Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP Security 2012


  • Please log in to reply

#1
quimbola

quimbola

    Member

  • Member
  • PipPip
  • 46 posts
Ok, this isn't fun.

It won't let MBAM run.
OTL freezes.
In safe mode also.
Rkill won't run.

If I chnage extension to .com instead of exe: get run time error for mbam and pop xp security window for rkill.

Ran kaspersky virus killer ran, found two virus' rebooted and I still have the infection.

Virus runs in safe mode?!!

Help.

Edited by quimbola, 17 June 2011 - 11:50 AM.

  • 0

Advertisements


#2
quimbola

quimbola

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Any help would be appreciated.

Still can't run MBAM.
  • 0

#3
quimbola

quimbola

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
OK, the only thing I was able to run was COmboFix, weird!!

Here is that Log:

ComboFix 11-06-19.0r1 - Michele 06/20/2011 10:24:22.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1299 [GMT -6:00]
Running from: e:\virus\ComboFix.com
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\Michele\Local Settings\Application Data\fss.exe
c:\documents and settings\Michele\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-05-20 to 2011-06-20 )))))))))))))))))))))))))))))))
.
.
2011-06-20 13:50 . 2011-06-20 13:50 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0C93085-8C15-4BED-AB61-5761719BB02A}\MpKsld3645ed7.sys
2011-06-15 13:57 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-14 14:27 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0C93085-8C15-4BED-AB61-5761719BB02A}\mpengine.dll
2011-06-06 18:11 . 2011-06-06 18:11 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 15:11 . 2010-10-04 19:10 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 15:11 . 2010-10-04 19:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-09 20:46 . 2011-01-13 14:26 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-02 15:31 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-18 15:36 . 2011-04-18 15:36 40960 ----a-r- c:\documents and settings\Michele\Application Data\Microsoft\Installer\{FB58809D-7F74-467C-8B06-14DD1260614F}\NewShortcut1_6D242DD1BFF647D7912F9627171C0B19.exe
2011-04-15 16:13 . 2011-04-15 16:13 40960 ----a-r- c:\documents and settings\Michele\Application Data\Microsoft\Installer\{24356BEE-5313-4917-9413-86DFC885D13B}\NewShortcut2_5DA7869635E5478E9A54084A39FE93C5.exe
2011-04-13 16:59 . 2011-04-13 16:59 45056 ----a-r- c:\documents and settings\Michele\Application Data\Microsoft\Installer\{7AA1E7D1-BDA6-4C7A-A6C7-7C43A046756E}\NewShortcut1_95E597DA74D64D50A87E22BF2AF96C45.exe
2011-04-12 19:25 . 2011-04-12 19:25 40960 ----a-r- c:\documents and settings\Michele\Application Data\Microsoft\Installer\{C5DB6604-B4FF-4808-9BE5-F8731F08B2C4}\pcqib.exe_71D07BF2B81F4B43B272C052CB9226D2.exe
2011-04-06 22:20 . 2011-04-06 22:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 22:20 . 2011-04-06 22:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-12-20 18:09 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2010-1-20 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Scanner File Utility.lnk - c:\program files\Kyocera\FileUtility\NsCatCom.exe [2010-1-20 335872]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 07:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 11:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Kyocera\\FileUtility\\NsCatCom.exe"=
"c:\\qibmet\\MetQib.exe"=
"c:\\Program Files\\Kyocera\\KACT\\KACT.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [12/14/2009 9:27 AM 24064]
R1 MpKsld3645ed7;MpKsld3645ed7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0C93085-8C15-4BED-AB61-5761719BB02A}\MpKsld3645ed7.sys [6/20/2011 7:50 AM 28752]
R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [12/14/2009 9:27 AM 176640]
S0 ghgkqfpn;ghgkqfpn;c:\windows\system32\drivers\sfmtmny.sys --> c:\windows\system32\drivers\sfmtmny.sys [?]
S0 mkbigjb;mkbigjb;c:\windows\system32\drivers\uantmk.sys --> c:\windows\system32\drivers\uantmk.sys [?]
S1 MpKsl0be0c5ac;MpKsl0be0c5ac;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41F7A9CD-E54C-466B-8DDD-05EFDA4967EF}\MpKsl0be0c5ac.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41F7A9CD-E54C-466B-8DDD-05EFDA4967EF}\MpKsl0be0c5ac.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2010 12:51 PM 135664]
S3 Normandy;Normandy SR2; [x]
S3 utewnty1;AVZ Kernel Driver;c:\windows\system32\drivers\utewnty1.sys [1/21/2011 1:02 PM 7168]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLD3645ED7
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 18:51]
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 18:51]
.
2011-06-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.160.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Malwarebytes' Anti-Malware_is1 - e:\malwarebytes' anti-malware\unins000.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-20 10:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,1e,3e,6c,5c,72,55,48,ba,26,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,1e,3e,6c,5c,72,55,48,ba,26,92,\
.
Completion time: 2011-06-20 10:29:59
ComboFix-quarantined-files.txt 2011-06-20 16:29
.
Pre-Run: 114,726,617,088 bytes free
Post-Run: 115,520,471,040 bytes free
.
- - End Of File - - FBE6A18F900F4E6CD2B2AD845ACD6EA5
  • 0

#4
quimbola

quimbola

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
And OTL finally worked!!

Log:

OTL logfile created on: 6/20/2011 10:42:51 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = E:\Virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.90% Memory free
3.84 Gb Paging File | 3.33 Gb Available in Paging File | 86.70% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 107.62 Gb Free Space | 72.24% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.39 Gb Free Space | 99.13% Space Free | Partition Type: FAT32

Computer Name: MICHELEDELL | User Name: Michele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 10:32:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- E:\Virus\ddf.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/20 09:10:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/14 11:09:12 | 000,335,872 | ---- | M] (KYOCERA MITA Corporation) -- C:\Program Files\Kyocera\FileUtility\NsCatCom.exe
PRC - [2006/10/23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/06/17 10:32:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- E:\Virus\ddf.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/20 09:10:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Unknown | Running] -- -- (DwProt)
DRV - [2011/06/20 10:34:36 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06A10039-67FD-434A-B177-32CB277B36A5}\MpKslc7946edd.sys -- (MpKslc7946edd)
DRV - [2011/01/21 13:02:03 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utewnty1.sys -- (utewnty1)
DRV - [2008/07/15 22:03:18 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink ™
DRV - [2008/03/28 05:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2011/01/11 14:44:55 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/06/20 10:28:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Scanner File Utility.lnk = C:\Program Files\Kyocera\FileUtility\NsCatCom.exe (KYOCERA MITA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.160.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michele\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michele\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/20 10:23:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/20 10:23:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/20 10:23:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/20 10:23:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/20 10:22:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/16 05:08:35 | 000,000,000 | ---D | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2011/06/20 10:28:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/20 10:17:44 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Microsoft Office Outlook 2007.lnk
[2011/06/20 10:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/20 09:54:49 | 000,012,520 | -HS- | M] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\03a8uy7g36f2l3g843er
[2011/06/20 09:54:49 | 000,012,520 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\03a8uy7g36f2l3g843er
[2011/06/20 09:08:56 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Microsoft Office Word 2007.lnk
[2011/06/20 07:55:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/20 07:50:39 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/06/20 07:50:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/20 07:50:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/20 07:50:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/20 07:50:33 | 2135,912,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 05:09:27 | 000,468,886 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/16 05:09:27 | 000,081,124 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/16 05:04:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/14 15:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/14 13:17:32 | 002,009,526 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\CHS%20Athletic%20Camps%202011.pdf
[2011/06/06 14:02:02 | 000,003,129 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\buckner.pdf
[2011/06/06 12:03:54 | 000,014,678 | -HS- | M] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\1mr105511ect811gr6ffm8qap1612a05r3
[2011/06/06 12:03:54 | 000,014,678 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1mr105511ect811gr6ffm8qap1612a05r3
[2011/06/06 09:20:04 | 000,136,928 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\scrips 6-6.pdf
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/26 13:32:05 | 000,106,097 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\fw9.pdf
[2011/05/26 07:48:20 | 000,017,273 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\tax election form.pdf

========== Files Created - No Company Name ==========

[2011/06/20 10:23:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/20 10:23:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/20 10:23:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/20 10:23:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/20 10:23:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/17 10:47:29 | 2135,912,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/17 08:39:18 | 000,012,520 | -HS- | C] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\03a8uy7g36f2l3g843er
[2011/06/17 08:39:18 | 000,012,520 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\03a8uy7g36f2l3g843er
[2011/06/14 13:17:32 | 002,009,526 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\CHS%20Athletic%20Camps%202011.pdf
[2011/06/06 14:02:02 | 000,003,129 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\buckner.pdf
[2011/06/06 11:52:02 | 000,014,678 | -HS- | C] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\1mr105511ect811gr6ffm8qap1612a05r3
[2011/06/06 11:52:02 | 000,014,678 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1mr105511ect811gr6ffm8qap1612a05r3
[2011/06/06 09:20:04 | 000,136,928 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\scrips 6-6.pdf
[2011/05/26 07:48:20 | 000,017,273 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\tax election form.pdf
[2011/05/03 11:11:12 | 000,038,932 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/15 10:13:11 | 000,000,250 | ---- | C] () -- C:\WINDOWS\qibny.ini
[2011/04/13 10:59:48 | 000,000,267 | ---- | C] () -- C:\WINDOWS\qibus.ini
[2011/04/12 13:40:18 | 000,000,276 | ---- | C] () -- C:\WINDOWS\agssi.ini
[2011/04/12 13:25:27 | 000,000,258 | ---- | C] () -- C:\WINDOWS\qibpc.ini
[2011/01/21 13:02:01 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utewnty1.sys
[2011/01/20 10:27:35 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Michele\Application Data\start_pal
[2010/12/06 12:46:37 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/19 11:25:29 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\housecall.guid.cache
[2010/06/16 12:15:34 | 000,000,224 | ---- | C] () -- C:\WINDOWS\qibjh.ini
[2010/03/02 11:05:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/20 09:52:48 | 000,000,174 | ---- | C] () -- C:\WINDOWS\nscatch.ini
[2009/12/14 09:27:35 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2009/12/14 09:27:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/12/14 09:25:30 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/12/14 07:49:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/01/05 16:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 15:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 15:27:18 | 000,023,444 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 15:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 10:16:22 | 000,468,886 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 10:16:22 | 000,081,124 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 10:16:20 | 000,281,728 | ---- | C] () -- C:\WINDOWS\System32\msaqmoxo.dll
[2008/04/25 10:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 03:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 03:21:52 | 000,192,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/04/25 09:28:38 | 000,000,191 | ---- | C] () -- C:\WINDOWS\qibpr.ini
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/01/20 12:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/12/14 07:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/05/27 09:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/17 10:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ikyfvi
[2011/01/17 10:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Orus
[2009/12/14 07:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Windows Desktop Search
[2010/01/19 17:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Windows Search
[2011/06/20 07:55:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0

#5
quimbola

quimbola

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I still can't get MBAM to work. It gives me a run time error.

Any help would be appreciated.
  • 0

#6
quimbola

quimbola

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Ok, finally was able to run MBAM.

If you woudn't mind looking over my log I would appreciate it. I did get a weird outlook express message when it rebooted?

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6904

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/20/2011 11:33:46 AM
mbam-log-2011-06-20 (11-33-46).txt

Scan type: Quick scan
Objects scanned: 164245
Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\yontoo layers client\yontooieclient.dll (Adware.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\YontooIEClient.Layers.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\YontooIEClient.Layers (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\yontoo layers client\yontooieclient.dll (Adware.Agent) -> Delete on reboot.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP