Inactive started w/google redirect&now taken over entire pc

[Inactive] started w/google redirect&now taken over entire pc

Hi! First of all I just want to say that I am so very thrilled to be here and I thank you for allowing me to be a part of such a wonderful forum..I have been reading here just see if others had experienced or were experiencing this unbelievable virus that I presently am at my wits end in finghting.. Let me explain and give a little detail about what I am up against and hwo exactly that it started..

We have been long term users of the Norton products and they have always kept us safe and clean{for many years}..When ours was up for renewal{a little over a week ago}I stupidly took the advice of someone to try the "Virus Fighter "..I said why not? What would it hurt to venture out and try a new product? Boy if I'd only known what I was getting into..I signed up for the 30 day trial..downloaded and installed the progam..Clicked on to enable the highest of security in all ways and happily went about my business.. Within days I started having the google redirect problem on my Firefox browser{which is my main browser that is used..only use IE when I have to}.The google redirect was really really bothersome and irritating..At this same time that problem started I was attempting to install my updates to my Garmin c340 so I did not right away attempt to rectify my google redirect issue{I never dreamed it was some type virus}.So I planned to finish updating my Garmin and then to deal with what was happening with Google..By the time I was nearing the end of getting my updates completely installed on a reformatted sd card I was truly encountering numerous issues..not only the redirect but now google was blocking me and sending me to must enter these characters to prove that you are human..stating that an unusual amount of traffic was coming from my computer thru google so they continued blocking it..Also at this point I realized that on several places I was being informed that I had an imcompatible browser slong with the fact that on a commonly posted on forum that I frequent when I attempted to post it blocked it as well stating that Admn.was blocking posts from people who were hiding behind proxies..By this point I knew there had to be some serious issues going on with my computer..

So I immediately went into my "Virus Fighter" and did a COMPLETE SCAN OF ALL COMPONENTS..which at the end listed I believe 3 main issues that they labeled bad and stated they had quarantined and were no longer a threat to my computer.. I even went thru all the suspicious ones and went and ahead and deleted those as well just to be sure..I did not see a huge improvement{some improvement but not totally back to normal}..so that's when I downloaded and performed the Norton Power Eraser.. The first scan located something and when I clicked that I wanted it removed and to reboot 4+hrs later it was still just attempting to log off..could not even shut down..so I left it in hopes it would resolve itself..The next morning still "logging off" at this point the only thing I could do was to take out the battery to force it to shut down... I left it set unused..un plugged in for the entire day..

When I restarted the laptop it seemed to be somewhat better..Not near as many redirects and only once did it sent me to the google block..prove your human page{huge improvement}..but this is when I started investigating just what the heck was going on.. I quickly saw that it was this Win32..bunch of different names for it and the microsoft forum directed me to quickly take care of it with the TDSSKiller..Stating that it should quickly locate and rid the virus completely..it was the only program found to kill this particular virus.. I was very optimistic due to the feedback of the vast majority it had worked for..Unfortunately for me the first time It kept giving me error msgs and would not even run the program and then when I downloaded it again and opened it thru WinZip it opened and I clicked to do the complete scan..It only was like 3mins{which seemed extremely short to me}and quickly came back with no problem..NO THREATS..

At this point I went into my Windows defender in hopes that it could some how assist me or offer protection from further infection..It said my windows defender was out of date..so I clicked to find newest update so that I might use it and run a scan as well.. This is when I found that I am unable to even receive any windows updates..I also found thru researching that this virus most likely was somehow linked with corrupt outdated Java..went to Java to update all their software and it found that Jave 5&6 were still on my computer and needed to be removed before installing updates..I still have yet to accomplish removing the Java 5&6..Thats alot of the details of what I have been up against..

The only other thing I wanted to mention was that after I put my sd card that contained the new North American 2011 updated maps into my Garmin everything was working great..it recognized and loaded my new updated maps.. That night before I went to bed I hooked my garmin by usb to my computer for no other reason than just to charge it{as when we leave for a trip alot of the time we take it off of its base and use it in the car therefor it must have some charged battery power to be able to do this}..The following morning I unhooked and took it with me in the car to try out{we leave for our trip this Weds}..and was horrified to see that the Garmin is literally rendered completely useless.. Nothing at all.. no power whatsoever.. no matter what you plug it into.. IT IS COMPLETELY AND UTTERELY USELESS..which is a devastating reality as we are about to leave on a road trip where its purpose is served..I have yet to tell my husband this info..as MY Dear God there is only so much a person can take..

Can someone please help me?

The only other thing I have attempted was the defogger and the ran the DDS{results below in this post}
I ran the defogger to disable the CD driver and then ran the DDS and received the results and saved them to my notepad{I will post the first one} .. After the DDS was saved I then attempted to run the RkUnhooker but to no avail..It gives me an error msg about something to do with a driver..Its at this point when I thought best to contact you guys to find out if there is even any hope or am I only further infecting and destroying my computer with these steps I'm taking?

Lastly I am only running in Safe mode with Network included..so I am able to access the internet thru this safe method only and am only able to do so with IE as Firefox is eaten up with redirects and blocks..This safe mode is the only way that my computer will run.when I attempt to restart in Normal Mode it crashes right as my login screen pops up{does not even allow me to log in}..it completely crashes every time when it flashes the log in screen..Is there any hope for me?

Here is the report from the scan done with DDS..At your soonest convenience I will be anxiously awaiting a response..Thank you in advance for any help and/or hope you may be able to offer me..You'll never know how much I appreciate just having this forum to come and reach out for help..
~Jess
{P.S. please forgive that my comma key is dead so therefor my long run-on sentences are broken up with dot dot dot[...]lol..just wanted to explain my strange use of punctuation..lol}
Below is the Report from the DDS scan
.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Buddy at 16:30:42.15 on Sat 03/26/2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.3062.2497 [GMT -5:00]
.
AV: VIRUSfighter *Enabled/Updated* {EFAF4EFD-4BE5-FC94-C3DA-2A854B45A6BE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Fighters\VIRUSfighter\vfproTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\Buddy\Desktop\Defogger.exe
C:\Windows\system32\DllHost.exe
C:\Users\Buddy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=1210&m=t-6330u
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=1210&m=t-6330u
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\1.2.0.6\coIEPlg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.2.0.6\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for gateway\traybar.exe "
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [VFPROguard] c:\program files\fighters\virusfighter\VFPROTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\buddy\appdata\roaming\mozilla\firefox\profiles\zse52tuc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.swagbucks.com/
FF - prefs.js: network.proxy.ftp - 50.16.161.226
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 50.16.161.226
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 50.16.161.226
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 50.16.161.226
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 50.16.161.226
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 1
FF - component: c:\programdata\norton\{92622aad-05e8-4459-b256-765ce1e929fb}\nst_1.2.0.6\coffnst\components\coFFNST.dll
FF - component: c:\users\buddy\appdata\roaming\mozilla\firefox\profiles\zse52tuc.default\extensions\{394dcba4-1f92-4f8e-8ec9-8d2cb90cb69b}\components\ScreenshotXPCOM.dll
FF - component: c:\users\buddy\appdata\roaming\mozilla\firefox\profiles\zse52tuc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\buddy\appdata\roaming\mozilla\firefox\profiles\zse52tuc.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\buddy\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Print Without Ads: printwithoutads@oleg.vaskevich - %profile%\extensions\printwithoutads@oleg.vaskevich
FF - Ext: LightShot (screenshot tool): {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} - %profile%\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: AdBan: adban@ad-ban.appspot.com - %profile%\extensions\adban@ad-ban.appspot.com
FF - Ext: HistoryBlock: historyblock@kain - %profile%\extensions\historyblock@kain
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Norton Safe Web Lite Toolbar: {203FB6B2-2E1E-4474-863B-4C483ECCE78E} - c:\programdata\norton\{92622aad-05e8-4459-b256-765ce1e929fb}\nst_1.2.0.6\coFFNST
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
S2 AV Engine Scanning Service;AV Engine Scanning Service;c:\program files\common files\common toolkit suite\avengine\AVScanningService.exe [2010-12-24 797848]
S2 AV Watch Service;AV Watch Service;c:\program files\common files\common toolkit suite\avengine\AVWatchService.exe [2010-12-24 93328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ETService;Empowering Technology Service;c:\program files\gateway\gateway recovery management\service\ETService.exe [2010-12-3 24576]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-12 135664]
S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);c:\users\buddy\downloads\HitmanPro35.exe [2011-3-25 6449984]
S2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.2.0.6\ccSvcHst.exe [2011-3-8 130000]
S2 Suite Service;Suite Service;c:\program files\fighters\FighterSuiteService.exe [2010-12-24 1141896]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [2010-12-24 10264]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-9 30192]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-8 111616]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-25 22:04:34 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-03-25 21:55:06 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-25 21:55:03 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-03-25 21:54:39 -------- d-----w- c:\progra~2\Hitman Pro
2011-03-24 04:24:25 -------- d-----w- c:\users\buddy\appdata\local\Trusted Software
2011-03-24 04:24:02 -------- d-----w- c:\program files\Trusted Software
2011-03-24 01:35:35 -------- d-----w- c:\program files\Conduit
2011-03-24 01:35:24 -------- d-----w- c:\program files\ConduitEngine
2011-03-24 01:35:16 -------- d-----w- c:\program files\uTorrentBar
2011-03-24 01:33:48 -------- d-----w- c:\program files\uTorrent
2011-03-24 01:32:16 -------- d-----w- c:\users\buddy\appdata\roaming\uTorrent
2011-03-23 07:32:39 -------- d-----w- c:\program files\common files\InterCrypto Shared
2011-03-23 07:32:38 -------- d-----w- c:\program files\Master Uneraser
2011-03-20 20:54:02 11888488 ----a-w- c:\users\buddy\MapSource.exe
2011-03-19 23:39:22 -------- d-----w- c:\users\buddy\appdata\local\NPE
2011-03-19 19:42:01 -------- d-----w- c:\windows\pss
2011-03-16 22:29:12 -------- d-----w- c:\users\buddy\appdata\roaming\FreeFileViewer
2011-03-16 21:42:30 -------- d-----w- c:\users\buddy\appdata\local\Apps
2011-03-16 21:32:40 -------- d-----w- c:\program files\FreeFileViewer
2011-03-16 21:05:14 -------- d-----w- c:\progra~2\clp
2011-03-16 21:04:25 -------- d-----w- c:\program files\Fighters
2011-03-16 21:04:25 -------- d-----w- c:\program files\common files\Common Toolkit Suite
2011-03-16 21:04:25 -------- d-----w- c:\progra~2\Common Toolkit Suite
2011-03-16 21:04:16 -------- d-----w- c:\progra~2\Fighters
2011-03-16 21:03:47 -------- dc-h--w- c:\progra~2\{C2854F90-E25A-4436-A624-DAA1A3535BAF}
2011-03-16 21:03:15 -------- d-----w- c:\users\buddy\appdata\roaming\Fighters
2011-03-16 21:03:14 -------- d-----w- c:\users\buddy\appdata\local\PackageAware
2011-03-16 03:34:06 60468584 ----a-w- c:\users\buddy\MapSource_6157.exe
2011-03-16 02:27:22 8797032 ----a-w- c:\users\buddy\MapInstall (1).exe
2011-03-15 22:50:27 -------- d-----w- c:\users\buddy\appdata\roaming\FinalTorrent
2011-03-15 22:48:39 -------- d-----w- c:\program files\File Type Assistant
2011-03-15 22:48:32 -------- d-----w- c:\program files\FinalTorrent
2011-03-15 22:48:11 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-03-15 10:06:53 -------- d-----w- c:\users\buddy\appdata\roaming\WhiteSmoke
2011-03-15 10:05:26 -------- d-----w- c:\program files\WhiteSmoke
2011-03-15 09:26:00 -------- d-----w- c:\users\buddy\appdata\roaming\GARMIN
2011-03-15 03:43:19 -------- d-----w- c:\users\buddy\All pix from Kodak Easyshare
2011-03-12 06:49:10 17536 ----a-w- c:\windows\system32\drivers\grmn0200.sys
2011-03-12 06:49:10 16512 ----a-w- c:\windows\system32\drivers\grmn0400.sys
2011-03-12 06:49:10 11776 ----a-w- c:\windows\system32\drivers\grmn1200.sys
2011-03-08 22:14:01 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-08 22:14:01 323072 ----a-w- c:\windows\system32\sbe.dll
2011-03-08 22:14:01 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-08 22:14:01 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-08 22:13:59 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-08 22:13:58 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 07:41:49 -------- d-----w- c:\windows\system32\drivers\nst\0102000.006
2011-03-08 07:41:49 -------- d-----w- c:\windows\system32\drivers\NST
2011-03-08 07:41:49 -------- d-----w- c:\program files\Norton Safe Web Lite
2011-03-08 07:35:43 -------- d-----w- c:\progra~2\MFAData
2011-03-08 03:51:08 -------- d-----w- c:\program files\Garmin
2011-03-08 03:51:08 -------- d-----w- c:\progra~2\GARMIN
2011-03-08 03:51:06 -------- d-----w- C:\Garmin
2011-03-08 03:51:05 -------- d-----w- C:\MapSource
.
==================== Find3M ====================
.
2011-02-03 03:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-08 07:50:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57:10 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:25:17 2038784 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 14:57:35 409600 ----a-w- c:\windows\system32\odbc32.dll
.
============= FINISH: 16:31:28.41 ===============

 

Hey Jessigirl,

Someone of a lot more skill will happily help you soon but in the meantime, you may want to follow the instructions in this link:

http://www.windowsbbs.com/malware-virus-removal/announcements.html

Take care and best of luck.

Wil

 

Thanks Wil..

Ok So I first made sure my Windows Firewall was ON.. I went ahead and downloaded the Avast.. I then downloaded the Malware Bytes and ran the scan{will post log below} and then did the TFC cleaner where it rebooted..I then downloaded the GMER..I went in and turned off the Firewall and had not yet activated the Avast..so I ran the GMER..about 2 mins into it said this program has stopped running..Windows is closing this program and will let you know when a solution is found..

I then remembered yesterday when I attempted to uninstall the "Virus Fighter "{that started this whole noightmare}..it never would finish uninstalling..So I attempted to uninstall it again and same thing 15mins later it still says it is completeing the UNINSTALL..So I am wondering is this causing the problem with GMER..Even tho I'm in Safe Mode and it shows that Virus Fighter is not working in Safe Mode..Just continues to say searching for service..

Please help..Is it because I'm in safe mode that I cannot UNINSTALL the Virus Fighter? That doesn't make sense as I've easily uninstalled other programs while in Safe Mode.. I'm telling you this Virus Fighter and the White Smoke bs that downloaded with it are somehow at the root cause of whats happening..It all started there and I UNINSTALLED that WHITE SMOKE days ago yet I see its still showing up{as you can see in my Malware Bytes log below}..and now the Virus Fighter will not UNINSTALL and seems to be causing further probs.. If anyone can help and tell me what I should do next since I cannot get The GMER to complete without shutting down..

I am now going to go activate my Avast and turn back on my Windows Firewall til I hear what I should do..

Thanks to anyone who can help..

MALWARE BYTES REPORT SAVED ON MY DESKTOP
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6186

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

3/27/2011 2:51:20 PM
mbam-log-2011-03-27 (14-51-10).txt

Scan type: Quick scan
Objects scanned: 167887
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Buddy\AppData\Roaming\whitesmoke (PUP.WhiteSmoke) -> No action taken.

Files Infected:
c:\$Recycle.Bin\s-1-5-21-1328857917-3039519800-2467850559-1000\$RC6B9U8.exe (PUP.FunWebProducts) -> No action taken.
c:\Users\Buddy\AppData\Local\Temp\wzeab4\garmin unlock 1.5 final\garmin_kgen.exe (RiskWare.Tool.CK) -> No action taken.
c:\Users\Buddy\Setup.exe (Trojan.Agent) -> No action taken.
c:\Users\Buddy\AppData\Roaming\whitesmoke\stat.log (PUP.WhiteSmoke) -> No action taken.

 

Now it says that Avast will not start because the side by side configurations are wrong and for me to check Event Log..

Please help when someone has time..I'm not being bossy I promis I am just scared my pc is not fixable

I ran the TFC..no prob..It rebooted fine..but still hacve to start in Safe Mode.. I downloaded and ran Malware Bytes{log below}..

I attempted the GMER but it keeps crashing and I am in safe mode..

The Virus Fighter will not UNINSTALL..Other programs have UNINSTALLED in safe mode but Virus Fighter will not.. IBelieve it and the White Smoke that downloaded with it is somehow the cause of whats happening..

Here's the MBlog:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6186

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

3/27/2011 2:51:20 PM
mbam-log-2011-03-27 (14-51-10).txt

Scan type: Quick scan
Objects scanned: 167887
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Buddy\AppData\Roaming\whitesmoke (PUP.WhiteSmoke) -> No action taken.

Files Infected:
c:\$Recycle.Bin\s-1-5-21-1328857917-3039519800-2467850559-1000\$RC6B9U8.exe (PUP.FunWebProducts) -> No action taken.
c:\Users\Buddy\AppData\Local\Temp\wzeab4\garmin unlock 1.5 final\garmin_kgen.exe (RiskWare.Tool.CK) -> No action taken.
c:\Users\Buddy\Setup.exe (Trojan.Agent) -> No action taken.
c:\Users\Buddy\AppData\Roaming\whitesmoke\stat.log (PUP.WhiteSmoke) -> No action taken.

 

Thank you broni..Yes I noticed as well that it said No action taken but I did click on each of them to remove..I think maybe I copied the log before it removed them.. I will rerun it and post the log ..

I am on my sons Mac notebook now because I was finally able to run the GMER by clicking off the Devices box{as was specified in you alls thorough instructions}

So Presently that is running on my Gateway laptop..As soon as it finishes I will run the malware Bytes scan and then post both logs..

Thanks so much for the help.

 

Just wanted to check to make sure it's normal for the GMER scan to still be running on my computer?.. I have not touched my laptop and it is the only thing open and/or running but just wanted to make sure I hadn't somehow done it wrong..

About 2hrs run time and still going..

ETA:
It presently has 23 "Reg" errors/infected files

 

YAAAAAAY! The GMER is finally finished{will post log below}..I am now going to rescan with the Malware Bytes as you suggested and then I will also post its cuurent report/log..Followed by your instructions above with the SUPER Anti spyware and then post its log as well..

Let me know if there is anything different that I need to do..If not those two things are what I will be doing immediately and will post ASAP..(again I just wanna say Thank you so very much for your help..It is so very much appreciated)

Here is the GMER log:
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-27 18:56:53
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST9250827AS rev.3.AAA
Running: ib1n4w5o.exe; Driver: C:\Users\Buddy\AppData\Local\Temp\kgloqpob.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 636
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute autocheck autochk *?bootdelete?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management@ExistingPageFiles \??\C:\pagefile.sys?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 75
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 315215131
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime 15
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 3f0336b7-76ae-4b19-89f8-4a8803a
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootStatus 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@ReadyBootPlanUsage 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1416
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile@EnableFirewall 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 657
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7897DE47-9541-4516-B843-1665634C7DCC}@LeaseObtainedTime 1301087540
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7897DE47-9541-4516-B843-1665634C7DCC}@T1 1301130740
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7897DE47-9541-4516-B843-1665634C7DCC}@T2 1301163140
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7897DE47-9541-4516-B843-1665634C7DCC}@LeaseTerminatesTime 1301173940
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report13118085
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{40C86DD4-73FD-45A2-A417-6A04F884330B}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{EFDEC1FB-8835-413B-9F98-15A0F6254478}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1328857917-3039519800-2467850559-1000@State 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1328857917-3039519800-2467850559-1000@RefCount 0

---- EOF - GMER 1.0.15 ----

 

Here is the Malware Bytes Scan log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6187

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

3/27/2011 7:08:23 PM
mbam-log-2011-03-27 (19-08-23).txt

Scan type: Quick scan
Objects scanned: 160546
Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

What the heck is the deal with this d@mn WHITESMOKE! It was just successfully deleted in MB scan/log and yet here we go again as WHITE SMOKE turns up in the SUPER Anti Spyware scan/log.. How can that be? If the Malware Bytes deletes it, then how is it immediately still there in the next scan??

As I said I had deleted all traces of WHITESMOKE days ago and I am highly, highly suspicious of the "Virus Fighter" which I downloaded the 30 day trial of in place of our usual Norton Security that we'd always used.. I made a huge mistake trying something else..The "Virus Fighter" is what downloaded the WHITESMOKE to my computer without even asking me..It came along with the "Virus Fighter "..and it is since that decision and download therefor those 2 programs being on my computer{Virus Fighter/WHITESMOKE}..EVER SINCE THAT MOMENT MY COMPUTER HAS QUICKLY SPIRALED OUT OF CONTROL WITH THIS VIRUS THING!!!!

I have already sent an email to Virus Fighter stating my grave concern for what has happened with my computer since allowing their Virus Fighter to download and they're claiming it has zero to do with what's happened..

Is that where all of this is coming from? The WHITESMOKE? In your opinion what do you think?And lastly I would definitely like to have the "Virus Fighter" permanently UNINSTALLED/DELETED FROM MY COMPUTER and thus far I've not been able to do that it stalls in the UNINSTALL process..Would you help me do that whenever you find that its the appropriate time to do so?..And before I forget I also need help in UNINSTALLING/REMOVING my outdated Java 5&6 software so that I may receive the proper updates?..Java says those must be removed before they can install the proper updates..and for some reason I have not been able to UNINSTALL/REMOVE either Java 5 or Java 6..I'm sorry to be just babbling all of these things at you.. I trust you and
Again I appreciate your help so very much.

Here's The SUPER Anti Spyware scan/logs:

 

Yes you asked me to do the SUPER Anti Spyware and then the combo fix..
So that is what order I did them in..
I am starting the Combo Fix at this time and will post those logs just as soon as they finish running..
Here's the SUPER spyware log I forgot to attach above..not sure if you still need it but here it is..{combo will be in next post ASAP that I can get it done}
SUPER log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/27/2011 at 08:32 PM

Application Version : 4.50.1002

Core Rules Database Version : 6687
Trace Rules Database Version: 4499

Scan type : Complete Scan
Total Scan Time : 01:11:15

Memory items scanned : 337
Memory threats detected : 0
Registry items scanned : 7729
Registry threats detected : 0
File items scanned : 130771
File threats detected : 1

PUP.Whitesmoke
C:\Program Files\WHITESMOKE

 

I am stuck!! not sure what to do..I am attempting to run the combo fix as you asked but the "Virus Fighter" is causing problems again.. As I stated the Virus Fighter just does nothing but continue to say "waiting for service "..I cannot get past the "waiting for service" screen to disble the "Virus Fighter "..and as I've said I cannot even UNINSTALL THE VIRUS FIGHTER! as it stalls in the continuing to uninstall phase.. I can get no one from support only send an email..They say I must buy their product in order to receive customer service{same day}and as I said this{from the moment I downloaded and installed the Virus Fighter/WHITESMOKE} has been the start point for my entire nightmare..

Now Combofix is warning me that it has detected the "Virus Fighter" real time scanner to be active and to please disable these scanners before clicking ok..

What now?

 

ok thanks.. Will attempt to start it now..

 

We're in business..lol..It's doing its job and says it usually takes about 10 mins..I'll post logs just as soon as they're done..

Thanks so much!