AVAST reports Process: file://C:\Program Files (x86)\Mozilla Firefox\firefox.exe attempts to connect to http://grooogle.osa.pl/?said
Site is blocked. Ran MALWARE Bytes. Log results: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org
Database version: 7843
Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005
10/1/2011 10:03:32 PM mbam-log-2011-10-01 (22-03-32).txt
Scan type: Full scan (C:\|D:\|M:\|P:\|) Objects scanned: 436729 Time elapsed: 58 minute(s), 23 second(s)
Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 32 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 1
Memory Processes Infected: (No malicious items detected)
Memory Modules Infected: (No malicious items detected)
Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{2F9AD413-2E0B-4a85-BB2A-CF961238262A} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CntntCntr.CntntDic (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CntntCntr.CntntDisp (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CoreSrv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CoreSrv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CoreSrv.LfgAx (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CoreSrv.LfgAx.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HostOL.MailAnim (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HostOL.WebmailSend (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HotbarAx.Info (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HotbarAx.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HotbarAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HotbarAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HotbarWeather.WeatherController (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HotbarWeather.WeatherController.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined and deleted successfully.
Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\Hotbar@Hotbar.com (Adware.Hotbar) -> Value: Hotbar@Hotbar.com -> Quarantined and deleted successfully.
Registry Data Items Infected: (No malicious items detected)
Folders Infected: c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully. c:\Users\Ray\AppData\Roaming\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.
Files Infected: c:\Users\Ray\downloads\pcmightymax2009_14.exe (Rogue.PcMightyMax) -> Quarantined and deleted successfully.