"WEB CAKE 3.0" infection - HELP

Hi

HELP! I have been infected by "WEB CAKE 3.0".

BACKGROUND
I am running Windows7 x64 on 8GB of RAM, and 256GB of SSD.
I am using Microsoft Security Essentials for virus protection.
I am pretty much a newbie.

THE STORY SO FAR:
1. I found it in Control Panel > Programs and Features, and because I didn't recognize it I tried to uninstall it.
I have no idea how or when it got there.
2. But it wouldn't uninstall.
3. So then following a thead on WEB CAKE 3.0 - It crashes Internet Explorer regularly - Microsoft Community I used regedit to search for "WEB CAKE", "WEBCAKE" and just "CAKE" as well as "Tarma" and I deleted any line in my registry that had any such reference. There were about 30 of these
4. Then I used "Everything" (desktop search" to find and delete any file with "cake" in the name - there were about 5 of these.
5. I then following the advice on answers.microsoft.com installed "SpyHunter 4" and ran a fast scan.
This found about 66 items under the following headings:
- Babylon Search
- Hola Search
- Advert
- Adware Helpers
- Adware.WebCake
- Atlas DMT
- DoubleClick
- Media
However I then discovered that SpyHunter 4 is not free so I stopped.

What should I do next?
Many thanks

J

Hi

Okay I just ran MalwareBytes here are the results:

>>>>>

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.08.01.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Alec :: ALEC09 [limited]

01/08/2013 17:44:09
mbam-log-2013-08-01 (17-44-09).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 501884
Time elapsed: 23 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

>>>>>


OJK, I then ran AdwCleaner and here are its results:


>>>
# AdwCleaner v2.306 - Logfile created 08/01/2013 at 18:15:40
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (64 bits)
# User : Alec - ALEC09
# Boot Mode : Normal
# Running from : C:\Users\Alec\Downloads\AdwCleaner (1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\obg07pq8.default\prefs.js

[OK] File is clean.

File : C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\xy2jf0dy.default-1375366487036\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.15.1748.0

File : C:\Users\Alec\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4278 octets] - [01/11/2012 22:32:42]
AdwCleaner[R2].txt - [1830 octets] - [01/08/2013 16:13:12]
AdwCleaner[R3].txt - [1890 octets] - [01/08/2013 16:15:41]
AdwCleaner[R4].txt - [1752 octets] - [01/08/2013 16:21:58]
AdwCleaner[R5].txt - [1662 octets] - [01/08/2013 18:15:40]
AdwCleaner[S2].txt - [4264 octets] - [01/11/2012 22:42:54]
AdwCleaner[S3].txt - [1960 octets] - [01/08/2013 16:16:31]
AdwCleaner[S4].txt - [1816 octets] - [01/08/2013 16:22:34]

########## EOF - C:\AdwCleaner[R5].txt - [1902 octets] ##########

>>>>>

Do you have any idea what these are?

> Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
> Key Found : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
> Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

Also, I just ran TDSSKiller which found nothing.

> Welcome to sevenforums!
Thanks :)

> MSE is not a good enough anti-virus solution on it's own, I don't recommend it to anyone for that purpose.
Oh-oh. But I thought it was bad to run too AV solutions at once.
So should I uninstall MSE completely?

> avtest.org will enlighten you on the major products available, MSE is rated dead last overall.
BitDefender Internet Security gets good marks on avtest.org. Should I buy that?
At £44.95 (per year?) it's at the very top end of what I'd be prepared to spend.
What are your personal recommendations?

Comodo: Internet Security Premium scores even better but nothing of that name seems to exist on comodo.com. There is something called "Comodo Internet Security Complete 2013" for $39.99 which is certainly cheaper than BidDefender if it does the same thing.

In the past, my main issue with AV software is that they all seem to slow the computer up really badly.

> I suggest exploring other browsers to use as well, all should import IE's bookmarks and all cost nothing.
> Firefox, Opera, Maxthon, Chrome, Safari, and Pale Moon (Firefox based), to name a few.
Unfortunately I cant abandon the major browsers completely because I am a webmaster and necessarily HAVE to test sites using popular software including MSIE. I already use Chrome, Safair, Firefox and Opera.

Meanwhile how can I make sure I'm not still infected?

I have recently run JRT and HitmanPr but I'll do so again now.

OK here is my JRT.txt file:

>>>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows 7 Professional x64
Ran by Alec on 01/08/2013 at 20:11:21.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/08/2013 at 20:15:15.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>>>

Here is "HitmanPro_20130801_2042.log":


>>>

Code:

HitmanPro 3.7.7.202
www.hitmanpro.com

   Computer name . . . . : XXXX09
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : xxxx09\Xxxx
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-08-01 20:35:01
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 18s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0

   Objects scanned . . . : 1,659,792
   Files scanned . . . . : 46,281
   Remnants scanned  . . : 467,751 files / 1,145,760 keys

I profoundly disapprove of SpyHunter because it is not building trust before demanding money. Nonetheless it is worrying that when I run it, it is still finding various problems. Fewer problems than before, including fewer Web Cake problems, but still various problems... (!)



Now what?