Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Vundo


  • This topic is locked This topic is locked

#1
kkay007

kkay007

    New Member

  • Member
  • Pip
  • 6 posts
For a while, my computer will not allow installation of certain programs. It won't execute them properly. When I ran Kaspersky, it didn't find anything. When I ran Malwarebytes, if found quite a few trojan.vundo infected files. After the scan and "removal", a message popped up saying it all had been removed effectively and to restart the computer. So I did. After restarting, I still cannot install and execute some programs. This is not my first encounter with this trojan and know that it is a sneaky little devil. After running Malwarebytes Antimalware again, it didn't pick up anything but I still believe that my computer is infected. Please help me remove whatever is infecting my laptop. Thank you in advance for any help. Also, I installed and ran OTL without issue, but still twenty minutes after it finished the scan, it has not opened up a log on notepad.
  • 0

Advertisements


#2
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

First delete your copy of OTL.exe from the Desktop.

Then download the latest version of OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

If the OTL scan hasn't completed within 30 minutes, then you can abort the scan and run the following tool instead:

Please download DDS and save it to your desktop.
  • Disable any script blocking protection.
  • Double click dds.com to run the tool..
  • When done, DDS will open two logs (DDS.txt and Attach.txt).
  • Save both reports to your desktop.

Please include the contents of DDS.txt in your next reply.
  • 0

#3
kkay007

kkay007

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you for your quick response. Here is the OTL log.

OTL logfile created on: 5/30/2011 8:12:31 AM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 42.84% Memory free
3.74 Gb Paging File | 2.35 Gb Available in Paging File | 62.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.47 Gb Total Space | 57.86 Gb Free Space | 26.01% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Downloads\OTL.com (OldTimer Tools)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Downloads\OTL.com (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (25248712) -- C:\Windows\SysNative\drivers\25248712.sys (Kaspersky Lab)
DRV:64bit: - (setup_9.0.0.722_28.10.2010_00-08drv) -- C:\Windows\SysNative\drivers\2524871.sys (Kaspersky Lab)
DRV:64bit: - (25248711) -- C:\Windows\SysNative\drivers\25248711.sys (Kaspersky Lab)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (Normandy) -- C:\windows\SysWow64\drivers\Normandy.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1695937463-1214367855-1812431571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-1695937463-1214367855-1812431571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1695937463-1214367855-1812431571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-1695937463-1214367855-1812431571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKU\S-1-5-21-1695937463-1214367855-1812431571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.co...=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-1695937463-1214367855-1812431571-1000\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1695937463-1214367855-1812431571-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1695937463-1214367855-1812431571-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\3.bin
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/01 14:29:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/02 06:43:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010/10/25 02:45:56 | 000,000,000 | ---D | M]

[2011/03/17 09:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2011/03/17 09:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/10/02 00:54:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/10/01 23:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/05/29 00:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\fin1gb4i.default\extensions
[2011/03/29 08:28:05 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\fin1gb4i.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2011/05/24 17:24:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\fin1gb4i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/30 13:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\fin1gb4i.default\extensions\[email protected]
[2010/11/25 02:11:58 | 000,001,919 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fin1gb4i.default\searchplugins\bing-zugo.xml
[2010/11/17 12:05:14 | 000,000,919 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fin1gb4i.default\searchplugins\conduit.xml
[2010/12/06 12:51:10 | 000,001,484 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fin1gb4i.default\searchplugins\start-searcher.xml
[2011/01/27 11:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/21 10:08:47 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/25 02:46:32 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]

O1 HOSTS File: ([2010/04/30 14:56:09 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (no name) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - No CLSID value found.
O2 - BHO: (Mighty Magoo Text) - {97E74A14-E5F1-40cc-9B0F-0D11946E5469} - C:\Program Files (x86)\Mighty Magoo\mmagootl.dll ()
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1695937463-1214367855-1812431571-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mightymagoo] C:\Program Files (x86)\Mighty Magoo\mightymagoo32.exe ()
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1695937463-1214367855-1812431571-1000..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-1695937463-1214367855-1812431571-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{edde678b-7328-11e0-8fcc-96fb3372b8ea}\Shell - "" = AutoRun
O33 - MountPoints2\{edde678b-7328-11e0-8fcc-96fb3372b8ea}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autoplay.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 04:48:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/30 04:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/05/30 01:58:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{122050F1-DE8F-476B-8456-CC693EC027DC}
[2011/05/29 13:57:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{19EDF2B2-890D-48D7-9E6E-D622E9A5E923}
[2011/05/29 01:57:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8018FD12-E738-420D-8895-4C26C549D4EB}
[2011/05/28 03:51:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8747F6BB-68C4-4CA0-97F2-2479D65A9FCA}
[2011/05/27 04:57:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{934A1446-3D54-4FA8-B94E-F7F1721D35B7}
[2011/05/25 22:38:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{14ED37B2-1DAD-4D84-BAAB-2EBE7E451407}
[2011/05/23 17:23:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{364C5DB9-226D-4D31-AE2F-DB1269350452}
[2011/05/20 23:31:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DE5EB015-85E4-4161-BFA0-A410265F064D}
[2011/05/20 13:24:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2011/05/20 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\.thumbnails
[2011/05/20 13:19:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\.gimp-2.6
[2011/05/20 13:19:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\gegl-0.0
[2011/05/20 13:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011/05/20 13:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2011/05/20 11:31:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A68D1A16-3EB9-45B8-B541-E5B15F973D10}
[2011/05/19 15:23:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{30E35487-1D24-47D9-93DC-6F321291F7D9}
[2011/05/19 01:44:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{058EC181-1CF1-49F7-A7EC-3710B586956C}
[2011/05/17 21:47:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1E8E6D4D-5993-4117-8043-035EED05BE3F}
[2011/05/17 09:46:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E7442921-580F-41E1-8BB8-DAFC7E585497}
[2011/05/16 19:25:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B6741453-7FFF-4379-B377-A65DDDEDB7A1}
[2011/05/16 07:24:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{CD8E04F8-10BB-4F1A-9FFF-175BDECF0A93}
[2011/05/15 13:34:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1CDCF9AF-3830-43C7-94FE-9E8ABA6E3EE8}
[2011/05/15 13:30:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{286B6905-00A8-4A4D-938E-CD1C0C3C3378}
[2011/05/13 02:29:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5F619B72-9A6D-4DA2-80FA-37969A6AA09E}
[2011/05/08 01:57:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2AC94F0A-8263-4EA5-BAAC-9B2461D35EE7}
[2011/05/06 21:14:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{447F8198-79F2-40AA-A76B-0EF73EAFD6AF}
[2011/05/05 20:32:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{CD02E256-B23C-4CBC-BAEC-FAA69DFB4587}
[2011/05/05 08:31:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{65842596-A5C7-4FDF-8455-30BB68390853}
[2011/05/04 20:31:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{43756299-FB6F-4539-9C2F-E0300DB0A6E9}
[2011/05/04 02:48:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0464C00E-BFBB-4593-812D-4C6F6B597C2C}
[2011/05/03 14:48:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6622CFC0-BEC7-422D-AAD9-5229F6D799F7}
[2011/05/03 02:10:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{442692ED-1115-4973-81B4-CD65F04A6870}
[2011/05/02 14:10:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{61CEC67C-A1A0-4250-9F9B-27816259AC4F}
[2011/05/01 22:46:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AF47DDD4-4366-4217-9B29-CCADB31E4559}

========== Files - Modified Within 30 Days ==========

[2011/05/30 07:24:01 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/30 04:48:22 | 000,002,975 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2011/05/30 04:43:00 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 04:43:00 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 04:40:09 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/05/30 04:40:09 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/05/30 04:40:09 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/05/30 04:34:56 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/30 04:34:32 | 002,331,360 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/05/30 04:34:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/05/30 04:34:08 | 1506,783,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/30 04:19:37 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2011/05/30 02:42:40 | 000,004,646 | ---- | M] () -- C:\Users\Owner\.recently-used.xbel
[2011/05/25 02:32:18 | 000,001,758 | ---- | M] () -- C:\Users\Owner\Documents\Document61.rtf
[2011/05/25 01:33:52 | 000,004,511 | ---- | M] () -- C:\Users\Owner\Documents\Document6.rtf
[2011/05/23 16:24:27 | 000,001,848 | ---- | M] () -- C:\Users\Owner\Desktop\IMVU.lnk
[2011/05/20 13:16:47 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/05/20 00:06:56 | 000,042,553 | ---- | M] () -- C:\Users\Owner\Documents\spend.rtf
[2011/05/14 18:12:39 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/06 03:09:20 | 000,000,547 | ---- | M] () -- C:\Users\Owner\Documents\Document8.rtf
[2011/05/02 21:01:04 | 000,001,237 | ---- | M] () -- C:\Users\Owner\Documents\Document3.rtf

========== Files Created - No Company Name ==========

[2011/05/30 04:19:37 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2011/05/30 02:42:40 | 000,004,646 | ---- | C] () -- C:\Users\Owner\.recently-used.xbel
[2011/05/25 02:32:18 | 000,001,758 | ---- | C] () -- C:\Users\Owner\Documents\Document61.rtf
[2011/05/25 01:33:50 | 000,004,511 | ---- | C] () -- C:\Users\Owner\Documents\Document6.rtf
[2011/05/20 13:16:47 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/05/19 17:23:35 | 000,042,553 | ---- | C] () -- C:\Users\Owner\Documents\spend.rtf
[2011/05/14 17:23:35 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/06 03:09:18 | 000,000,547 | ---- | C] () -- C:\Users\Owner\Documents\Document8.rtf
[2011/05/02 21:01:03 | 000,001,237 | ---- | C] () -- C:\Users\Owner\Documents\Document3.rtf
[2011/01/28 17:30:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\StartupItems
[2011/01/28 17:30:50 | 000,000,268 | RH-- | C] () -- C:\Users\Owner\AppData\Roaming\Speech Enhancer
[2011/01/28 17:30:50 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011/01/28 17:30:50 | 000,000,012 | RH-- | C] () -- C:\ProgramData\SupportPrinters
[2011/01/28 17:27:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Standard
[2011/01/28 17:27:13 | 000,000,268 | RH-- | C] () -- C:\Users\Owner\AppData\Roaming\Spacious
[2011/01/28 17:27:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/01/28 17:27:13 | 000,000,012 | RH-- | C] () -- C:\ProgramData\String Comparison
[2011/01/17 03:21:01 | 000,003,584 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/28 13:25:13 | 000,230,752 | ---- | C] () -- C:\windows\patchw32.dll
[2010/12/28 13:25:11 | 000,118,176 | ---- | C] () -- C:\windows\patchw.dll
[2010/11/29 23:09:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/26 19:01:14 | 000,711,168 | ---- | C] () -- C:\windows\is-0INPD.exe
[2010/10/26 16:17:55 | 000,034,560 | ---- | C] () -- C:\windows\SysWow64\drivers\Normandy.sys
[2010/02/20 12:22:24 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2010/02/20 12:22:24 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2010/02/20 12:22:24 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2010/02/20 11:27:36 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/02/20 11:27:36 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/26 17:24:18 | 000,015,498 | ---- | C] () -- C:\windows\VX3000.ini
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/02/02 06:44:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2011/01/24 10:08:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Babylon
[2011/05/30 02:14:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2011/05/30 07:16:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IMVU
[2011/05/23 16:24:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IMVUClient
[2011/01/17 02:53:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet
[2011/01/28 20:43:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SecondLife
[2011/03/17 09:34:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TomTom
[2010/10/07 06:28:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
[2010/10/01 23:50:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Trillian
[2010/10/02 01:31:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Vivox
[2010/10/01 14:50:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2011/01/21 11:15:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2009/07/14 01:08:49 | 000,018,918 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#4
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
    IE - HKU\S-1-5-21-1695937463-1214367855-1812431571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\3.bin
    [2010/12/30 13:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\fin1gb4i.default\extensions\[email protected]
    [2010/11/25 02:11:58 | 000,001,919 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fin1gb4i.default\searchplugins\bing-zugo.xml
    [2010/12/06 12:51:10 | 000,001,484 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fin1gb4i.default\searchplugins\start-searcher.xml
    O2 - BHO: (no name) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No CLSID value found.
    O2 - BHO: (Mighty Magoo Text) - {97E74A14-E5F1-40cc-9B0F-0D11946E5469} - C:\Program Files (x86)\Mighty Magoo\mmagootl.dll ()
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O4 - HKLM..\Run: [Mightymagoo] C:\Program Files (x86)\Mighty Magoo\mightymagoo32.exe ()
    O33 - MountPoints2\{edde678b-7328-11e0-8fcc-96fb3372b8ea}\Shell - "" = AutoRun
    O33 - MountPoints2\{edde678b-7328-11e0-8fcc-96fb3372b8ea}\Shell\AutoRun\command - "" = F:\setup.exe -a
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autoplay.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -a
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files (x86)\MyWebSearch
    C:\Program Files (x86)\Mighty Magoo
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:

    Click me

    If you can't disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#5
kkay007

kkay007

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello, here is the ComboFix log.

ComboFix 11-05-29.02 - Owner 05/30/2011 9:58.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1916.891 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinPCap
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-30 14:19 . 2011-05-30 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 13:52 . 2011-05-30 13:54 -------- d-----w- C:\32788R22FWJFW
2011-05-30 08:48 . 2011-05-30 08:48 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-30 08:48 . 2011-05-30 08:48 -------- d-----w- c:\program files (x86)\Trend Micro
2011-05-30 05:58 . 2011-05-30 05:58 -------- d-----w- c:\users\Owner\AppData\Local\{122050F1-DE8F-476B-8456-CC693EC027DC}
2011-05-29 17:57 . 2011-05-29 17:57 -------- d-----w- c:\users\Owner\AppData\Local\{19EDF2B2-890D-48D7-9E6E-D622E9A5E923}
2011-05-29 05:57 . 2011-05-29 05:57 -------- d-----w- c:\users\Owner\AppData\Local\{8018FD12-E738-420D-8895-4C26C549D4EB}
2011-05-28 07:51 . 2011-05-28 07:51 -------- d-----w- c:\users\Owner\AppData\Local\{8747F6BB-68C4-4CA0-97F2-2479D65A9FCA}
2011-05-27 15:16 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB5261C8-96C6-46F7-AD9C-CB74B85538DE}\mpengine.dll
2011-05-27 08:57 . 2011-05-27 08:58 -------- d-----w- c:\users\Owner\AppData\Local\{934A1446-3D54-4FA8-B94E-F7F1721D35B7}
2011-05-26 02:38 . 2011-05-26 02:38 -------- d-----w- c:\users\Owner\AppData\Local\{14ED37B2-1DAD-4D84-BAAB-2EBE7E451407}
2011-05-25 00:49 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-23 21:23 . 2011-05-23 21:23 -------- d-----w- c:\users\Owner\AppData\Local\{364C5DB9-226D-4D31-AE2F-DB1269350452}
2011-05-21 03:31 . 2011-05-21 03:31 -------- d-----w- c:\users\Owner\AppData\Local\{DE5EB015-85E4-4161-BFA0-A410265F064D}
2011-05-20 17:24 . 2011-05-30 06:14 -------- d-----w- c:\users\Owner\AppData\Roaming\gtk-2.0
2011-05-20 17:23 . 2011-05-20 17:23 -------- d-----w- c:\users\Owner\.thumbnails
2011-05-20 17:19 . 2011-05-30 06:54 -------- d-----w- c:\users\Owner\.gimp-2.6
2011-05-20 17:12 . 2011-05-20 17:12 -------- d-----w- c:\program files (x86)\GIMP-2.0
2011-05-20 15:31 . 2011-05-20 15:31 -------- d-----w- c:\users\Owner\AppData\Local\{A68D1A16-3EB9-45B8-B541-E5B15F973D10}
2011-05-19 19:23 . 2011-05-19 19:23 -------- d-----w- c:\users\Owner\AppData\Local\{30E35487-1D24-47D9-93DC-6F321291F7D9}
2011-05-19 05:44 . 2011-05-19 05:45 -------- d-----w- c:\users\Owner\AppData\Local\{058EC181-1CF1-49F7-A7EC-3710B586956C}
2011-05-18 01:47 . 2011-05-18 01:47 -------- d-----w- c:\users\Owner\AppData\Local\{1E8E6D4D-5993-4117-8043-035EED05BE3F}
2011-05-17 13:46 . 2011-05-17 13:46 -------- d-----w- c:\users\Owner\AppData\Local\{E7442921-580F-41E1-8BB8-DAFC7E585497}
2011-05-17 12:45 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 12:45 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-16 23:25 . 2011-05-16 23:25 -------- d-----w- c:\users\Owner\AppData\Local\{B6741453-7FFF-4379-B377-A65DDDEDB7A1}
2011-05-16 11:24 . 2011-05-16 11:24 -------- d-----w- c:\users\Owner\AppData\Local\{CD8E04F8-10BB-4F1A-9FFF-175BDECF0A93}
2011-05-15 17:34 . 2011-05-15 17:34 -------- d-----w- c:\users\Owner\AppData\Local\{1CDCF9AF-3830-43C7-94FE-9E8ABA6E3EE8}
2011-05-15 17:30 . 2011-05-15 17:30 -------- d-----w- c:\users\Owner\AppData\Local\{286B6905-00A8-4A4D-938E-CD1C0C3C3378}
2011-05-14 22:13 . 2011-05-14 22:13 -------- d-----w- c:\users\Mcx1-OWNER-PC
2011-05-14 21:25 . 2011-05-14 21:25 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-05-14 21:24 . 2011-05-14 21:24 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-14 21:23 . 2011-05-14 21:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-14 21:23 . 2011-05-14 21:23 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-05-13 06:29 . 2011-05-13 06:30 -------- d-----w- c:\users\Owner\AppData\Local\{5F619B72-9A6D-4DA2-80FA-37969A6AA09E}
2011-05-11 19:21 . 2011-03-29 03:32 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 19:21 . 2011-03-29 03:32 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 19:21 . 2011-03-29 03:32 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 19:21 . 2011-03-29 03:32 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 19:21 . 2011-03-29 03:32 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 19:21 . 2011-03-29 03:32 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 19:21 . 2011-03-29 03:32 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 19:21 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 19:21 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 19:21 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-08 05:57 . 2011-05-08 05:57 -------- d-----w- c:\users\Owner\AppData\Local\{2AC94F0A-8263-4EA5-BAAC-9B2461D35EE7}
2011-05-07 01:14 . 2011-05-07 01:15 -------- d-----w- c:\users\Owner\AppData\Local\{447F8198-79F2-40AA-A76B-0EF73EAFD6AF}
2011-05-06 00:32 . 2011-05-06 00:32 -------- d-----w- c:\users\Owner\AppData\Local\{CD02E256-B23C-4CBC-BAEC-FAA69DFB4587}
2011-05-05 12:31 . 2011-05-05 12:32 -------- d-----w- c:\users\Owner\AppData\Local\{65842596-A5C7-4FDF-8455-30BB68390853}
2011-05-05 00:31 . 2011-05-05 00:31 -------- d-----w- c:\users\Owner\AppData\Local\{43756299-FB6F-4539-9C2F-E0300DB0A6E9}
2011-05-04 06:48 . 2011-05-04 06:49 -------- d-----w- c:\users\Owner\AppData\Local\{0464C00E-BFBB-4593-812D-4C6F6B597C2C}
2011-05-03 18:48 . 2011-05-03 18:48 -------- d-----w- c:\users\Owner\AppData\Local\{6622CFC0-BEC7-422D-AAD9-5229F6D799F7}
2011-05-03 06:10 . 2011-05-03 06:10 -------- d-----w- c:\users\Owner\AppData\Local\{442692ED-1115-4973-81B4-CD65F04A6870}
2011-05-02 18:10 . 2011-05-02 18:10 -------- d-----w- c:\users\Owner\AppData\Local\{61CEC67C-A1A0-4250-9F9B-27816259AC4F}
2011-05-02 02:46 . 2011-05-02 02:46 -------- d-----w- c:\users\Owner\AppData\Local\{AF47DDD4-4366-4217-9B29-CCADB31E4559}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 00:57 . 2011-04-26 00:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-26 00:57 . 2011-04-26 00:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-26 00:57 . 2011-04-26 00:57 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-26 00:57 . 2011-04-26 00:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-26 00:57 . 2011-04-26 00:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-26 00:57 . 2011-04-26 00:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-26 00:57 . 2011-04-26 00:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-26 00:57 . 2011-04-26 00:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-26 00:57 . 2011-04-26 00:57 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-26 00:57 . 2011-04-26 00:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-26 00:57 . 2011-04-26 00:57 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-26 00:57 . 2011-04-26 00:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-26 00:57 . 2011-04-26 00:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-26 00:57 . 2011-04-26 00:57 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-26 00:57 . 2011-04-26 00:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-26 00:57 . 2011-04-26 00:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-26 00:57 . 2011-04-26 00:57 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-26 00:57 . 2011-04-26 00:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-26 00:57 . 2011-04-26 00:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-26 00:57 . 2011-04-26 00:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-26 00:57 . 2011-04-26 00:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-26 00:57 . 2011-04-26 00:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-26 00:57 . 2011-04-26 00:57 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-26 00:57 . 2011-04-26 00:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-26 00:57 . 2011-04-26 00:57 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-26 00:57 . 2011-04-26 00:57 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-26 00:57 . 2011-04-26 00:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-26 00:57 . 2011-04-26 00:57 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-26 00:57 . 2011-04-26 00:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-26 00:57 . 2011-04-26 00:57 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-26 00:57 . 2011-04-26 00:57 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-26 00:57 . 2011-04-26 00:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-26 00:57 . 2011-04-26 00:57 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-26 00:57 . 2011-04-26 00:57 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-26 00:57 . 2011-04-26 00:57 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-26 00:57 . 2011-04-26 00:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-26 00:57 . 2011-04-26 00:57 448512 ----a-w- c:\windows\system32\html.iec
2011-04-26 00:57 . 2011-04-26 00:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-26 00:57 . 2011-04-26 00:57 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-26 00:57 . 2011-04-26 00:57 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-26 00:57 . 2011-04-26 00:57 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-26 00:57 . 2011-04-26 00:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-12 12:03 . 2011-04-28 03:22 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:31 . 2011-04-28 03:22 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:23 . 2011-04-28 03:20 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:23 . 2011-04-28 03:20 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:23 . 2011-04-28 03:20 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:23 . 2011-04-28 03:20 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:23 . 2011-04-28 03:20 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:22 . 2011-04-28 03:20 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:22 . 2011-04-28 03:20 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:19 . 2011-04-15 22:14 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:19 . 2011-04-15 22:14 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:18 . 2011-04-28 03:20 2566144 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:15 . 2011-04-28 03:20 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:40 . 2011-04-15 22:14 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:40 . 2011-04-15 22:14 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:39 . 2011-04-28 03:20 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:37 . 2011-04-28 03:20 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-03-09 23:45 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-08 06:14 . 2011-04-15 22:11 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-15 22:11 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17 . 2011-04-28 03:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-28 03:21 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17 . 2011-04-15 22:11 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-15 22:11 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-15 22:11 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-15 22:14 3133440 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-04-04 05:25 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-04 39408]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-07-07 1008128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-10-25 352976]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2010-12-13 3826616]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-06 195072]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-9-21 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-16 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-16 135664]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 Normandy;Normandy SR2; [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-04-04 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 25248712;25248712 Boot Guard Driver;c:\windows\system32\DRIVERS\25248712.sys [x]
S1 25248711;25248711;c:\windows\system32\DRIVERS\25248711.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 setup_9.0.0.722_28.10.2010_00-08drv;setup_9.0.0.722_28.10.2010_00-08drv;c:\windows\system32\DRIVERS\2524871.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-16 15:01]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-16 15:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-04-04 05:25 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fin1gb4i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.startsearcher.com/?q=
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: IMVU Inc Community Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - %profile%\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
FF - user.js: general.useragent.extra.brc -
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
BHO-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
Toolbar-Locked - (no file)
Toolbar-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1695937463-1214367855-1812431571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1695937463-1214367855-1812431571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-30 10:37:46
ComboFix-quarantined-files.txt 2011-05-30 14:37
.
Pre-Run: 69,033,533,440 bytes free
Post-Run: 68,292,694,016 bytes free
.
- - End Of File - - 09D7A5AD56919FE3EC2E6A025668BD57
  • 0

#6
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Please change the home page of Firefox. The current one is malicious. See here for more info about how to change the home page: http://support.mozil...t the home page





Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#7
kkay007

kkay007

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello! Here is both the Malwarebytes Antimalware log and the ESET log.

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.1.7600
Internet Explorer 9.0.8112.16421

5/30/2011 11:25:42 AM
mbam-log-2011-05-30 (11-25-42).txt

Scan type: Quick Scan
Objects scanned: 104975
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=a63a78c188d2e448b1da32b1740cb60c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-30 06:05:48
# local_time=2011-05-30 02:05:48 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 19857463 19857463 0 0
# compatibility_mode=1280 16777215 100 0 17858608 17858608 0 0
# compatibility_mode=5893 16776573 100 94 0 58312792 0 0
# compatibility_mode=8192 67108863 100 0 17662718 17662718 0 0
# scanned=315105
# found=11
# cleaned=11
# scan_time=9406
C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome\mmtextlinks.jar Win32/Adware.Gamevance.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\mmagootlf.dll Win32/Adware.Gamevance.AI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Owner\Downloads\catch_and_convert.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Owner\Downloads\Kazulah.exe a variant of Win32/AdInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Owner\Downloads\PicMorph.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Owner\Downloads\SetupGamevance.exe Win32/Adware.Gamevance.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Owner\Downloads\SetupPlaySushi.exe a variant of Win32/Adware.Gamevance.AT application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Owner\Downloads\SmileyCentral.exe a variant of Win32/AdInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05302011_092353\C_Program Files (x86)\Mighty Magoo\mightymagoo32.exe probably a variant of Win32/Adware.Gamevance.AO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05302011_092353\C_Program Files (x86)\Mighty Magoo\mightymagoolib32.dll a variant of Win32/Adware.Gamevance.AO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05302011_092353\C_Program Files (x86)\Mighty Magoo\mmagootl.dll a variant of Win32/Adware.Gamevance.AM application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#8
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





I think you scanned with the Malwarebytes' Anti-Malware (MBAM) version already present on your PC. Both the program itself and the database are very outdated. Please follow the MBAM instructions again, but this time make sure you download/install the latest version (you don't need to uninstall the old version first). Also, before you start the scan, please update the database with the "Check for Updates" button under the "Update" tab. :)



Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#9
kkay007

kkay007

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello! You were right, it was very outdated. But here is the new Malwarebytes Anti-malware log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6726

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

5/30/2011 3:28:57 PM
mbam-log-2011-05-30 (15-28-57).txt

Scan type: Quick scan
Objects scanned: 178260
Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MightyMagooText.Linker (PUP.MightyMagoo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MightyMagooText.Linker.1 (PUP.MightyMagoo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\APPID\MightyMagooText.DLL (PUP.MightyMagoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\2L4NOI3W05 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\mmagootl (PUP.MightyMagoo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Owner\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] (PUP.MightyMagoo) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Owner\downloads\mightymagoo(2).exe (PUP.MightyMagoo) -> Quarantined and deleted successfully.
c:\Users\Owner\downloads\yontooclientsetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Owner\downloads\yontoosetup-dropdowndeals(2).exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Owner\downloads\yontoosetup-dropdowndeals.exe (Adware.Agent) -> Quarantined and deleted successfully.
  • 0

#10
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Did you run the OTL fix as well? If so, did you do it before or after the MBAM scan? I'm asking because the MBAM log shows a folder that the OTL fix should have deleted.

Anyway, your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :)
  • 0

#11
kkay007

kkay007

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Yes I did run OTC before Malwarebytes.

Thank you so much for all of your help and prompt replies. I'm not seeing applications running that I haven't seen run in a long time. I'll be sure to go through those tips and keep an eye out the next couple days. Again, thank you so much for all your help!!
  • 0

#12
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP