Jump to content

Malware - bought your programme, had to Restore to earlier, lost files and library locations..


Recommended Posts

Lets see if it's an Add-On causing th eredirects

IE:

You can open Internet Explorer without add-ons in 2 ways. One way to open is to navigate to start menu-> All Programs-> Accessories-> System Tools-> Internet Explorer (no Add-ons). This opens up IE without ActiveX controls and browser extensions.

•Type iexplore –extoff in the Run box on the Start menu

•Click “Internet Explorer (No Add-ons)” under All Programs -> Accessories -> System Tools

•Right-clicking the IE icon on the Start Menu (if IE is your default browser) and selecting “Browse Without Add-Ons”

FireFox:

At the top of the Firefox windowOn the menu bar, click the Help menuFirefox button, go over to the Help menu and select Restart with Add-ons Disabled.... Firefox will start up with the Firefox Safe Mode dialog.

For Windows XP, click the Help menu and select Restart with Add-ons Disabled.... Firefox will start up with the Firefox Safe Mode dialog.

Link to post
Share on other sites

Hi there, browser re-directs still occurring.

Will run another Dr. web while I wait for your next reply.

Cheers

Lets see if it's an Add-On causing th eredirects

IE:

You can open Internet Explorer without add-ons in 2 ways. One way to open is to navigate to start menu-> All Programs-> Accessories-> System Tools-> Internet Explorer (no Add-ons). This opens up IE without ActiveX controls and browser extensions.

•Type iexplore –extoff in the Run box on the Start menu

•Click “Internet Explorer (No Add-ons)” under All Programs -> Accessories -> System Tools

•Right-clicking the IE icon on the Start Menu (if IE is your default browser) and selecting “Browse Without Add-Ons”

FireFox:

At the top of the Firefox windowOn the menu bar, click the Help menuFirefox button, go over to the Help menu and select Restart with Add-ons Disabled.... Firefox will start up with the Firefox Safe Mode dialog.

For Windows XP, click the Help menu and select Restart with Add-ons Disabled.... Firefox will start up with the Firefox Safe Mode dialog.

Link to post
Share on other sites

Hi there, yes - I have deleted (or rather as per earlier in this thread on page 1) or disabled IE in the add/delete Windows programmes.

Ran Dr. Web again in the quick scan - and got this Process in memory: C:\Program Files (x86)\Mozilla Firefox\firefox.exe:5320;;BackDoor.Tdss.565;Eradicated.;

Link to post
Share on other sites

OK so running the scan as you suggest, I get this

dds____0.scr;C:\Documents and Settings\Cheeky Grin\DoctorWeb\Quarantine;Trojan.MulDrop2.48413;Incurable.Moved.;

So while I pop back out of the scan (this is having uninstalled FireFox) I come back out of the Safe mode while Dr. Web is running, and I see that two internet browser windows have popped up. While Dr. Web is supposedly shut down the computer and running the show.

Not good!

I went into IE and changed the security settings to high all round, but as you might imagine, a lot of the web does not work with half the functionality shut down..

With all the security settings maxed out, if I go onto Google, and search for a random page - like "Bike" and click on say, Trek or something, the page tab opens up - but the screen is blank.

NO REDIRECTED PAGE KICKS OFF.

However, nothing else happens either!!!

Hitting reload brings up the right webpage...

I dont think by any means that the threat is gone with the Dr. Web scan - which has allegedly cleaned or "moved" stuff (most of what it finds is "incurable" and can only be "moved"..

What next please?

Link to post
Share on other sites

Try re-installing FireFox.

If you have an infection like Virut or Ramnit, then we're out of luck in trying to clean it.

Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

Please include the following in your next post:

  • OTL logs

Link to post
Share on other sites

Hi there - ran OTL, and while running it, two IE windows pop up on the Google search page.

IE also lists "Redirect" on the panel of recently visited websites.. very amusing.

Here is the text for OTL.txt.

created on: 7/27/2011 10:44:52 AM - Run 3

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Cheeky Grin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.98 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 56.94% Memory free

7.96 Gb Paging File | 5.51 Gb Available in Paging File | 69.20% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 455.89 Gb Total Space | 221.34 Gb Free Space | 48.55% Space Free | Partition Type: NTFS

Computer Name: CHEEKYGRIN | User Name: Cheeky Grin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Cheeky Grin\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()

PRC - C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe (Digital Delivery Networks, Inc.)

PRC - C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Sony of America Corporation)

PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)

PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()

PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)

PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()

PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe ()

PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe ()

PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()

PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe ()

PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Cheeky Grin\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)

SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)

SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)

SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)

SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)

SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV:64bit: - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)

SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()

SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)

SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()

SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()

SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)

SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)

SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)

SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)

DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 78 44 0B 6D 4C CC 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2011/07/24 22:51:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)

O4 - HKLM..\Run: [iSBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [smartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 10:42:51 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Cheeky Grin\Desktop\OTL.exe

[2011/07/27 10:39:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/07/27 00:36:18 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/07/26 23:39:48 | 000,000,000 | ---D | C] -- C:\ComboFix

[2011/07/26 12:05:58 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\Desktop\RISK MANAGEMENT

[2011/07/26 10:55:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2

[2011/07/25 17:51:22 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\Desktop\GooredFix Backups

[2011/07/25 11:50:21 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\DoctorWeb

[2011/07/25 11:35:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\catroot2.bak

[2011/07/24 21:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2011/07/23 22:13:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011/07/21 20:53:19 | 004,154,103 | R--- | C] (Swearware) -- C:\Users\Cheeky Grin\Desktop\ComboFix.exe

[2011/07/21 20:28:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV

[2011/07/21 15:10:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenuEX

[2011/07/21 15:10:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2

[2011/07/21 15:10:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP

[2011/07/21 15:10:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter

[2011/07/21 15:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM

[2011/07/21 15:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool

[2011/07/21 15:08:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJFAX

[2011/07/21 14:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series User Registration

[2011/07/21 14:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON

[2011/07/21 14:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt

[2011/07/21 14:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities

[2011/07/21 14:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Canon

[2011/07/21 14:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series Manual

[2011/07/21 14:08:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ

[2011/07/21 14:08:38 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information

[2011/07/21 14:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series

[2011/07/21 14:07:41 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ

[2011/07/21 14:07:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING

[2011/07/21 14:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon

[2011/07/21 11:14:06 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\AppData\Roaming\Malwarebytes

[2011/07/21 11:14:00 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/07/21 11:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/21 11:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/07/21 11:13:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/07/21 11:11:54 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2011/07/21 11:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hijackthisar5ehole

[2011/07/20 20:44:54 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\Desktop\ANTIVIRUS MALWARE TOOLS

[2011/07/20 20:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2011/07/20 20:03:16 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\AppData\Roaming\QuickScan

[2011/07/20 14:25:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/07/20 14:25:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/07/20 14:25:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/07/20 14:24:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/07/20 14:16:12 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/19 16:52:31 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\AppData\Local\Diagnostics

[2011/07/19 13:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos

[2011/07/19 13:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos

[2011/07/19 10:34:13 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\AppData\Roaming\AVG10

[2011/07/19 10:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files

[2011/07/19 10:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10

[2011/07/19 10:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2011/07/19 10:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2011/07/19 08:33:26 | 000,000,000 | ---D | C] -- C:\temp

[2011/07/18 17:11:29 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security

[2011/07/18 17:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro

[2011/07/18 17:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/07/15 15:16:37 | 000,000,000 | ---D | C] -- C:\dell

[2011/07/08 14:33:38 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\Documents\Games for Windows - LIVE Demos

[2011/07/08 14:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace

[2011/07/08 14:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

[2011/07/08 12:19:25 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\Desktop\PC programs and drivers

[2011/07/08 12:12:29 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\Documents\My Games

[2011/07/08 12:12:29 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\AppData\Local\Fallout3

[2011/07/08 12:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks

[2011/07/08 12:05:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive

[2011/07/08 11:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2011/07/08 11:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare

[2011/07/08 11:27:28 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\AppData\Roaming\DAEMON Tools Lite

[2011/07/08 11:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite

[2011/07/07 12:39:56 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\AppData\Roaming\Outlook

[2011/07/06 11:12:29 | 000,000,000 | ---D | C] -- C:\Users\Cheeky Grin\AppData\Local\Microsoft Games

[2011/07/05 14:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2011/07/05 14:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2011/06/27 12:05:44 | 000,000,000 | -H-D | C] -- C:\Windows\Minidump

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 10:42:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Cheeky Grin\Desktop\OTL.exe

[2011/07/27 10:33:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/26 23:37:59 | 004,154,103 | R--- | M] (Swearware) -- C:\Users\Cheeky Grin\Desktop\ComboFix.exe

[2011/07/26 23:34:11 | 000,001,497 | ---- | M] () -- C:\Users\Cheeky Grin\Desktop\iexplore.exe - Shortcut.lnk

[2011/07/26 18:41:57 | 000,000,115 | ---- | M] () -- C:\Users\Cheeky Grin\Desktop\DrWeb.csv

[2011/07/26 10:58:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/26 10:58:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/26 10:50:39 | 072,569,992 | ---- | M] () -- C:\Users\Cheeky Grin\Desktop\c4hwk48l.exe

[2011/07/26 10:48:00 | 000,734,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/07/26 10:48:00 | 000,629,676 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/07/26 10:48:00 | 000,108,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/07/26 10:43:00 | 3206,225,920 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/25 12:48:52 | 000,000,168 | ---- | M] () -- C:\Users\Cheeky Grin/ defogger_reenable

[2011/07/25 11:26:10 | 000,689,664 | ---- | M] () -- C:\Users\Cheeky Grin\Desktop\MicrosoftFixit50202.msi

[2011/07/24 22:51:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/07/21 14:11:46 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk

[2011/07/21 14:09:37 | 000,002,318 | ---- | M] () -- C:\Users\Public\Desktop\Canon MX880 series On-screen Manual.lnk

[2011/07/21 11:14:00 | 000,001,097 | ---- | M] () -- C:\Users\Cheeky Grin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/07/21 11:14:00 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/20 20:18:01 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/19 10:37:13 | 000,371,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/07/18 15:29:39 | 000,000,384 | ---- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz

[2011/07/18 15:26:57 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz

[2011/07/18 15:26:57 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr

[2011/07/08 09:53:53 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/07/08 09:53:39 | 000,405,000 | ---- | M] () -- C:\Users\Cheeky Grin\Desktop\blahblahblah.jpg

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/07/06 12:58:23 | 000,000,000 | ---- | M] () -- C:\Program Files (x86)\7-Zip.exe

[2011/07/06 12:54:58 | 000,000,355 | ---- | M] () -- C:\Users\Cheeky Grin\Desktop\Computer - Shortcut.lnk

[2011/07/06 07:32:36 | 000,001,095 | ---- | M] () -- C:\Users\Cheeky Grin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2011/07/05 14:09:01 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2011/07/05 14:08:55 | 000,747,602 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/26 23:34:11 | 000,001,497 | ---- | C] () -- C:\Users\Cheeky Grin\Desktop\iexplore.exe - Shortcut.lnk

[2011/07/26 10:49:39 | 072,569,992 | ---- | C] () -- C:\Users\Cheeky Grin\Desktop\c4hwk48l.exe

[2011/07/25 17:44:41 | 000,000,115 | ---- | C] () -- C:\Users\Cheeky Grin\Desktop\DrWeb.csv

[2011/07/25 12:48:52 | 000,000,168 | ---- | C] () -- C:\Users\Cheeky Grin\defogger_reenable

[2011/07/25 11:26:08 | 000,689,664 | ---- | C] () -- C:\Users\Cheeky Grin\Desktop\MicrosoftFixit50202.msi

[2011/07/22 08:15:30 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk

[2011/07/21 15:08:42 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\CNC1750D.TBL

[2011/07/21 14:11:46 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk

[2011/07/21 14:09:37 | 000,002,318 | ---- | C] () -- C:\Users\Public\Desktop\Canon MX880 series On-screen Manual.lnk

[2011/07/21 11:14:00 | 000,001,097 | ---- | C] () -- C:\Users\Cheeky Grin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/07/21 11:14:00 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/20 20:18:01 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/07/20 20:18:01 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/20 14:25:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/07/20 14:25:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/07/20 14:25:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/07/20 14:25:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/07/20 14:25:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/07/18 15:26:57 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr

[2011/07/18 15:26:56 | 000,000,240 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz

[2011/07/18 15:26:50 | 000,000,384 | ---- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz

[2011/07/08 09:53:16 | 000,405,000 | ---- | C] () -- C:\Users\Cheeky Grin\Desktop\blahblahblah.jpg

[2011/07/06 12:58:18 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\7-Zip.exe

[2011/07/06 12:54:58 | 000,000,355 | ---- | C] () -- C:\Users\Cheeky Grin\Desktop\Computer - Shortcut.lnk

[2011/07/05 14:09:01 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2011/07/05 14:08:51 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2011/05/26 14:50:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011/05/24 22:30:05 | 000,747,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/19 10:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cheeky Grin\AppData\Roaming\AVG10

[2011/07/11 11:22:31 | 000,000,000 | ---D | M] -- C:\Users\Cheeky Grin\AppData\Roaming\DAEMON Tools Lite

[2011/07/19 11:06:50 | 000,000,000 | ---D | M] -- C:\Users\Cheeky Grin\AppData\Roaming\HTC

[2011/05/26 15:40:53 | 000,000,000 | ---D | M] -- C:\Users\Cheeky Grin\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2011/07/07 12:39:56 | 000,000,000 | ---D | M] -- C:\Users\Cheeky Grin\AppData\Roaming\Outlook

[2011/07/20 20:03:27 | 000,000,000 | ---D | M] -- C:\Users\Cheeky Grin\AppData\Roaming\QuickScan

[2011/07/19 11:06:58 | 000,000,000 | ---D | M] -- C:\Users\Cheeky Grin\AppData\Roaming\SoftGrid Client

[2011/05/25 08:52:13 | 000,000,000 | ---D | M] -- C:\Users\Cheeky Grin\AppData\Roaming\SoundSpectrum

[2011/05/24 22:31:28 | 000,000,000 | ---D | M] -- C:\Users\Cheeky Grin\AppData\Roaming\TP

[2011/07/19 18:14:15 | 000,000,000 | ---D | M] -- C:\Users\Cheeky Grin\AppData\Roaming\uTorrent

[2011/06/15 20:21:23 | 000,030,932 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2011/07/27 00:35:58 | 000,032,602 | ---- | M] () -- C:\ComboFix.txt

[2011/04/11 09:05:44 | 000,238,592 | ---- | M] () -- C:\G-Force_JMC.dll

[2011/07/26 10:43:00 | 3206,225,920 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/26 10:43:03 | 4274,970,624 | -HS- | M] () -- C:\pagefile.sys

[2011/01/17 19:13:12 | 000,002,253 | ---- | M] () -- C:\RHDSetup.log

[2011/07/20 14:14:28 | 000,067,768 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_20.07.2011_14.13.49_log.txt

[2011/07/20 16:13:52 | 000,067,768 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_20.07.2011_16.13.21_log.txt

[2011/07/20 19:55:59 | 000,067,768 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_20.07.2011_19.55.31_log.txt

[2011/07/21 15:20:34 | 000,067,758 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_21.07.2011_15.19.17_log.txt

[2011/07/21 15:48:37 | 000,067,758 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_21.07.2011_15.22.24_log.txt

[2011/07/23 14:06:59 | 000,067,294 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_23.07.2011_14.06.19_log.txt

[2011/07/25 10:09:17 | 000,067,294 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_25.07.2011_10.08.45_log.txt

< %systemroot%\Fonts\*.com >

[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

[2011/07/06 12:58:23 | 000,000,000 | ---- | M] () -- C:\Program Files (x86)\7-Zip.exe

[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2011/05/27 10:50:46 | 000,000,221 | -HS- | M] () -- C:\Users\Cheeky Grin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

[2011/07/26 10:50:39 | 072,569,992 | ---- | M] () -- C:\Users\Cheeky Grin\Desktop\c4hwk48l.exe

[2011/07/26 23:37:59 | 004,154,103 | R--- | M] (Swearware) -- C:\Users\Cheeky Grin\Desktop\ComboFix.exe

[2011/07/27 10:44:39 | 013,685,936 | ---- | M] (Mozilla) -- C:\Users\Cheeky Grin\Desktop\Firefox Setup 5.0.1.exe

[2011/07/27 10:42:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Cheeky Grin\Desktop\OTL.exe

[2011/07/26 10:39:40 | 014,664,648 | ---- | M] (Microsoft Corporation) -- C:\Users\Cheeky Grin\Desktop\windows-kb890830-x64-v3.21.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

[2011/05/27 10:50:45 | 000,000,402 | -HS- | M] () -- C:\Users\Cheeky Grin\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

[2011/07/18 15:29:39 | 000,000,384 | ---- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz

[2011/07/18 15:26:57 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz

[2011/07/18 15:26:57 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

Link to post
Share on other sites

Have not yet installed Firefox.exe yet. Had problems downloading it as I had set the IE security setting too high to download anything. Interestingly this prevented the malware from working - but also prevented me from doing anything too!

It did not save any file called Extras.txt that I can see. I also ran a search for this file but cannot find it.

Link to post
Share on other sites

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

C:\Users\Cheeky Grin\Desktop\c4hwk48l.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

Link to post
Share on other sites

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

C:\Users\Cheeky Grin\Desktop\c4hwk48l.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

Sure, that was the Dr. Web download (I assumed a randomised name..?!) which ran one of the scans - this was on the last download from the Dr. Web website for the last time I ran that scan as per your instructions.

Do you still want me to upload it?

Link to post
Share on other sites

You need to update Java.

javaicon.gif

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 23 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 23 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

      [*]Click OK to leave the Java Control Panel.

    After the above:

    OTL Fix

    Run OTL.exe

    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
      :OTL
      O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      [2011/07/18 15:29:39 | 000,000,384 | ---- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
      [2011/07/18 15:26:57 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
      [2011/07/18 15:26:57 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
      [2011/07/26 10:49:39 | 072,569,992 | ---- | C] () -- C:\Users\Cheeky Grin\Desktop\c4hwk48l.exe

      :Commands
      [EmptyFlash]
      [EmptyTemp]
      [RESETHOSTS]
      [purity]
      [start explorer]
      [Reboot]


    • Then click the Run Fix button at the top
    • Let the program run unhindered, it will reboot when it is done and produce a log

Link to post
Share on other sites

No offence, but none of this has worked.

To be honest, with something taking nearly two weeks to sort out with customer support from Malwarebytes, I am less than impressed - your system does not work as well as others out there - other products noticed things wrong, but not Malwarebytes. Even, shocker, the free Microsoft offerings picked up things, whereas Malwarebytes picked up nothing, ever.. I understand there are a lot of variables at play here, and Malwarebytes probably picks up things Microsoft Security Essentials would not pick up, but honestly.

Malwarebytes cost me money, and a couple of weeks later, I wonder why I bothered.

Also, from a risk perspective,

1) why not recommend that a back up of critical files be made? I understand that this should be common sense - but not everyone has done so, and certainly it is not mentioned in the guides here. There are many ways of fixing things, and some of them have significant impacts on people's computers - backing up things is a must. Please make this abundantly clear (I was lucky).

2) Why not do a risk/benefit analysis. How long to blow away a computer, rebuild and start again, versus frankly dicking about for days? Word of warning to the wise on this forum - how much time do you want to spend farting about on this, whereas there is really one solution which DEFINITELY works. Its a bit terminal, but it is very fast, and very effective...

3) Please make clear how long things take to work on when engaging with a customer. No communications, or expectation management is a little unprofessional from the customer's perspective.

These are not gripes, its basic operational management issues when dealing with customer management. And I hope it helps you guys in the wider sense to give a more polished product offering to compete with the big boys - its attention to detail that makes a company successful...

So, so far unhappy with Malwarebytes - I was resolved in an afternoon call with one of the big boys doing a remote log in, over a few hours.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.