Pop-ups ads keep coming

Microsoft Upg-v windows 95 w/internet ex...
April 10, 2010 at 10:18:42
Specs: Windows Vista, AMD Athlon (tm) 64 x2 Dual Core Processor 5200+. 2.70 Ghz / 4 GB Ram
I've scanned my computer with both AVG paid version and ESET Smart Security. First i found some trojans and now they are gone, but the pop ups keep coming randomly, i don't even have to have the internet browser on :( please help

See More: Pop-ups ads keep coming

Report •

#1
April 10, 2010 at 10:33:46
Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt (do not zip just copy/paste)

Save both reports to your desktop then post them please.You may need to post in segments to get all the info to us as the logs may be to large to fit in one post.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Report •

#2
April 10, 2010 at 11:45:15
DDS (Ver_10-03-17.01) - NTFSx86
Run by Alex at 20:14:43,19 on 2010-04-10
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.46.1053.18.3326.1330 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Jmuroa.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\TEMP\mrt6382.tmp\stdrt.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\System32\alg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Alex\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Emotum\Mobile Broadband\Mobile.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Drivers.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Alex\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.ijji.com
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Smart-Shopper: {4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: SmartShopper: {8bcb5337-ec01-4e38-840c-a964f174255b} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [BitTorrent DNA] "c:\users\alex\program files\dna\btdna.exe"
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [PlayNC Launcher]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /systray /nologon
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Emotum Mobile Broadband] c:\program files\emotum\mobile broadband\Mobile.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [StartServiceCHBFDCBD] c:\users\alex\appdata\local\chbfdcbd\StartService.exe
uRun: [Canaveral] rundll32.exe c:\windows\system32\sshnas21.dll,BackupReadW
uRun: [YVIBBBHA8C] c:\users\alex\appdata\local\temp\Jtd.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; byond_4.0; GTB6.3; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.cartoonnetwork.se/show/ed%20edd%20och%20eddy/games/eddstremt"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless N DWA-140] c:\program files\d-link\d-link wireless n dwa-140\AirNCFG.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Launch LGDCore] "c:\program files\common files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Drivers] Drivers.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {6FAC4823-815E-4361-836E-46D65ED2550B} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\mtwr908f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/firefox?client=firefox-a&rls=org.mozilla:sv-SE:official
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\common files\dvdvideosoft\dll\ffcontextmenuy\components\FFContextMenu.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\mtwr908f.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\byond\bin\npbyond.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGPPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\alex\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\alex\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\mtwr908f.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\mtwr908f.default\extensions\npfax@microgaming.co.uk\platform\winnt_x86-msvc\plugins\npfax.dll
FF - plugin: c:\users\alex\program files\dna\plugins\npbtdna.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-10 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-29 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-29 29512]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-2 242696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-5 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-5 308064]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-5-14 38240]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-5-20 599040]
S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system\regsrv.exe [2010-3-6 675033]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-22 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-12-30 13224]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-1-18 103040]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [2009-12-24 90280]
S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [2009-12-24 15016]
S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [2009-12-24 122280]
S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [2009-12-24 115880]
S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [2009-12-24 26024]
S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [2009-12-24 111912]
S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [2009-12-24 116904]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-26 34384]
S3 TNET1130;D-Link AirPlus G+ Wireless Adapter;c:\windows\system32\drivers\GPlus.sys [2004-5-21 283392]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-04-10 16:49:43 124 ----a-w- c:\windows\system\update.dat
2010-04-10 16:24:28 0 d-----w- c:\programdata\hsswpr
2010-04-10 15:53:08 0 ----a-w- c:\windows\system32\cd.dat
2010-04-10 15:40:10 0 d-----w- c:\users\alex\appdata\roaming\ESET
2010-04-10 15:39:08 0 d-----w- c:\programdata\ESET
2010-04-10 15:39:08 0 d-----w- c:\program files\ESET
2010-04-10 15:35:19 704 ----a-w- c:\windows\system\viewed.dll
2010-04-10 13:04:13 0 d-----w- c:\users\alex\appdata\roaming\AVG9
2010-04-10 11:23:05 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-09 19:56:05 0 d-----w- c:\programdata\FLEXnet
2010-04-09 19:45:40 0 d-----w- c:\program files\common files\Macrovision Shared
2010-04-09 19:39:53 181248 ----a-w- c:\windows\Jmuroa.exe
2010-04-09 19:39:44 224256 ----a-w- c:\windows\system32\sshnas21.dll
2010-04-09 19:22:52 159744 --sh--r- c:\windows\Drivers.exe
2010-04-09 19:22:31 5 ----a-w- c:\windows\system32\qwdijxxiojdxf.tmp
2010-04-09 19:20:15 0 d-----w- c:\program files\common files\Akamai
2010-04-09 15:22:12 406840684 ----a-w- c:\windows\MEMORY.DMP
2010-04-08 20:40:46 0 d-----w- c:\program files\IDoser v4
2010-04-08 14:15:58 0 d-----w- c:\program files\DAEMON Tools Lite
2010-03-30 13:04:22 0 d-----w- c:\program files\LogMeIn Hamachi
2010-03-23 17:11:13 0 d-----w- c:\users\alex\appdata\roaming\Windows Live Writer
2010-03-16 06:02:39 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-14 18:14:04 0 d-----w- c:\users\alex\appdata\roaming\NetMedia Providers
2010-03-14 18:00:09 0 d-----w- c:\program files\Sony

==================== Find3M ====================

2010-04-10 15:39:34 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-10 15:39:34 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-10 15:39:34 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-09 18:35:24 597598 ----a-w- c:\windows\system32\perfh01D.dat
2010-04-09 18:35:24 117210 ----a-w- c:\windows\system32\perfc01D.dat
2010-04-07 23:15:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-05 11:46:47 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-05 11:46:46 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 11:46:11 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53:34 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-03 13:56:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-23 02:00:32 79256 ----a-w- c:\windows\system32\npOGPPlugin.dll
2009-11-18 16:05:24 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 06:23:46 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2008-01-21 06:23:46 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2008-01-21 06:23:46 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2008-01-21 06:23:46 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-15 19:11:39 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 20:15:44,07 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 2008-11-29 21:27:22
System Uptime: 2010-04-10 17:51:06 (3 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2A-VM
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2700/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 55,506 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel

==== System Restore Points ===================

RP675: 2010-04-05 21:56:36 - Installation av enhetsdrivrutinspaket: Hotspot Shield Nätverkstjänst
RP676: 2010-04-05 21:58:05 - Installation av enhetsdrivrutinspaket: Anchorfree HSS Adapter Nätverkskort
RP677: 2010-04-06 16:12:02 - Schemalagd kontrollpunkt
RP678: 2010-04-07 13:56:47 - Schemalagd kontrollpunkt
RP680: 2010-04-08 01:15:12 - SPTD setup V1.62
RP682: 2010-04-08 01:20:54 - Installed RapeLay
RP683: 2010-04-08 17:17:56 - Schemalagd kontrollpunkt
RP684: 2010-04-09 13:26:30 - Schemalagd kontrollpunkt

==== Installed Programs ======================

"Nero SoundTrax Help
ACID Pro 7.0
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.1 - Svenska
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
Aion
Akamai NetSession Interface
ANIWZCS2 Service
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ASUS VGA Driver
ATI AVIVO Codecs
ATI Catalyst Install Manager
Auslogics Disk Defrag
AutoUpdate
AVG 9.0
BitLord 1.1
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Swedish
ccc-core-static
ccc-utility
CCC Help Swedish
CCleaner
Connect
Counter-Strike: Source
D-Link Wireless N DWA-140
DAEMON Tools Toolbar
DirectWave
DivX Codec
DivX Web Player
DivX Version Checker
DNA
DolbyFiles
Drivrutiner till Labtec® Camera
DX10
Edison
ESET Smart Security
Facebook Plug-In
FL Studio 9
Free Audio CD Burner version 1.2
Free YouTube to MP3 Converter version 3.2
FreeRIP v3.1
GIMP 2.6.7
Google Toolbar for Internet Explorer
Google Update Helper
Half-Life 2: Deathmatch
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Huawei Driver Installation
I-Doser v4
ijji REACTOR
IL Autogun
IL Download Manager
IL DrumSynth Live
IL Gross Beat
ImagXpress
ImgBurn (Remove Only)
iTunes
Java Auto Updater
Java(TM) 6 Update 17
kuler
Logitech G11 Keyboard Software 1.03
LogMeIn Hamachi
Menu Templates - Starter Kit
Microsoft .NET Framework 3.5 Language Pack SP1 - sve
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mobile Broadband
Movie Templates - Starter Kit
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
NCsoft Launcher
Nero 9
Nero 9 Trial
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero MediaHome 4
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero WaveEditor
Nero WaveEditor Help
Nero Vision
NeroBurningROM
NeroExpress
neroxml
NodEnabler 3.0
OpenOffice.org 3.2
Panda ActiveScan 2.0
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
PoiZone
QuickTime
RapeLay
RealPlayer
Sakura
Sawer
Security Update for CAPICOM (KB931906)
Skins
Skype Toolbars
Skype™ 4.2
SmartShopper
Sony Ericsson PC Companion 1.60.00
SoundTrax
Spelling Dictionaries Support For Adobe Reader 9
Spotify
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
Steam
Suite Shared Configuration CS4
System Requirements Lab
Sytrus
TeamSpeak 3 Client
Telenor Stay Connected
TI Connect 1.6
Toxic Biohazard
Unibet
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
Veoh Web Player
Windows Live Communications Platform
Windows Live Essentials
Windows Live inloggningsassistenten
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
VLC media player 0.9.6
VoipCheapCom
Voipwise

==== End Of File ===========================


Report •

#3
April 10, 2010 at 11:46:03
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3975

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

2010-04-10 20:27:57
mbam-log-2010-04-10 (20-27-57).txt

Scan type: Quick scan
Objects scanned: 108948
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 37
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 6
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{022c671f-6cba-4a03-a8f9-3b3a361b235a} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ad815fc-607b-419f-8b70-d345a507a54e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\smart-shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.hbax (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.hbax.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebutton (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebutton.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Shopper\Bin (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Shopper\Bin\2.5.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\PermissionResearch (Spyware.PermissionResearch) -> Quarantined and deleted successfully.
C:\Program Files\PermissionResearch\components (Spyware.PermissionResearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Adobe-Photoshop-Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper - Comapre product prices.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper - Compare travel rate.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper Help.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\Uninstall SmartShopper.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Shopper\Uninst.exe (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Users\Alex\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


Report •

Related Solutions

#4
April 10, 2010 at 14:38:56
You need to uninstall one of your antivirus programs, as they will conflict and cause many problems,

Go to start> control panel> click the Java icon> update tab> update now and allow Java to update. If you are prompted for any add-ons uncheck the box and continue. The newest Java is version 6 update 19.

Please download Combofix with internet explorer instead of any other browser if possible.

Remember..your AVG/Eset antivirus and Windows Defender must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

Ask Question