59 . 2013-01-16 04:00 -------- d-----w- c:\users\jeffrey hupe\AppData\Roaming\MSNInstaller
    2013-01-16 03:06 . 2013-01-16 03:06 388096 ----a-r- c:\users\jeffrey hupe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-01-16 03:06 . 2013-01-16 03:06 -------- d-----w- c:\program files\Trend Micro
    2013-01-16 02:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2013-01-16 02:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2013-01-16 02:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2013-01-16 02:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2013-01-16 02:28 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
    2013-01-16 02:28 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
    2013-01-16 02:28 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2013-01-16 02:27 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2013-01-16 02:27 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    2013-01-16 01:23 . 2013-01-16 01:23 -------- d-----w- c:\users\jeffrey hupe\AppData\Roaming\Malwarebytes
    2013-01-16 01:23 . 2013-01-16 01:23 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-16 01:22 . 2013-01-16 01:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-16 01:22 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-16 00:40 . 2013-01-16 03:57 -------- d-----w- c:\users\jeffrey hupe\AppData\Local\Coupon Companion Plugin
    2013-01-16 00:39 . 2013-01-16 00:39 -------- d-----w- c:\users\jeffrey hupe\AppData\Roaming\Funmoods
    2013-01-15 22:59 . 2013-01-15 22:59 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-15 22:59 . 2013-01-15 22:59 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-15 21:32 . 2012-10-23 13:04 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{334E9314-178B-42FA-8BBC-C2EC32383A8B}\gapaengine.dll
    2013-01-15 21:17 . 2013-01-15 21:17 -------- d-----w- c:\program files\CCleaner
    2013-01-15 21:17 . 2013-01-15 21:17 -------- d-----w- c:\program files\SafeSearch
    2013-01-15 20:46 . 2013-01-15 20:47 -------- d-----w- c:\program files\GUM80E2.tmp
    2013-01-15 20:46 . 2013-01-15 20:46 4096000 ----a-w- c:\program files\GUT80E3.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-15 09:49 . 2011-11-25 14:39 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-10 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e27d5867-80de-4449-9c03-71707c0db05b}]
    2012-07-26 04:09 508216 ----a-w- c:\program files\SafeSearch\ie\adxloader.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{fc0c0170-4eb0-430d-a7f3-939ee7ea1a25}"= "c:\program files\SafeSearch\ie\adxloader.dll" [2012-07-26 508216]
    .
    [HKEY_CLASSES_ROOT\clsid\{fc0c0170-4eb0-430d-a7f3-939ee7ea1a25}]
    [HKEY_CLASSES_ROOT\SafeSearch.SafeSearch1]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-10 1557160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^jeffrey hupe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\jeffrey hupe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^jeffrey hupe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Media Check Tool.lnk]
    path=c:\users\jeffrey hupe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
    backup=c:\windows\pss\PMB Media Check Tool.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
    2012-04-10 00:43 1557160 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-10-06 07:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
    2010-02-09 22:43 2621440 ------r- c:\program files\Browny02\Brother\BrStMonW.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
    2008-12-24 16:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2006-11-02 09:45 8704 ----a-w- c:\windows\System32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
    2011-06-08 17:45 822456 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7400 Series]
    2007-02-15 13:00 179200 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICDA.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    2008-10-09 13:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2011-02-18 20:49 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
    2007-03-20 22:23 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    2007-10-03 22:15 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    2008-07-10 05:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-10-10 00:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2009-07-17 17:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
    2011-06-15 21:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2011-05-13 22:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-06-24 13:08 13601312 ----a-w- c:\windows\System32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2009-06-24 13:08 92704 ----a-w- c:\windows\System32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    2008-07-10 05:07 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
    2007-08-31 15:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
    2007-02-13 18:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-06 00:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QwestTouchPointAgent]
    2010-07-06 20:14 45992 ----a-w- c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-10-25 15:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-11-03 17:04 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2010-05-28 05:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
    2007-09-15 08:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSL2C1EFBB5
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-15 22:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 4.2.2.2 8.8.8.8 75.75.76.76
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-27 16:34
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2013-01-27 16:41:03
    ComboFix-quarantined-files.txt 2013-01-27 23:40
    ComboFix2.txt 2013-01-16 08:36
    .
    Pre-Run: 35,813,462,016 bytes free
    Post-Run: 35,823,726,592 bytes free
    .
    - - End Of File - - CF969CAC8540F1FF88EA4D2D6432603A

    [/FONT]
     
  3. mightyhead

    mightyhead Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    3
    Unable to turn on Windows Defender as well. Pretty sure it's still infected.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085539