Jump to content

Recommended Posts

I have the "System Fix" virus..here is Malwarebytes quick scan log..Thanks in advance!

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122705

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

12/27/2011 7:08:17 PM

mbam-log-2011-12-27 (19-08-17).txt

Scan type: Quick scan

Objects scanned: 168141

Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

DDS log...

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514

Run by Ryan at 19:09:37 on 2011-12-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1913.901 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\Dwm.exe

C:\windows\system32\taskeng.exe

C:\windows\Explorer.EXE

C:\windows\system32\SearchProtocolHost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\M-AudioTaskBarIcon.exe

C:\ProgramData\SBbEYipBiMEJM.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\System32\ctfmon.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\igfxext.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\ProgramData\3P2fehkaqW5Auc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\NOTEPAD.EXE

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [<NO NAME>]

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe

mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi go pro\volume panel\VolPanlu.exe" /r

mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe

mRun: [sBbEYipBiMEJM.exe] c:\programdata\SBbEYipBiMEJM.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\ryan\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ryan\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\ryan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{6E06CEEB-93AF-4108-893D-BAE83A72751C} : DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{6E06CEEB-93AF-4108-893D-BAE83A72751C}\259646765613 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6E06CEEB-93AF-4108-893D-BAE83A72751C}\8495445425 : DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{6E06CEEB-93AF-4108-893D-BAE83A72751C}\D69786F6D656 : DhcpNameServer = 207.69.188.186 207.69.188.187

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ryan\appdata\roaming\mozilla\firefox\profiles\l3ds5zf7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-27 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-27 22216]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-9 167936]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2011-3-9 376320]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-16 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2011-9-19 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-9-19 79360]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-16 136176]

S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2011-9-19 1254400]

S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [2010-12-7 158600]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-25 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-10 1343400]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2011-12-27 23:04:22 -------- d--h--w- c:\users\ryan\appdata\roaming\Malwarebytes

2011-12-27 23:04:00 -------- d--h--w- c:\programdata\Malwarebytes

2011-12-27 23:03:56 22216 ---ha-w- c:\windows\system32\drivers\mbam.sys

2011-12-27 23:03:56 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware

2011-12-27 19:37:28 346880 ---ha-w- c:\programdata\3P2fehkaqW5Auc.exe

2011-12-27 19:34:57 439040 ---ha-w- c:\programdata\SBbEYipBiMEJM.exe

2011-12-23 17:31:14 -------- d--h--w- c:\windows\system32\SPReview

2011-12-23 17:29:19 -------- d--h--w- c:\windows\system32\EventProviders

2011-12-22 18:42:44 -------- d--h--w- c:\program files\M-Audio

2011-12-06 22:10:45 -------- d--h--w- c:\users\ryan\appdata\local\SanctionedMedia

2011-11-28 03:17:41 737072 ---ha-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-11-28 03:17:25 4283672 ---ha-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll

2011-11-28 03:17:13 42776 ---ha-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll

2011-11-28 03:17:10 539984 ---ha-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll

.

==================== Find3M ====================

.

2011-12-23 17:50:18 152576 ---ha-w- c:\windows\system32\msclmd.dll

2011-12-07 04:36:05 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys

2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-26 04:47:40 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-26 04:47:40 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-26 04:28:12 38912 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-24 19:29:02 94208 ---ha-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 19:29:02 69632 ---ha-w- c:\windows\system32\QuickTime.qts

2011-10-15 05:38:59 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

============= FINISH: 19:10:24.29 ===============

Topic Merged

Link to post
Share on other sites

  • 1 month later...

Save and close any work documents, close any apps that you started.

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center

http://www.microsoft...&displaylang=en

It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log

The file may be opened and viewed with Notepad or similar text editor.

If and only if your system is Windows 7 x64, Vista x64, Windows XP x64 and Windows 2008/2003 x64 computers.

Get Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

http://www.microsoft...&displaylang=en

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.micro...om/?kbid=890830

If no infections were found, you will see in your log

Results Summary:

----------------

No infection found.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & Paste the contents of last scan log into reply.

If we do not hear back from you in 3 days, this thread will be closed.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.