Possible infection by Shop To Win or DealRunner...

I recently tried to download a docx to doc file converter and it required that other components be downloaded as well. This includes Shop to Win and DealRunner. I recently tried to delete both of these files and I thought that it worked, but when I looked back at the list of programs on my computer, I saw that they were still on it. I tried to delete them again but this is the message that shows up:

The file does not exist. Cannot uninstall.

I did a little bit of research on Shop To Win and other users have experienced pop-ups because of the program. I only downloaded this program last night (Aug. 4), but so far I haven't been experiencing any problems with it. DealRunner just opens up on the bottom right-hand corner of my desktop when I turn my computer on and its icon just remains in my group of desktop icons. Other than that, they don't disturb me while I'm on the computer.

I tried a system restore but they're still on my computer.

However, I ran a MalwareBytes scan and found 4 infected files. Here's the log report:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7390

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/5/2011 10:44:09 PM
mbam-log-2011-08-05 (22-44-09).txt

Scan type: Quick scan
Objects scanned: 144661
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Owner\my documents\downloads\setupplaysushi.exe (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\my documents\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.


I removed the infected files and did another scan and it didn't find anything else infected. However, both Shop To Win and DealRunner are still on my computer and it's annoying me that I can't delete these two programs. If these programs are harmless, then I'm alright with them being on my computer, but if they're viruses, I would like some assistance in trying to remove them before they get really horrible.

Thanks for any help you can provide!

Welcome aboard

Since you uninstalled those programs what you see may be just empty entries.
Where exactly do you see those files?

When I go to Start>>Control Panel>>Add or Remove Programs I see the following programs among all the others:

- Shop to Win

- DealRunner

- Yontoo Layers Runtime 1.10.01


When I tried to delete Shop To Win, this is the message that shows up:

File "C:\ProgramFiles\ShopToWin\unins000.dat" does not exist. Cannot uninstall.

Similar error messages show up for the other two programs as well. I think you may be right in that they're just empty entries, but DealRunner still shows up in my desktop icons when my computer starts up. Is there any way to tell for sure whether these programs are still on my computer?

Thanks.

Get Add\Remove Cleaner: http://www.intelliadmin.com/blog/addremovecleaner.exe and remove those entries.

Any other issues?

Thanks! I used that program and all three programs have been successfully removed from the "Add or Remove Programs" list.

However, when I go to Start>>All Programs, DealRunner is still there and the program still pops up on the bottom right hand corner of my desktop when the computer starts up. Should I just ignore this for now, or is there anything I can do to remove this program? So far, it seems to be harmless and I haven't seen any other information regarding any malicious activity on it, but it's suspicious how I can't remove it.

The other two programs appear to be gone though.

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:



Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):

http://www.filedropper.com/autoruns

http://www.filedropper.com/autoruns

I saw DealRunner on this program so we're definitely on the right path!

Sorry for the double-post!

Re-run Autoruns, click on "Logon" tab.
Un-check:

+ "DealRunner"

Restart computer.

Open Windows Explorer and delete following folder (if exists): c:\program files\dealrunner

Do I just exit out of the program once I uncheck the DealRunner or am I supposed to click something else?

Just exit it.

Okay, I did that and when I restarted, the program did not start up which is good. However, it's still there when I go to Start>>All Programs. I clicked on it from there, and then it opens up, but I can click the icon and choose to exit out of the program.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box into the main textfield:
  

  :dir
  C:\Documents and Settings\All Users\Start Menu
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 00:30 on 06/08/2011 by Owner
Administrator - Elevation successful

========== dir ==========

C:\Documents and Settings\All Users\Start Menu - Parameters: "(none)"

---Files---
desktop.ini --ahs-- 272 bytes [13:18 25/11/2010] [05:11 19/03/2011]
Set Program Access and Defaults.lnk --a---- 1563 bytes [05:11 19/03/2011] [05:11 19/03/2011]
VZ In-Home Agent.lnk --a---- 1946 bytes [18:58 12/07/2011] [18:58 12/07/2011]
Windows Catalog.lnk --a---- 398 bytes [18:44 25/11/2010] [23:41 27/11/2010]
Windows Update.lnk --a---- 1507 bytes [18:44 25/11/2010] [23:41 27/11/2010]

---Folders---
Programs dr----- [13:18 25/11/2010]

-= EOF =-

Re-run the tool one more time with this code:

:dir
C:\Documents and Settings\All Users\Start Menu\Programs