Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hotbar infection and computer wont function properly

Started by Africanlion , Apr 07 2012 11:50 AM

  • Please log in to reply

#16
Africanlion
Posted 14 April 2012 - 10:53 AM

Africanlion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
========== OTL ==========
File C:\Users\Tendai\AppData\Roaming\Mozilla\Firefox\Profiles\rsun6w2c.default\searchplugins\ask.uk.xml not found.
C:\Users\Tendai\{43ff85ef-8d8b-4c32-9e9f-7efb68ab300c} folder moved successfully.
C:\Users\Tendai\{0aa9b189-76dc-4bb7-98f0-f1e0d6e3dee5} folder moved successfully.
C:\Users\Tendai\{f2d8cc8f-c480-43b6-a05a-f80d96e3ff7b} folder moved successfully.
C:\Users\Tendai\{1bc4614a-da4a-4c09-91f0-583022d20035} folder moved successfully.

OTL by OldTimer - Version 3.2.39.2 log created on 04142012_175103
  • 0

Advertisements

#17
Africanlion
Posted 14 April 2012 - 11:48 AM

Africanlion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
ComboFix 12-04-14.02 - Tendai 14/04/2012 18:13:52.5.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1917.1093 [GMT 1:00]
Running from: c:\users\Tendai\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Amazon.ico
c:\programdata\MercadoLivre.ico
c:\users\Tendai\AppData\Local\temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 17:24 . 2012-04-14 17:28 -------- d-----w- c:\users\Tendai\AppData\Local\temp
2012-04-14 17:24 . 2012-04-14 17:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-14 17:24 . 2012-04-14 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 13:50 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B3C3608-75A4-400D-A8A2-887F75943195}\mpengine.dll
2012-04-13 03:03 . 2012-04-13 03:03 -------- d-----w- c:\users\Tendai\AppData\Roaming\Media Player Classic
2012-04-13 00:40 . 2012-04-13 00:40 -------- dc----w- C:\_OTL
2012-04-11 00:18 . 2012-02-28 01:58 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-11 00:18 . 2012-02-28 01:08 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-04-11 00:18 . 2012-02-28 01:18 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-11 00:18 . 2012-02-28 01:13 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-11 00:18 . 2012-02-28 01:11 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-11 00:17 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 00:17 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 23:45 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-10 21:41 . 2012-04-10 21:41 -------- d-----w- c:\program files\Essentials Codec Pack
2012-04-06 01:37 . 2010-04-27 02:25 98560 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2012-04-06 01:37 . 2010-04-27 02:25 14848 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2012-04-06 01:37 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
2012-04-06 01:37 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2012-04-06 01:37 . 2010-04-27 02:25 123776 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2012-04-06 01:37 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2012-04-06 01:37 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2012-04-06 01:35 . 2010-07-04 18:07 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe
2012-04-06 01:35 . 2010-06-14 08:32 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2012-04-06 01:35 . 2010-06-14 08:32 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2012-04-06 00:51 . 2012-04-06 00:51 -------- dc----w- C:\Download
2012-04-06 00:46 . 2012-04-06 00:46 -------- dc----w- C:\AllShare
2012-04-04 12:35 . 2012-04-14 02:05 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 19:19 . 2012-03-29 19:19 -------- d-----w- c:\program files\iPod
2012-03-29 19:19 . 2012-03-29 19:22 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 02:05 . 2011-06-21 23:50 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2011-08-13 14:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 00:16 . 2012-01-25 02:36 5642 --sha-w- c:\programdata\KGyGaAvL.sys
2012-03-26 00:15 . 2012-01-25 02:36 88 --sh--r- c:\programdata\E0C60D2CBC.sys
2012-03-14 02:15 . 2011-08-29 23:52 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-12 00:18 . 2012-03-12 00:21 25893376 -c--a-w- C:\Samsung AllShare.msi
2012-03-06 06:39 . 2012-04-11 00:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-06 06:39 . 2012-04-11 00:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-29 15:11 . 2012-04-11 00:17 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-11 00:17 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-28 01:11 . 2012-04-11 00:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-11 00:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-14 15:45 . 2012-03-15 02:04 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-15 02:04 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-15 02:04 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-15 02:04 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-15 02:04 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 18:53 . 2012-02-10 18:55 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9546D6B6-4965-4CCD-9B9A-C3ACB2544BE9}\gapaengine.dll
2012-02-02 15:16 . 2012-03-15 02:04 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-06-15 02:16 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 01:15 . 2012-03-11 23:10 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-01-31 01:15 . 2012-01-31 01:15 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-01-31 01:15 . 2012-01-31 01:15 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-01-31 01:15 . 2012-01-31 01:15 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-01-31 01:15 . 2012-01-31 01:15 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-01-31 01:15 . 2012-01-31 01:15 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-01-31 01:15 . 2012-01-31 01:15 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-01-31 01:15 . 2012-01-31 01:15 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-01-31 01:15 . 2012-01-31 01:15 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-01-31 01:15 . 2012-01-31 01:15 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-01-31 01:15 . 2012-01-31 01:15 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-01-31 01:15 . 2012-01-31 01:15 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-01-31 01:15 . 2012-03-11 23:09 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-01-31 01:15 . 2012-03-11 23:09 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-01-31 01:15 . 2012-03-11 23:09 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-01-31 01:15 . 2012-01-31 01:15 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-01-31 01:15 . 2012-01-31 01:15 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-01-31 01:15 . 2012-01-31 01:15 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-01-31 01:15 . 2012-01-31 01:15 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-01-31 01:15 . 2012-01-31 01:15 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-01-31 01:15 . 2012-01-31 01:15 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-01-31 01:15 . 2012-01-31 01:15 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-01-31 01:15 . 2012-01-31 01:15 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-01-31 01:15 . 2012-01-31 01:15 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-01-31 01:15 . 2012-01-31 01:15 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-01-31 01:15 . 2012-01-31 01:15 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-01-31 01:15 . 2012-01-31 01:15 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-01-31 01:15 . 2012-01-31 01:15 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-01-31 01:15 . 2012-01-31 01:15 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-01-31 01:15 . 2012-01-31 01:15 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-01-31 01:15 . 2012-01-31 01:15 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-01-31 01:15 . 2012-01-31 01:15 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2010-01-26 10:11 . 2012-02-04 19:14 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2012-03-13 04:39 . 2012-04-13 02:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}]
2009-11-08 09:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-01-31 17146504]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-08-27 1050072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-10-17 45056]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2006-12-11 17:27 530552 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2005-04-08 13:09 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 14:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 14:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-11-01 15:37 3772416 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2006-12-14 19:09 493688 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2006-12-15 17:11 577536 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2006-12-13 14:42 554640 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Volume Indicator]
2006-12-13 09:33 94208 ----a-w- c:\program files\TOSHIBA\Utilities\VolControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2006-12-14 19:07 411768 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
S1 38013711;38013711;c:\windows\system32\DRIVERS\38013711.sys [2009-09-25 128016]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-17 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
Akamai REG_MULTI_SZ Akamai
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 02:05]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 01:17]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 01:17]
.
.
------- Supplementary Scan -------
.
uStart Page = https://mail.google....31245e70ac32cba
uInternet Settings,ProxyOverride = 127.0.0.1:9421
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{85B9BBD9-7474-4605-8E3F-FE01B97288A7}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Tendai\AppData\Roaming\Mozilla\Firefox\Profiles\0tep400u.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NPSStartup - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-14 18:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0a\04\0d\00,-H"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\program files\Toshiba TEMPRO\TemproSvc.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Secunia\PSI\sua.exe
c:\program files\Synaptics\Scrybe\scrybe.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\program files\Mozilla Firefox\plugin-container.exe
.
**************************************************************************
.
Completion time: 2012-04-14 18:41:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 17:40
.
Pre-Run: 15,119,405,056 bytes free
Post-Run: 15,445,807,104 bytes free
.
- - End Of File - - B4BA15EE25DFEB9DA018214F261DE903
  • 0

#18
WhiteHat
Posted 14 April 2012 - 02:30 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi

You forgot to answer my question:

I'm a little confuse. Microsoft Security Essentials is still detecting HotBar? If the answer is Yes, please, could you tell me which file/folder is detecting?


  • 0

#19
Africanlion
Posted 14 April 2012 - 02:33 PM

Africanlion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Sorry about that. MSE founf the infection just once. I deleted it but the compueter has never been the same since then. I didnt take a note of which folder it was unfortunately

Youtube videos still wont play properly are very choppy like the way old vinyl records would jump or stick.

Edited by Africanlion, 14 April 2012 - 02:37 PM.

  • 0

#20
WhiteHat
Posted 15 April 2012 - 11:48 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

I didnt take a note of which folder it was unfortunately

No problems. This means that MSE remove the HotBar Adware. :thumbsup:

I think your computer is clean but I can try something else.

# Step 1 #

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop ( it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.
Posted Image
Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#21
Africanlion
Posted 16 April 2012 - 06:05 AM

Africanlion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Kasperkys tool found nothing


Here is the zip

Attached Files


  • 0

#22
Africanlion
Posted 16 April 2012 - 11:19 AM

Africanlion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Hi Whitehat, i have finally located the Hotbar infection. Its still in quarantine in MSE and the folder is as follows. There is 3 of them actually



Adware:Win32/Hotbar
C:\Users\Tendai\AppData\Local\temp\_te2B58.exe


Adware:Win32/Hotbar
C:\ProramFiles\ShopperReports3\bin\3.1.71.0\ShopperReportsUninstaller.exe


Adware:Win32/ShopperReports
C:\Users\Tendai\AppData\Local\temp\_te2B58.exe
  • 0

#23
WhiteHat
Posted 17 April 2012 - 07:05 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Files
C:\ProramFiles\ShopperReports3\
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • 0

#24
Africanlion
Posted 17 April 2012 - 07:14 PM

Africanlion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
========== FILES ==========
Folder C:\ProramFiles\ShopperReports3 not found.

OTL by OldTimer - Version 3.2.39.2 log created on 04182012_021309
  • 0

#25
Africanlion
Posted 17 April 2012 - 07:17 PM

Africanlion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Opening web pages is now much faster, the only problem is still youtube and flv files which keep buffering and the sound cuts out. the picture freezes after every few seconds
  • 0

Advertisements

#26
Africanlion
Posted 17 April 2012 - 07:19 PM

Africanlion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
the webpages now load normally speedwise but the problem remains youtibe and other flv videos which keep freezing and buffering. the sounds also keeps cutting out when playing a song on youtube


The one other thing i forgot is when i switch on the computer, after every program has loaded and i click on Firefox, before it comes up there is literally a "swoosh" sound and then firefox loads up. When i am shutting down the computer and firefox closes, i get a sound thats similar to that you get when a cartoon dies or gets knocked out or when pacman dies. I nver used to get that and its only recently

I am at my wits end. Help

Edited by Africanlion, 17 April 2012 - 07:33 PM.

  • 0

#27
WhiteHat
Posted 18 April 2012 - 05:52 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Youtube videos still wont play properly are very choppy like the way old vinyl records would jump or stick.

Your computer looks like clean to me. The Max I can do about this is indicate you to reinstall the flash player:

# Step 1 #

Uninstall the Adobe Flash Player using this tool:
http://helpx.adobe.c...yer_uninstaller

# Step 2 #

Download and install the latest version of Adobe Flash Player:
http://www.adobe.com.../downloads.html

PS: Do not accept the option to install McAfee Security Scan Plus
  • 0

#28
Africanlion
Posted 18 April 2012 - 06:16 PM

Africanlion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Thank you very much. Much appreciated and i have uninstalled and reinstalled flash player and it seems ok now


How do i remove the tools please
  • 0

#29
WhiteHat
Posted 20 April 2012 - 10:51 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:


Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled


Remove OTL

Run OTL and hit the Posted Image cleanup button. It will remove all the programmes we have used plus itself.



Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe.


  • 0

#30
Africanlion
Posted 26 April 2012 - 01:56 PM

Africanlion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Hi Whitehat. I have been observing and monitoring the laptop and everything works fine now. Internet pages load quickly and programs run smoothly. Except youtube and other video sites which though its much better its still not god. The volume cuts out every 30 seconds or so and the video rebuffers reloads occasionally even when i have not touched the mouse at all :help:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP