I believe I have multiple infections, or just one bad case of startsear.info

[bigroblee]

As mentioned, I am having a ridiculous amount of PC problems over the past few days, starting with getting a trojan (?) that is sending all of my searches through startsear.info. I've tried various suggestions and programs to remove it to no avail. I am following the instructions located at this ling (http://forums.malwarebytes.org/index.php?showtopic=9573) and will sincerely appreciate any assistance. I believe I have followed the instructions correctly, and have the dds log below, and also attatched in addition to the attatch file being attatched. Thank you again.

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35

Run by Owner at 18:50:53 on 2012-09-13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2151 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated*

{EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

C:\WINDOWS\system32\NLSSRV32.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\ehome\RMSvc.exe

C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\WINDOWS\stsystra.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

svchost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Program Files\Memeo\Memeo Send\MemeoSend.exe

C:\Program Files\XviD\video.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Memeo\AutoBackup\InstantBackup.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Evoluent\VMouse\EvoMouseExec.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\VideoLAN\VLC\vlc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program

files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common

files\ahead\lib\NMBgMonitor.exe"

uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [LogitechCommunicationsManager] "c:\program files\common

files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe

--silent --no_ui

mRun: [Memeo AutoSync] c:\program files\memeo\autosync\MemeoLauncher2.exe --silent

mRun: [Memeo Send] c:\program files\memeo\memeo send\MemeoLauncher.exe --silent

mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe

--silent --no_ui

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [XviD] "c:\program files\xvid\video.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes'

anti-malware\mbamgui.exe /install /silent

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\efax44~1.lnk - c:\program

files\efax messenger 4.4\J2GTray.exe

StartupFolder: c:\documents and settings\owner\start menu\programs\startup\Owner.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\evolue~1.lnk -

c:\windows\installer\{a93d8bcb-5e78-4e43-aa04-4d2c159626e6}\_5D3F7A665AF4FEE7709022.

exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program

files\hp\digital imaging\bin\hpqtra08.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} -

{48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/L

egitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?123

3000742109

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{53F7E766-D50B-4908-AAF8-999B857307B9} : DhcpNameServer = 10.0.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program

files\microsoft office\office12\GrooveSystemServices.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} -

c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager:

{56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

search\MSNLNamespaceMgr.dll

LSA: Notification Packages = cli scecli scecli

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common

files\lightscribe\LSRunOnce.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application

data\mozilla\firefox\profiles\jaz150vh.default\

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\battlelog web plugins\1.104.0\npesnlaunch.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys

[2012-3-20 171064]

R1 MpKsl3aeb649b;MpKsl3aeb649b;c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition

updates\{98bcbea6-f716-42c2-9f08-87d19139d631}\MpKsl3aeb649b.sys [2012-9-13 29904]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-11-28 21992]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes'

anti-malware\mbamscheduler.exe [2012-9-13 399432]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program

files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro

pdf\professional\NitroPDFDriverService.exe [2010-7-9 196928]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-7-9 65856]

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate

dashboard\SeagateDashboardService.exe [2011-6-1 14088]

R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys

[2012-8-21 66944]

R3 AtiHDAudioService;ATI Function Driver for HD Audio

Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-4-11 100368]

R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver

Filter;c:\windows\system32\drivers\EvoMouseDriverFilterHidUsb.sys [2011-2-18 23096]

R3

EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys

[2011-2-18 20024]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys

[2012-9-13 40776]

R4 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\pctbd.sys -->

c:\windows\system32\drivers\PCTBD.sys [?]

R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys -->

c:\windows\system32\drivers\PCTCore.sys [?]

R4 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctds.sys -->

c:\windows\system32\drivers\pctDS.sys [?]

R4 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctefa.sys -->

c:\windows\system32\drivers\pctEFA.sys [?]

R4 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-9-13

203120]

R4 RegGuard;RegGuard;\??\c:\windows\system32\drivers\regguard.sys -->

c:\windows\system32\drivers\regguard.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18

130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe

[2010-5-12 136176]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe

[2012-8-29 676936]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update

Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-6 250568]

S3 Andbus;LGE Android Platform Composite USB

Device;c:\windows\system32\drivers\lgandbus.sys [2012-5-17 14336]

S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys

[2012-5-17 20736]

S3 AndGps;LGE Android Platform USB GPS NMEA

Port;c:\windows\system32\drivers\lgandgps.sys [2012-5-17 20096]

S3 ANDModem;LGE Android Platform USB

Modem;c:\windows\system32\drivers\lgandmodem.sys [2012-5-17 25088]

S3 cpuz134;cpuz134;\??\c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys --> c:\program

files\cpuid\pc wizard 2010\pcwiz_x32.sys [?]

S3 evomouflt;Evoluent Mouse Filter Service;c:\windows\system32\drivers\evomouflt.sys

[2008-3-19 15872]

S3 gupdatem;Google Update Service (gupdatem);c:\program

files\google\update\GoogleUpdate.exe [2010-5-12 136176]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-29 22856]

S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2009-5-11

40448]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance

service\maintenanceservice.exe [2012-9-1 114144]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k

nosGetPlusHelper [2004-8-10 14336]

S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [2012-4-21

131776]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe

[2010-3-18 753504]

S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2011-2-9 899700]

.

=============== Created Last 30 ================

.

2012-09-14 01:31:47 40776 ----a-w-

c:\windows\system32\drivers\mbamswissarmy.sys

2012-09-13 22:54:00 558133 ----a-w- c:\windows\system32\sqlite3.dll

2012-09-13 22:48:32 -------- d-----w- c:\documents and settings\owner\local

settings\application data\CRE

2012-09-13 22:47:43 -------- d-----w- c:\program files\Conduit

2012-09-13 22:47:18 -------- d-----w- c:\documents and settings\owner\local

settings\application data\Conduit

2012-09-13 22:37:32 -------- d-----w- c:\program files\PC Tools

2012-09-13 22:33:24 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-09-13 22:33:18 -------- d-----w- c:\program files\common files\PC Tools

2012-09-13 22:31:33 -------- d-----w- c:\documents and settings\all

users\application data\PC Tools

2012-09-13 22:31:30 -------- d-----w- c:\documents and settings\owner\application

data\TestApp

2012-09-13 20:12:51 29904 ----a-w- c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{98bcbea6-f716-42c2-9f08-87d19139d631}\MpKsl3aeb649b.sys

2012-09-13 19:15:32 7022536 ----a-w- c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{98bcbea6-f716-42c2-9f08-87d19139d631}\mpengine.dll

2012-09-12 19:16:11 7022536 ----a-w- c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-09-03 23:54:53 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-09-03 18:45:46 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-09-03 18:45:46 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-02 05:31:57 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-08-31 21:33:33 -------- d-----w- c:\documents and settings\all

users\application data\RegRun

2012-08-31 21:33:17 2 --shatr- c:\windows\winstart.bat

2012-08-31 21:33:02 12800 ----a-w-

c:\windows\system32\drivers\UnHackMeDrv.sys

2012-08-31 21:32:32 -------- d-----w- c:\program files\UnHackMe

2012-08-29 22:07:06 -------- d-----w- c:\documents and settings\owner\application

data\Malwarebytes

2012-08-29 22:06:08 -------- d-----w- c:\documents and settings\all

users\application data\Malwarebytes

2012-08-29 22:06:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-29 22:06:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-29 16:32:01 -------- d-----w- c:\program files\Google Chrome

2012-08-24 01:20:22 -------- d-----w- c:\program files\XviD

2012-08-21 16:26:48 -------- d-----w- c:\program files\Combined Community Codec

Pack

2012-08-21 16:00:11 -------- d-----w- c:\documents and settings\owner\application

data\Digiarty

2012-08-21 15:58:58 66944 ----a-w- c:\windows\system32\drivers\thdudf.sys

.

==================== Find3M ====================

.

2012-09-10 21:02:46 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-10 21:02:46 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-03 18:45:20 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 18:51:42.05 ===============

attach.txt

dds.txt

[Maniac]

Hello bigroblee and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

Please uninstall this application: µTorrent

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Please download AdwCleaner from here and save it on your Desktop.

1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• AswCleaner log
  
• aswMBR log

[bigroblee]

1. Done
   
2. Malwarebytes Anti-Malware (PRO) 1.65.0.1400
   www.malwarebytes.org
   Database version: v2012.09.14.04
   Windows XP Service Pack 3 x86 NTFS
   Internet Explorer 8.0.6001.18702
   Owner :: OWNER-CA6A4AF34 [administrator]
   Protection: Disabled
   9/14/2012 9:24:00 AM
   mbam-log-2012-09-14 (09-24-00).txt
   Scan type: Quick scan
   Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
   Scan options disabled: P2P
   Objects scanned: 264122
   Time elapsed: 19 minute(s), 2 second(s)
   Memory Processes Detected: 0
   (No malicious items detected)
   Memory Modules Detected: 0
   (No malicious items detected)
   Registry Keys Detected: 0
   (No malicious items detected)
   Registry Values Detected: 0
   (No malicious items detected)
   Registry Data Items Detected: 0
   (No malicious items detected)
   Folders Detected: 0
   (No malicious items detected)
   Files Detected: 0
   (No malicious items detected)
   (end)
   
3. When attempting to run as "Administrator", received the following error:
   C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
   The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
   I have only one user account on the PC, which (should) have full administrator privilages. I ran the program using this user profile.
   # AdwCleaner v2.001 - Logfile created 09/14/2012 at 09:55:14
   # Updated 09/09/2012 by Xplode
   # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
   # User : Owner - OWNER-CA6A4AF34
   # Boot Mode : Normal
   # Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
   # Option [search]
   ***** [services] *****
   ***** [Files / Folders] *****
   Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
   Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
   Folder Found : C:\Program Files\Conduit
   ***** [Registry] *****
   Key Found : HKCU\Software\Conduit
   Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
   Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
   Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
   Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
   Key Found : HKCU\Software\SmartBar
   Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
   Key Found : HKLM\Software\Conduit
   ***** [internet Browsers] *****
   -\\ Internet Explorer v8.0.6001.18702
   [OK] Registry is clean.
   -\\ Mozilla Firefox v15.0.1 (en-US)
   Profile name : default
   File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jaz150vh.default\prefs.js
   [OK] File is clean.
   -\\ Google Chrome v21.0.1180.89
   File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
   [OK] File is clean.
   -\\ Opera v [unable to get version]
   File : C:\Documents and Settings\Owner\Application Data\Opera\Opera\operaprefs.ini
   Found : Home URL=hxxp://startsear.info
   *************************
   AdwCleaner[R1].txt - [1885 octets] - [14/09/2012 09:55:14]
   ########## EOF - C:\AdwCleaner[R1].txt - [1945 octets] ##########
   
4. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
   Run date: 2012-09-14 09:59:23
   -----------------------------
   09:59:23.332 OS Version: Windows 5.1.2600 Service Pack 3
   09:59:23.332 Number of processors: 2 586 0x404
   09:59:23.348 ComputerName: OWNER-CA6A4AF34 UserName: Owner
   09:59:26.020 Initialize success
   09:59:59.723 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
   09:59:59.723 Disk 0 Vendor: Maxtor_6L160M0 BACE1G10 Size: 152587MB BusType: 3
   09:59:59.754 Disk 0 MBR read successfully
   09:59:59.754 Disk 0 MBR scan
   09:59:59.754 Disk 0 Windows XP default MBR code
   09:59:59.754 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152578 MB offset 63
   09:59:59.770 Disk 0 scanning sectors +312480315
   09:59:59.879 Disk 0 scanning C:\WINDOWS\system32\drivers
   10:00:13.863 Service scanning
   10:00:26.082 Service MpKsl3aeb649b C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98BCBEA6-F716-42C2-9F08-87D19139D631}\MpKsl3aeb649b.sys **LOCKED** 32
   10:00:37.535 Modules scanning
   10:00:52.957 Disk 0 trace - called modules:
   10:00:52.973 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
   10:00:52.973 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b1e7ab8]
   10:00:52.973 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8b1e5b00]
   10:00:52.973 Scan finished successfully
   10:02:05.941 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
   10:02:05.973 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
   Thank you for your assistance!
   

[Maniac]

Good!

Step 1

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

In your next reply, post the following log files:

• AdwCleaner log
  
• ComboFix log

[bigroblee]

Thank you; upon restart I have the following error message;

Malwarebytes Anti-Malware

[shell_NotifyIcon] Failed to perform desired action. Error Code: 2

1. 
   

Thank you! Also, although I am not sure if this is related, or something else entirely, at the same time as these problems started, every time I restart my PC I receive the following error;

chrome.exe - Unable To Locate Component

This application has failed to start because libpdcurses.dll was not found. Re-installing the application may fix this problem.

However, I am able to launch Chrome with no problem once I select "OK" on the error pop-up.

Finally, I just want to make you aware that all of my browsers are still redirecting the homepage to "http://startsear.info/" and when I search through the address bar they are all forced through startsear.info google partner searches.

Thank you again!

[bigroblee]

Let's try this again...

1. 
   

[bigroblee]

I cannot find an option to edit my posts, and for whatever reason the pasted reports are not showing (at least to me!) in the previous two posts.

1. 
   

[bigroblee]

Please help; the logs you requested are not posting, although I am properly pasting them, and I am also trying to paste them using the forum control!

[bigroblee]

AdwCleanerS2.txtComboFix.txt

[Maniac]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\winstart.bat
c:\documents and settings\Owner\Start Menu\Programs\Startup\Owner.exe

Folder::
c:\documents and settings\Owner\Local Settings\Application Data\CRE
c:\program files\Common Files\Spigot

DDS::
uStart Page = hxxp://startsear.info
mStart Page = hxxp://startsear.info

FireFox::
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\jaz150vh.default\
FF - prefs.js: browser.startup.homepage - hxxp://startsear.info

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[bigroblee]

Hello, and thank you once again for your help. I have pasted the log below, but in case it does not show for whatever reason I have also attached the log. I look forward to your reply!

log.txt

ComboFix 12-09-14.03 - Owner 09/15/2012 9:28.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2672 [GMT -7:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

.

FILE ::

"c:\documents and settings\Owner\Start Menu\Programs\Startup\Owner.exe"

"c:\windows\winstart.bat"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\_ctypes.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\_elementtree.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\_hashlib.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\_socket.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\_ssl.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\pyexpat.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\pysqlite2._sqlite.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\python26.dll

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\pythoncom26.dll

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\PyWinTypes26.dll

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\select.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\unicodedata.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\win32api.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\win32com.shell.shell.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\win32crypt.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\win32event.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\win32file.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\win32inet.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\win32pdh.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\win32process.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\windows._cacheinvalidation.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\wx._controls_.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\wx._core_.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\wx._gdi_.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\wx._html2.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\wx._misc_.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\wx._windows_.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\wx._wizard.pyd

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\wxbase293u_net_vc.dll

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\wxbase293u_vc.dll

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\wxmsw293u_adv_vc.dll

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\wxmsw293u_core_vc.dll

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\wxmsw293u_html_vc.dll

c:\docume~1\Owner\LOCALS~1\Temp\_MEI32602\wxmsw293u_webview_vc.dll

c:\documents and settings\Owner\Local Settings\Application Data\CRE

c:\documents and settings\Owner\Local Settings\Application Data\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\_ctypes.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\_elementtree.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\_hashlib.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\_socket.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\_ssl.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\pyexpat.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\pysqlite2._sqlite.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\python26.dll

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\pythoncom26.dll

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\PyWinTypes26.dll

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\select.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\unicodedata.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\win32api.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\win32com.shell.shell.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\win32crypt.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\win32event.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\win32file.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\win32inet.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\win32pdh.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\win32process.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\windows._cacheinvalidation.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\wx._controls_.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\wx._core_.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\wx._gdi_.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\wx._html2.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\wx._misc_.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\wx._windows_.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\wx._wizard.pyd

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\wxbase293u_net_vc.dll

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\wxbase293u_vc.dll

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\wxmsw293u_adv_vc.dll

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\wxmsw293u_core_vc.dll

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\wxmsw293u_html_vc.dll

c:\documents and settings\Owner\Local Settings\Temp\_MEI32602\wxmsw293u_webview_vc.dll

c:\documents and settings\Owner\Start Menu\Programs\Startup\Owner.exe

c:\windows\system32\REN20C.tmp

c:\windows\system32\sqlite3.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))

.

.

2012-09-15 09:31 . 2012-09-15 09:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-13 22:37 . 2012-09-14 19:41 -------- d-----w- c:\program files\PC Tools

2012-09-13 22:33 . 2012-06-22 22:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-09-13 22:33 . 2012-09-14 19:41 -------- d-----w- c:\program files\Common Files\PC Tools

2012-09-13 22:31 . 2012-09-13 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2012-09-13 22:31 . 2012-09-13 22:31 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp

2012-09-03 23:54 . 2012-07-02 17:49 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-09-03 18:45 . 2012-09-15 09:30 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-03 18:45 . 2012-09-15 09:30 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-09-02 05:31 . 2012-09-11 00:43 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-08-31 21:33 . 2012-09-13 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\RegRun

2012-08-31 21:33 . 2012-08-31 21:33 2 --shatr- c:\windows\winstart.bat

2012-08-31 21:33 . 2012-06-27 23:01 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2012-08-31 21:32 . 2012-09-13 22:59 -------- d-----w- c:\program files\UnHackMe

2012-08-29 22:07 . 2012-08-29 22:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2012-08-29 22:06 . 2012-08-29 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-08-29 22:06 . 2012-09-13 23:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-29 22:06 . 2012-09-08 00:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-29 16:32 . 2012-08-29 16:32 -------- d-----w- c:\program files\Google Chrome

2012-08-24 01:20 . 2012-09-03 23:24 -------- d-----w- c:\program files\XviD

2012-08-21 16:26 . 2012-08-21 16:27 -------- d-----w- c:\program files\Combined Community Codec Pack

2012-08-21 16:00 . 2012-08-21 16:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Digiarty

2012-08-21 15:58 . 2010-04-30 01:19 66944 ----a-w- c:\windows\system32\drivers\thdudf.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-10 21:02 . 2012-05-06 17:16 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-10 21:02 . 2011-05-14 04:31 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-03 18:45 . 2011-03-24 16:48 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-06 13:58 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2010-01-27 00:24 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40 . 2004-08-10 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49 . 2004-08-10 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2004-08-10 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-09-07 20:48 . 2012-09-07 20:46 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-09-14_21.30.40 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-09-15 09:32 . 2012-09-15 09:32 16384 c:\windows\Temp\Perflib_Perfdata_764.dat

+ 2012-09-15 16:42 . 2012-09-15 16:42 16384 c:\windows\Temp\Perflib_Perfdata_714.dat

+ 2012-09-15 16:43 . 2012-09-15 16:43 16384 c:\windows\Temp\Perflib_Perfdata_644.dat

+ 2012-09-15 09:31 . 2012-09-15 09:30 246760 c:\windows\system32\javaws.exe

+ 2012-09-15 09:31 . 2012-09-15 09:30 174056 c:\windows\system32\javaw.exe

+ 2012-09-15 09:31 . 2012-09-15 09:30 174056 c:\windows\system32\java.exe

+ 2012-09-15 09:32 . 2012-09-15 09:32 176128 c:\windows\Installer\29450f8.msi

+ 2012-09-15 09:30 . 2012-09-15 09:30 873984 c:\windows\Installer\29450ea.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-07-20 22:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-07-20 22:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-07-20 22:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-07-20 22:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]

"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-26 563984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-26 2178832]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 98304]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]

"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]

"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]

"Memeo Send"="c:\program files\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816]

"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"XviD"="c:\program files\XviD\video.exe" [2012-08-23 7678769]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]

Owner.exe [2012-8-23 7678769]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Evoluent Mouse Manager.lnk - c:\windows\Installer\{A93D8BCB-5E78-4E43-AA04-4D2C159626E6}\_5D3F7A665AF4FEE7709022.exe [2011-2-18 4286]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

.

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= c:\documents and settings\Owner\My Documents\My Pictures\Wallpapers\Stream_of_Light_by__kol.jpg

FriendlyName=

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Evoluent Mouse Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk

backup=c:\windows\pss\Evoluent Mouse Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]

backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]

backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless USB 2.0 WLAN Card Utility.lnk]

backup=c:\windows\pss\Wireless USB 2.0 WLAN Card Utility.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]

backup=c:\windows\pss\MagicDisc.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\SteelStorm\\steelstorm.exe"=

"c:\\Program Files\\SteelStorm\\steelstorm-dedicated.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [11/28/2011 1:04 AM 21992]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/13/2012 4:36 PM 399432]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/29/2012 3:06 PM 676936]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [4/22/2010 5:33 PM 25824]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [7/9/2010 12:40 PM 196928]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [7/9/2010 12:40 PM 65856]

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 9:42 AM 14088]

R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [8/21/2012 8:58 AM 66944]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [4/11/2012 4:13 PM 100368]

R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;c:\windows\system32\drivers\EvoMouseDriverFilterHidUsb.sys [2/18/2011 6:56 PM 23096]

R3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys [2/18/2011 6:54 PM 20024]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/29/2012 3:06 PM 22856]

S1 MpKsl9f9fd70e;MpKsl9f9fd70e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C8C0D47-5073-49EC-9094-4CE94DFC12F4}\MpKsl9f9fd70e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C8C0D47-5073-49EC-9094-4CE94DFC12F4}\MpKsl9f9fd70e.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2010 7:42 AM 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/6/2012 10:16 AM 250568]

S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [5/17/2012 12:08 PM 14336]

S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [5/17/2012 12:08 PM 20736]

S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [5/17/2012 12:08 PM 20096]

S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [5/17/2012 12:08 PM 25088]

S3 cpuz134;cpuz134;\??\c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys --> c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [?]

S3 evomouflt;Evoluent Mouse Filter Service;c:\windows\system32\drivers\evomouflt.sys [3/19/2008 12:56 PM 15872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2010 7:42 AM 136176]

S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [5/11/2009 2:19 PM 40448]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [9/1/2012 10:31 PM 114144]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 5:00 AM 14336]

S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [4/21/2012 11:03 AM 131776]

S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2/9/2011 9:29 PM 899700]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - uphcleanhlp

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

QWAVE REG_MULTI_SZ QWAVE

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-01-22 19:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 21:02]

.

2012-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]

.

2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 14:42]

.

2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 14:42]

.

2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-884357618-725345543-1004Core.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-14 07:38]

.

2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-884357618-725345543-1004UA.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-14 07:38]

.

2012-05-06 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2011-08-10 23:39]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://startsear.info

mStart Page = hxxp://startsear.info

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\jaz150vh.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://startsear.info

FF - prefs.js: browser.search.selectedEngine - Google

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-09-15 09:44

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(712)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(9968)

c:\windows\system32\WININET.dll

c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll

c:\program files\Google\Drive\googledrivesync32.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\ehome\RMSvc.exe

c:\program files\UPHClean\uphclean.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\ehome\McrdSvc.exe

c:\windows\system32\wscntfy.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\system32\dllhost.exe

c:\windows\stsystra.exe

c:\windows\eHome\ehmsas.exe

c:\program files\Evoluent\VMouse\EvoMouseExec.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe

c:\program files\Memeo\Memeo Send\MemeoSend.exe

c:\program files\Memeo\AutoBackup\InstantBackup.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe

.

**************************************************************************

.

Completion time: 2012-09-15 09:55:02 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-15 16:54

ComboFix2.txt 2012-09-14 21:45

.

Pre-Run: 65,460,678,656 bytes free

Post-Run: 65,486,053,376 bytes free

.

- - End Of File - - 8A2F1DC1419B69622CDC35F6F980D69C

[Maniac]

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[bigroblee]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=3758e55e241ec34cbd5470444eb059b4

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-09-16 09:17:57

# local_time=2012-09-16 02:17:57 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=152040

# found=15

# cleaned=15

# scan_time=9802

C:\Documents and Settings\Owner\Desktop\torrent\Complete\Android\a Penetrate Pro v2.10.apk Android/Penetho.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\torrent\Complete\Android\a Spy Phone v1.0.28.apk a variant of Android/SpyPhone.B application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\torrent\Complete\Android\Android.-.Cool.Texter.v1.9.apk Android/DroidRooter.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\torrent\Complete\Android\InstantRoot (1.04).apk Android/Exploit.Lotoor.AP trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\torrent\Complete\Android\Locate Me PRO (1.4).apk Android/Lypro.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\torrent\Complete\Android\Recovery Flasher (1.1.3).apk multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\torrent\Complete\Android\Sheriff Android (3.0).apk Android/SheriDroid.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\torrent\Complete\Android\sheriffandroid_Ver2.28.apk Android/SheriDroid.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\torrent\Complete\Android\Sherrif Android (2.27).apk Android/SheriDroid.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\torrent\Complete\Android\Spy Phone (1.0.17).apk Android/SpyPhone.B application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\torrent\Complete\Android\Acrobatic.Rider.v1.0.102.-AnDrOiD\acrobatic_rider.apk a variant of Android/Adware.AdsWo.B application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\torrent\Complete\Android\Geared.v1.0.2-AnDrOiD\geared_v1.0.2.apk multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Local Settings\temp\BunndleOfferManager.dll a variant of Win32/Bunndle application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Google Chrome\software\cgminer.exe a variant of Win32/BitCoinMiner.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{A195773F-72D2-4B2B-B871-C717F87D6119}\RP1006\A0136762.exe a variant of Win32/BitCoinMiner.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

[Maniac]

Which browser redirects you?

[bigroblee]

All three that I use; Chrome, Firefox, and Internet Explorer. Each time I restart the PC my homepage is reset to "http://startsear.info/". When I try to do searches, either through the address bar, or the search box to the right of the address bar, or by highlighting a word or phrase rather than a normal search I am redirected to a Google "custom" search as follows;

Like this in Chrome;

http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q=Malwarebytes&sa=Search&siteurl=startsear.info%2F#gsc.tab=0&gsc.q=Malwarebytes&gsc.page=1

Like this in Firefox;

http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q=malwarebytes&sa=Search&siteurl=startsear.info%2F#gsc.tab=0&gsc.q=malwarebytes&gsc.page=1

And like this in Internet Explorer;

http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q=malwarebytes&sa=Search&siteurl=startsear.info%2F

[Maniac]

First, let's try this way:

At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu

(on Windows XP, click the Help menu at the top of the Firefox window) and select Troubleshooting Information.

Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.

click Reset Firefox in the confirmation window that opens. Firefox will close and be reset. When it's done. Click Finish and Firefox will open. Reboot your system and let me know.

[bigroblee]

Done; the homepage is reset to "about:home" but the searches through the address bar, search box, and highlighting all go to a Google custom search still.

[Maniac]

Set Google Search Engine as you deffault search provider:

http://support.google.com/websearch/bin/answer.py?hl=en&answer=464

Then try again.

[bigroblee]

Hello;

I reset all of the browsers to their initial state, including resetting google as the default search provider. Upon restart everything is back to startsear.info.

[Maniac]

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All Users
  
• Under the Custom Scan box copy/paste the following:
  

  %SYSTEMDRIVE%\*.*
  %USERPROFILE%\*.*
  %USERPROFILE%\Application Data\*.*
  %USERPROFILE%\Application Data\*.
  %USERPROFILE%\Local Settings\*.*
  %USERPROFILE%\Local Settings\temp\*.exe
  %USERPROFILE%\Local Settings\Temporary Internet Files\*.exe
  %USERPROFILE%\Local Settings\Application Data\*.*
  %AllUsersProfile%\*.*
  %AllUsersProfile%\Application Data\*.*
  %AllUsersProfile%\Application Data\*.
  %AllUsersProfile%\Application Data\Local Settings\*.*
  %AllUsersProfile%\Application Data\Local Settings\Temp\*.exe
  %ALLUSERSPROFILE%\Documents\My Music\*.exe
  %ALLUSERSPROFILE%\Documents\My Pictures\*.exe
  %ALLUSERSPROFILE%\Documents\My Videos\*.exe
  %ALLUSERSPROFILE%\Documents\*.exe
  %USERPROFILE%\My Documents\*.*
  %CommonProgramFiles%\*.*
  %CommonProgramFiles%\ComObjects*.*
  %PROGRAMFILES%\*.*
  %PROGRAMFILES%\*.
  %systemroot%\system32\config\systemprofile\*.*
  %systemroot%\system32\config\systemprofile\Application Data\*.*
  %systemroot%\system32\config\systemprofile\\Local Settings\*.*
  %systemroot%\system32\config\systemprofile\\Local Settings\Application Data\*.*
  %systemroot%\system32\config\systemprofile\\Local Settings\Temp\*.exe
  %systemroot%\system32\config\systemprofile\\Local Settings\Temporary Internet Files\*.exe
  C:\Documents and Settings\LocalService\Application Data\*.*
  C:\Documents and Settings\LocalService\Local Settings\Application Data\*.*
  C:\Documents and Settings\LocalService\Local Settings\temp\*.exe
  C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\*.exe
  C:\Documents and Settings\LocalService\Local Settings\*.*
  C:\Documents and Settings\LocalService\*.*
  C:\Documents and Settings\NetworkService\Application Data\*.*
  C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.*
  C:\Documents and Settings\NetworkService\Local Settings\temp\*.exe
  C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\*.exe
  C:\Documents and Settings\NetworkService\Local Settings\*.*
  C:\Documents and Settings\NetworkService\*.*

  
  

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
    

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!