Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirect Virus, and Trojan Virus [Closed]

Started by om20 , Oct 25 2011 12:14 AM

  • This topic is locked This topic is locked

#76
Render
Posted 19 December 2011 - 01:00 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
O37 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\...exe [@ = 8y] -- "C:\Users\Enrique\AppData\Local\kqt.exe" -a "%1" %* (Microsoft Corporation)
  	
:Files
C:\ProgramData\7c57mo6h56m738
C:\ProgramData\b0mk65x7vc5mcf
C:\ProgramData\b8gu32o8te3ibj
C:\Users\Enrique\AppData\Local\7c57mo6h56m738
C:\Users\Enrique\AppData\Local\b0mk65x7vc5mcf
C:\Users\Enrique\AppData\Local\b8gu32o8te3ibj
C:\Users\Enrique\AppData\Local\kqt.exe
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYJAVA]
[emptyflash]
[createrestorepoint]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#77
om20
Posted 19 December 2011 - 02:01 PM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
here's the first one.

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3354869186-130629379-3507963822-1001_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3354869186-130629379-3507963822-1001_Classes\8y\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
========== FILES ==========
C:\ProgramData\7c57mo6h56m738 moved successfully.
C:\ProgramData\b0mk65x7vc5mcf moved successfully.
C:\ProgramData\b8gu32o8te3ibj moved successfully.
C:\Users\Enrique\AppData\Local\7c57mo6h56m738 moved successfully.
C:\Users\Enrique\AppData\Local\b0mk65x7vc5mcf moved successfully.
C:\Users\Enrique\AppData\Local\b8gu32o8te3ibj moved successfully.
File\Folder C:\Users\Enrique\AppData\Local\kqt.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Enrique\Desktop\cmd.bat deleted successfully.
C:\Users\Enrique\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Enrique
->Temp folder emptied: 6242171 bytes
->Temporary Internet Files folder emptied: 2275611 bytes
->Java cache emptied: 665834 bytes
->FireFox cache emptied: 204475852 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8706 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 54272 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84555 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 204.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Enrique
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Enrique
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 12192011_113139

Files\Folders moved on Reboot...
File move failed. C:\Users\Enrique\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...





And here's the scan after the reboot

OTL logfile created on: 12/19/2011 11:48:41 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Enrique\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.02 Gb Available Physical Memory | 77.73% Memory free
15.50 Gb Paging File | 13.61 Gb Available in Paging File | 87.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.93 Gb Total Space | 779.81 Gb Free Space | 85.42% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ENRIQUE-PC | User Name: Enrique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/13 16:13:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Enrique\Desktop\OTL.exe
PRC - [2011/05/10 04:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 04:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/14 17:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/27 01:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
PRC - [2010/07/27 01:47:12 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/23 12:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/12/23 12:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/08/31 11:06:22 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe
PRC - [2009/06/04 14:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/27 18:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 18:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2006/03/21 13:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 02:26:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/12 02:25:47 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\fd6d00c3c7d56a2e3651769081e8f412\System.EnterpriseServices.ni.dll
MOD - [2011/10/12 02:25:47 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\834be57d8ab824b4ebcbf01161791d70\System.Transactions.ni.dll
MOD - [2011/10/12 02:25:46 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll
MOD - [2011/10/12 02:25:38 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/12 02:25:23 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/12 02:25:16 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/12 02:25:13 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/12 02:25:03 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/12 02:24:58 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/12 02:24:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/12 02:24:54 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/12 02:24:32 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/02/14 17:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/02/14 17:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/31 11:06:24 | 000,152,864 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Gold\en-US\ReminderApp.resources.dll
MOD - [2009/08/31 11:06:22 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe
MOD - [2009/08/31 11:06:22 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Gold\AddressBookCore.dll
MOD - [2009/06/10 13:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 13:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/04 14:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2009/01/15 13:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2006/01/10 08:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 04:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/01/24 18:57:23 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/11/15 10:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010/08/04 01:51:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/07/27 01:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/23 12:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/01 15:45:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 04:04:08 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/05/10 04:04:07 | 000,287,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/05/10 04:02:41 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/05/10 03:59:59 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/05/10 03:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/10 03:59:37 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/14 18:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/02 15:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/25 09:59:32 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/25 09:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/04 02:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/08/04 02:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/04 01:15:46 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/27 01:47:46 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2010/07/27 01:47:36 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2010/04/08 04:12:00 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/15 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 11:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 12:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 17:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2010/07/27 01:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 01:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/04 13:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Enrique\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/05 15:20:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/05 15:20:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/29 23:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/17 10:31:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/15 18:36:51 | 000,000,000 | ---D | M]

[2010/12/28 20:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Extensions
[2011/12/13 16:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions
[2011/12/12 09:02:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/03 13:57:43 | 000,000,903 | ---- | M] () -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\searchplugins\conduit.xml
[2011/05/15 18:36:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ENRIQUE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P2UPHUW6.DEFAULT\EXTENSIONS\[email protected]
[2011/12/17 10:31:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/17 10:31:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/17 10:31:04 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
CHR - Extension: No name found = C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2011/12/19 11:31:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe ()
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeUpdater6] C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Enrique\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC411A11-3342-46A9-9EF4-906B6B494DDB}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/19 11:38:41 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3F651075-8B22-48A2-8521-B867FB647A56}
[2011/12/19 11:38:29 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{535817BB-F28A-4916-B524-B4ACECBE8D7E}
[2011/12/19 00:36:05 | 000,000,000 | ---D | C] -- C:\Users\Enrique\Desktop\ACP
[2011/12/18 23:06:51 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DF76DF49-8006-4AFD-BF1E-685930C45A6E}
[2011/12/18 23:06:38 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{A4ED7BAC-43BC-4645-8B2C-DD067826B19A}
[2011/12/18 21:48:48 | 000,000,000 | ---D | C] -- C:\Users\Enrique\Desktop\Art Center Portfolio
[2011/12/18 14:38:30 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/18 14:28:29 | 004,343,835 | R--- | C] (Swearware) -- C:\Users\Enrique\Desktop\Combo-Fix.exe
[2011/12/16 14:56:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Enrique\Desktop\dds.scr
[2011/12/14 21:55:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/14 21:55:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/14 21:55:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/14 09:20:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/13 16:13:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Enrique\Desktop\OTL.exe
[2011/12/13 08:05:39 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Enrique\Desktop\tdsskiller.exe
[2011/12/13 07:51:50 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{8ED9C195-311B-437E-AA85-0BB046F352AC}
[2011/12/13 07:51:38 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{9D1EE98A-C69D-4ED2-AA81-33588B64F136}
[2011/12/12 14:48:12 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3160580E-E4A6-40AA-85F1-D4C9758DB65F}
[2011/12/12 14:47:59 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{B16CE6D1-DA6D-4A08-B8E8-042800392BE6}
[2011/12/12 08:19:40 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{32F10E2E-41FA-4E77-AF4C-4A701811EFC8}
[2011/12/12 08:19:27 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{C2407592-3EA6-4E7B-9044-647DCF682CD0}
[2011/12/11 17:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/12/11 13:12:53 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{D4E8C539-65E0-4C7D-A4D9-B8F54C198A63}
[2011/12/11 13:12:31 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{051B2991-AABE-452A-9634-50DE1A668D4F}
[2011/12/11 09:06:26 | 000,080,896 | ---- | C] (maliprog) -- C:\Users\Enrique\Desktop\getpartitions.exe
[2011/12/11 08:17:20 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DCDAFF2D-DE03-45A0-A063-A6433CAA122B}
[2011/12/11 08:17:05 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1E366661-E865-4716-ABEE-5804E9DD3D6E}
[2011/12/11 01:00:05 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{56E0CAA8-1081-45AD-84B0-2B1F7EE6442A}
[2011/12/11 00:59:43 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{AA523640-6424-448A-A99B-7D0CFDCFD57A}
[2011/12/10 08:32:09 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{84D142E9-FAC3-4942-81DD-6145675D6D0A}
[2011/12/10 08:31:53 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{D67981F3-C854-43E2-9E7E-CB7F6A482B42}
[2011/12/10 00:47:53 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Enrique\Desktop\aswMBR.exe
[2011/12/09 06:06:19 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{5F25FD9B-1330-4006-883A-A9BAA4840687}
[2011/12/09 06:05:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{E61B8A0A-B382-478B-92B8-A01730697BAB}
[2011/12/08 05:22:30 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{87723472-7B75-44C5-B525-6B4AA742A882}
[2011/12/08 05:22:07 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{738FFA6C-8CF9-4302-BAE8-DDAC25722459}
[2011/12/08 04:54:01 | 003,552,208 | ---- | C] (Piriform Ltd) -- C:\Users\Enrique\Desktop\ccsetup313.exe
[2011/12/05 15:38:33 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{228D960C-4877-4E83-BE77-7E9AF61D0560}
[2011/12/05 15:38:20 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{244C1C39-E1F3-49FD-8694-871462D54F62}
[2011/12/04 22:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/12/04 22:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/12/04 22:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/12/04 22:02:47 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/12/04 22:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/12/03 13:50:52 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{0C9321DE-84E1-4422-B9C6-1C60E3AEDBE3}
[2011/12/03 13:50:39 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{2B00978A-71E6-4420-84FA-1938B38C9782}
[2011/11/30 18:10:13 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1C39BB25-F156-4BB0-9755-27CEA325221D}
[2011/11/30 18:09:59 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{2C92D726-1B87-472E-88A5-FBBCB952F3E3}
[2011/11/27 22:18:12 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{EE265590-8213-4598-BC67-C003E7A92809}
[2011/11/27 22:17:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1E2865E7-CD72-40A4-83EB-799D824F43A4}
[2009/05/14 22:15:24 | 005,719,400 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/05/14 22:15:24 | 004,397,928 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/19 11:43:49 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 11:43:49 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 11:36:32 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/19 11:36:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/19 11:36:19 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/19 11:31:42 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/12/19 11:30:38 | 092,390,945 | ---- | M] () -- C:\Users\Enrique\Desktop\gremlin.psd
[2011/12/19 11:27:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/19 01:09:11 | 000,001,456 | ---- | M] () -- C:\Users\Enrique\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/18 23:52:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001UA.job
[2011/12/18 22:51:44 | 000,173,305 | ---- | M] () -- C:\Users\Enrique\Desktop\9_death_final-copy1.jpg
[2011/12/18 16:26:06 | 000,908,518 | ---- | M] () -- C:\Users\Enrique\Desktop\SS.jpg
[2011/12/18 15:18:30 | 000,879,649 | ---- | M] () -- C:\Users\Enrique\Desktop\SecurityCheck.exe
[2011/12/18 14:28:32 | 004,343,835 | R--- | M] (Swearware) -- C:\Users\Enrique\Desktop\Combo-Fix.exe
[2011/12/18 14:11:51 | 000,139,264 | ---- | M] () -- C:\Users\Enrique\Desktop\SystemLook.exe
[2011/12/18 13:10:38 | 000,002,948 | ---- | M] () -- C:\Users\Enrique\Desktop\Scanner Management - Shortcut.lnk
[2011/12/18 11:52:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001Core.job
[2011/12/18 00:35:04 | 000,054,283 | ---- | M] () -- C:\Users\Enrique\Desktop\169007_10150092421799521_507844520_5849466_6160007_n.jpg
[2011/12/17 10:47:53 | 000,003,687 | ---- | M] () -- C:\Users\Enrique\Desktop\Attach.zip
[2011/12/17 10:31:18 | 000,002,056 | ---- | M] () -- C:\Users\Enrique\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/17 10:28:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Enrique\Desktop\dds.scr
[2011/12/16 14:29:43 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/16 14:29:43 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/16 14:29:43 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/15 22:56:31 | 000,027,221 | ---- | M] () -- C:\Users\Enrique\Desktop\leon2.jpg
[2011/12/15 22:55:58 | 000,039,941 | ---- | M] () -- C:\Users\Enrique\Desktop\leon1.jpg
[2011/12/15 22:55:01 | 000,009,473 | ---- | M] () -- C:\Users\Enrique\Desktop\leo.gif
[2011/12/15 20:45:36 | 000,000,946 | ---- | M] () -- C:\FixitRegBackup.reg
[2011/12/15 18:09:19 | 000,342,990 | ---- | M] () -- C:\Users\Enrique\Desktop\leo.ai
[2011/12/15 18:09:14 | 000,037,115 | ---- | M] () -- C:\Users\Enrique\Desktop\leo.jpg
[2011/12/15 17:25:59 | 000,806,400 | ---- | M] () -- C:\Users\Enrique\Desktop\MicrosoftFixit50692.msi
[2011/12/15 08:53:06 | 005,294,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/14 20:42:15 | 000,126,392 | ---- | M] () -- C:\Users\Enrique\Desktop\leo.svgz
[2011/12/14 20:30:07 | 000,340,221 | ---- | M] () -- C:\Users\Enrique\Desktop\l.psd
[2011/12/14 19:28:20 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/14 19:18:33 | 100,713,023 | ---- | M] () -- C:\Users\Enrique\Desktop\tig-1.psd
[2011/12/14 14:07:22 | 002,098,534 | ---- | M] () -- C:\Users\Enrique\Desktop\bgs.psd
[2011/12/13 23:32:36 | 002,255,617 | ---- | M] () -- C:\Users\Enrique\Desktop\b1.psd
[2011/12/13 23:30:45 | 000,566,502 | ---- | M] () -- C:\Users\Enrique\Desktop\b1.jpg
[2011/12/13 16:13:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Enrique\Desktop\OTL.exe
[2011/12/13 13:37:22 | 000,336,796 | ---- | M] () -- C:\Users\Enrique\Desktop\spillpic.jpg
[2011/12/13 08:05:47 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Enrique\Desktop\tdsskiller.exe
[2011/12/12 15:46:08 | 001,053,098 | ---- | M] () -- C:\Users\Enrique\Desktop\Chase_by_samburley.png
[2011/12/11 19:22:44 | 000,006,196 | -HS- | M] () -- C:\Windows\5113895drv.spi
[2011/12/11 18:01:48 | 000,136,280 | ---- | M] () -- C:\Users\Enrique\Desktop\Dune_Boogie_by_ahbiasaaja.jpg
[2011/12/11 17:41:08 | 105,515,512 | ---- | M] () -- C:\Users\Enrique\Desktop\setup_11.0.0.1245.x01_2011_12_12_04_22.exe
[2011/12/11 09:06:29 | 000,080,896 | ---- | M] (maliprog) -- C:\Users\Enrique\Desktop\getpartitions.exe
[2011/12/10 10:54:13 | 009,746,127 | ---- | M] () -- C:\Users\Enrique\Desktop\leon.psd
[2011/12/10 00:47:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Enrique\Desktop\aswMBR.exe
[2011/12/09 22:25:16 | 000,088,827 | ---- | M] () -- C:\Users\Enrique\Desktop\316645_10150265530771652_556606651_8188422_6033131_n.jpg
[2011/12/09 22:24:56 | 000,065,892 | ---- | M] () -- C:\Users\Enrique\Desktop\250864_10150186297481652_556606651_7437903_5651744_n.jpg
[2011/12/09 22:24:40 | 000,193,223 | ---- | M] () -- C:\Users\Enrique\Desktop\301216_10150265531006652_556606651_8188425_4368654_n.jpg
[2011/12/09 22:24:17 | 000,050,670 | ---- | M] () -- C:\Users\Enrique\Desktop\150210_446738541651_556606651_5973095_2759792_n.jpg
[2011/12/09 20:32:57 | 000,673,075 | ---- | M] () -- C:\Users\Enrique\Desktop\a018de61432b6a10724c7418be9e0145-d4fqsrm.jpg
[2011/12/09 15:19:33 | 000,123,617 | ---- | M] () -- C:\Users\Enrique\Desktop\Emerging_Deva_2_by_tavari.jpg
[2011/12/08 17:43:16 | 000,240,666 | ---- | M] () -- C:\Users\Enrique\Desktop\3320514916_8fb4c53ace.jpg
[2011/12/08 15:52:55 | 008,434,071 | ---- | M] () -- C:\Users\Enrique\Desktop\conan.psd
[2011/12/08 04:58:27 | 000,004,434 | ---- | M] () -- C:\Users\Enrique\Documents\cc_20111208_045822.reg
[2011/12/08 04:54:43 | 003,552,208 | ---- | M] (Piriform Ltd) -- C:\Users\Enrique\Desktop\ccsetup313.exe
[2011/12/06 22:42:50 | 003,221,484 | ---- | M] () -- C:\Users\Enrique\Desktop\r3c.psd
[2011/12/06 01:12:59 | 008,342,118 | ---- | M] () -- C:\Users\Enrique\Desktop\r2.psd
[2011/12/05 22:51:15 | 000,189,289 | ---- | M] () -- C:\Users\Enrique\Desktop\chart.psd
[2011/12/04 22:04:22 | 000,135,236 | ---- | M] () -- C:\Windows\hpoins36.dat
[2011/12/03 19:10:37 | 000,279,896 | ---- | M] () -- C:\Users\Enrique\Desktop\DSCN1980.JPG
[2011/12/02 05:21:58 | 000,072,587 | ---- | M] () -- C:\Users\Enrique\Desktop\385231_2580895491683_1533313735_2681060_180846874_n.jpg
[2011/12/02 05:21:30 | 000,103,362 | ---- | M] () -- C:\Users\Enrique\Desktop\384091_2580893491633_1533313735_2681056_2143368044_n.jpg
[2011/12/02 04:40:01 | 000,172,789 | ---- | M] () -- C:\Users\Enrique\Desktop\382967_2580892251602_1533313735_2681054_359181174_n.jpg
[2011/12/02 01:12:26 | 018,440,246 | ---- | M] () -- C:\Users\Enrique\Desktop\r1.psd
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/18 22:51:43 | 000,173,305 | ---- | C] () -- C:\Users\Enrique\Desktop\9_death_final-copy1.jpg
[2011/12/18 16:26:05 | 000,908,518 | ---- | C] () -- C:\Users\Enrique\Desktop\SS.jpg
[2011/12/18 15:18:29 | 000,879,649 | ---- | C] () -- C:\Users\Enrique\Desktop\SecurityCheck.exe
[2011/12/18 14:11:50 | 000,139,264 | ---- | C] () -- C:\Users\Enrique\Desktop\SystemLook.exe
[2011/12/18 13:10:38 | 000,002,948 | ---- | C] () -- C:\Users\Enrique\Desktop\Scanner Management - Shortcut.lnk
[2011/12/18 00:35:04 | 000,054,283 | ---- | C] () -- C:\Users\Enrique\Desktop\169007_10150092421799521_507844520_5849466_6160007_n.jpg
[2011/12/17 10:47:53 | 000,003,687 | ---- | C] () -- C:\Users\Enrique\Desktop\Attach.zip
[2011/12/15 22:56:30 | 000,027,221 | ---- | C] () -- C:\Users\Enrique\Desktop\leon2.jpg
[2011/12/15 22:55:57 | 000,039,941 | ---- | C] () -- C:\Users\Enrique\Desktop\leon1.jpg
[2011/12/15 22:55:01 | 000,009,473 | ---- | C] () -- C:\Users\Enrique\Desktop\leo.gif
[2011/12/15 20:45:36 | 000,000,946 | ---- | C] () -- C:\FixitRegBackup.reg
[2011/12/15 18:09:14 | 000,037,115 | ---- | C] () -- C:\Users\Enrique\Desktop\leo.jpg
[2011/12/15 17:25:59 | 000,806,400 | ---- | C] () -- C:\Users\Enrique\Desktop\MicrosoftFixit50692.msi
[2011/12/14 21:55:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/14 21:55:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/14 21:55:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/14 21:55:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/14 21:55:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/14 20:42:25 | 000,342,990 | ---- | C] () -- C:\Users\Enrique\Desktop\leo.ai
[2011/12/14 20:42:10 | 000,126,392 | ---- | C] () -- C:\Users\Enrique\Desktop\leo.svgz
[2011/12/14 20:30:07 | 000,340,221 | ---- | C] () -- C:\Users\Enrique\Desktop\l.psd
[2011/12/14 14:07:22 | 002,098,534 | ---- | C] () -- C:\Users\Enrique\Desktop\bgs.psd
[2011/12/13 23:32:36 | 002,255,617 | ---- | C] () -- C:\Users\Enrique\Desktop\b1.psd
[2011/12/13 23:30:45 | 000,566,502 | ---- | C] () -- C:\Users\Enrique\Desktop\b1.jpg
[2011/12/13 22:16:07 | 092,390,945 | ---- | C] () -- C:\Users\Enrique\Desktop\gremlin.psd
[2011/12/13 13:37:21 | 000,336,796 | ---- | C] () -- C:\Users\Enrique\Desktop\spillpic.jpg
[2011/12/12 15:46:07 | 001,053,098 | ---- | C] () -- C:\Users\Enrique\Desktop\Chase_by_samburley.png
[2011/12/11 18:01:47 | 000,136,280 | ---- | C] () -- C:\Users\Enrique\Desktop\Dune_Boogie_by_ahbiasaaja.jpg
[2011/12/11 18:00:50 | 000,006,196 | -HS- | C] () -- C:\Windows\5113895drv.spi
[2011/12/11 17:38:37 | 105,515,512 | ---- | C] () -- C:\Users\Enrique\Desktop\setup_11.0.0.1245.x01_2011_12_12_04_22.exe
[2011/12/09 22:25:16 | 000,088,827 | ---- | C] () -- C:\Users\Enrique\Desktop\316645_10150265530771652_556606651_8188422_6033131_n.jpg
[2011/12/09 22:24:55 | 000,065,892 | ---- | C] () -- C:\Users\Enrique\Desktop\250864_10150186297481652_556606651_7437903_5651744_n.jpg
[2011/12/09 22:24:39 | 000,193,223 | ---- | C] () -- C:\Users\Enrique\Desktop\301216_10150265531006652_556606651_8188425_4368654_n.jpg
[2011/12/09 22:24:16 | 000,050,670 | ---- | C] () -- C:\Users\Enrique\Desktop\150210_446738541651_556606651_5973095_2759792_n.jpg
[2011/12/09 21:09:02 | 100,713,023 | ---- | C] () -- C:\Users\Enrique\Desktop\tig-1.psd
[2011/12/09 20:32:56 | 000,673,075 | ---- | C] () -- C:\Users\Enrique\Desktop\a018de61432b6a10724c7418be9e0145-d4fqsrm.jpg
[2011/12/09 15:19:32 | 000,123,617 | ---- | C] () -- C:\Users\Enrique\Desktop\Emerging_Deva_2_by_tavari.jpg
[2011/12/08 17:43:15 | 000,240,666 | ---- | C] () -- C:\Users\Enrique\Desktop\3320514916_8fb4c53ace.jpg
[2011/12/08 04:58:24 | 000,004,434 | ---- | C] () -- C:\Users\Enrique\Documents\cc_20111208_045822.reg
[2011/12/07 03:15:30 | 009,746,127 | ---- | C] () -- C:\Users\Enrique\Desktop\leon.psd
[2011/12/06 22:42:49 | 003,221,484 | ---- | C] () -- C:\Users\Enrique\Desktop\r3c.psd
[2011/12/05 22:51:14 | 000,189,289 | ---- | C] () -- C:\Users\Enrique\Desktop\chart.psd
[2011/12/04 22:02:07 | 000,135,236 | ---- | C] () -- C:\Windows\hpoins36.dat
[2011/12/04 22:02:07 | 000,000,578 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2011/12/03 19:08:23 | 000,279,896 | ---- | C] () -- C:\Users\Enrique\Desktop\DSCN1980.JPG
[2011/12/02 05:21:57 | 000,072,587 | ---- | C] () -- C:\Users\Enrique\Desktop\385231_2580895491683_1533313735_2681060_180846874_n.jpg
[2011/12/02 05:21:29 | 000,103,362 | ---- | C] () -- C:\Users\Enrique\Desktop\384091_2580893491633_1533313735_2681056_2143368044_n.jpg
[2011/12/02 04:40:00 | 000,172,789 | ---- | C] () -- C:\Users\Enrique\Desktop\382967_2580892251602_1533313735_2681054_359181174_n.jpg
[2011/12/02 01:22:05 | 008,342,118 | ---- | C] () -- C:\Users\Enrique\Desktop\r2.psd
[2011/12/01 08:12:36 | 018,440,246 | ---- | C] () -- C:\Users\Enrique\Desktop\r1.psd
[2011/04/23 23:54:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe
[2010/12/26 19:39:17 | 000,001,456 | ---- | C] () -- C:\Users\Enrique\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/12/26 19:10:54 | 000,000,431 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/12/26 11:58:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/28 14:36:06 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/07/28 14:35:35 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2010/07/28 14:34:23 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/07/28 14:34:23 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/07/28 14:34:22 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/07/28 14:34:22 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/07/28 14:32:49 | 000,009,987 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/07/28 14:32:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/07/28 14:32:46 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2010/07/28 14:32:46 | 000,007,698 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/07/28 14:30:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 13:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 13:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 13:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI

========== LOP Check ==========

[2011/02/09 23:52:31 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\acccore
[2011/01/24 19:21:29 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Autodesk
[2011/11/10 21:41:13 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Azureus
[2011/09/05 14:05:19 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Canon
[2011/04/30 21:44:17 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/03 10:49:38 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Filter Forge Freepack 2 - Photo Effects
[2011/07/12 02:20:09 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/07/07 14:57:13 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\PingKaching.45C46A55E3922496F6ADD09FCC67FAC1A9B38B70.1
[2010/12/26 19:10:45 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\ScanSoft
[2011/01/31 22:43:29 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/24 12:18:18 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Windows Live Writer
[2011/12/18 11:52:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001Core.job
[2011/12/18 23:52:00 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001UA.job
[2011/12/13 23:41:22 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >
  • 0

#78
Render
Posted 19 December 2011 - 02:12 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Now please use your computer as normal for some time and then tell me what problems remains.
  • 0

#79
om20
Posted 19 December 2011 - 06:30 PM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
The same problem that I took a freeze frame of before. That problem came right back
  • 0

#80
Render
Posted 19 December 2011 - 07:28 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Update and run Malwarebytes Antimalware once again and post its log.
  • 0

#81
om20
Posted 27 December 2011 - 04:38 PM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
The thing that's happened o me 5 times over already is , that the same problem comes up, then I run Malwarebytes Anti-Maleware. It gets rd of it. Everything seems back to normal for a few hours. Then out of nowhere the same spyware popup comes back out. This has happened many many times in the last for days.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122704

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/27/2011 2:35:39 PM
mbam-log-2011-12-27 (14-35-39).txt

Scan type: Quick scan
Objects scanned: 179506
Time elapsed: 1 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#82
Render
Posted 27 December 2011 - 04:56 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
  • Please download aswMBR.exe to your desktop. This is a new version. Please delete old one.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#83
om20
Posted 04 January 2012 - 04:28 PM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I tried the scan several times. but I dont know if its finished. and I can't find the .dat file;

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-04 14:14:20
-----------------------------
14:14:20.433 OS Version: Windows x64 6.1.7600
14:14:20.433 Number of processors: 6 586 0xA00
14:14:20.434 ComputerName: ENRIQUE-PC UserName: Enrique
14:14:21.836 Initialize success
14:14:21.871 AVAST engine defs: 12010401
14:15:08.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:15:08.877 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
14:15:08.903 Disk 0 MBR read successfully
14:15:08.905 Disk 0 MBR scan
14:15:08.907 Disk 0 unknown MBR code
14:15:08.913 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 19024 MB offset 2048
14:15:08.925 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 934843 MB offset 38963200
14:15:08.928 Service scanning
14:15:10.599 Modules scanning
14:15:10.602 Disk 0 trace - called modules:
14:15:10.620 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:15:10.623 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079fc060]
14:15:10.626 3 CLASSPNP.SYS[fffff88000dc243f] -> nt!IofCallDriver -> [0xfffffa80079189b0]
14:15:10.957 5 ACPI.sys[fffff88000f01781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079f1060]
14:15:13.369 AVAST engine scan C:\Windows
14:15:15.592 AVAST engine scan C:\Windows\system32
14:15:55.785 File: C:\Windows\system32\trz2C47.tmp **INFECTED** Win32:Sirefef-HO [Rtk]
14:15:55.818 File: C:\Windows\system32\trz3FCD.tmp **INFECTED** Win32:Sirefef-HO [Rtk]
14:16:04.906 AVAST engine scan C:\Windows\system32\drivers
14:16:11.390 AVAST engine scan C:\Users\Enrique
14:22:27.164 Disk 0 MBR has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\MBR.dat"
14:22:27.170 The log file has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\aswMBR.txt"
  • 0

#84
Render
Posted 04 January 2012 - 05:08 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Dat file should be here: C:\Program Files (x86)\Mozilla Firefox\MBR.dat
  • 0

#85
om20
Posted 04 January 2012 - 05:55 PM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
wait, i finished. here's the right log:

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-04 14:14:20
-----------------------------
14:14:20.433 OS Version: Windows x64 6.1.7600
14:14:20.433 Number of processors: 6 586 0xA00
14:14:20.434 ComputerName: ENRIQUE-PC UserName: Enrique
14:14:21.836 Initialize success
14:14:21.871 AVAST engine defs: 12010401
14:15:08.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:15:08.877 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
14:15:08.903 Disk 0 MBR read successfully
14:15:08.905 Disk 0 MBR scan
14:15:08.907 Disk 0 unknown MBR code
14:15:08.913 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 19024 MB offset 2048
14:15:08.925 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 934843 MB offset 38963200
14:15:08.928 Service scanning
14:15:10.599 Modules scanning
14:15:10.602 Disk 0 trace - called modules:
14:15:10.620 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:15:10.623 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079fc060]
14:15:10.626 3 CLASSPNP.SYS[fffff88000dc243f] -> nt!IofCallDriver -> [0xfffffa80079189b0]
14:15:10.957 5 ACPI.sys[fffff88000f01781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079f1060]
14:15:13.369 AVAST engine scan C:\Windows
14:15:15.592 AVAST engine scan C:\Windows\system32
14:15:55.785 File: C:\Windows\system32\trz2C47.tmp **INFECTED** Win32:Sirefef-HO [Rtk]
14:15:55.818 File: C:\Windows\system32\trz3FCD.tmp **INFECTED** Win32:Sirefef-HO [Rtk]
14:16:04.906 AVAST engine scan C:\Windows\system32\drivers
14:16:11.390 AVAST engine scan C:\Users\Enrique
14:22:27.164 Disk 0 MBR has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\MBR.dat"
14:22:27.170 The log file has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\aswMBR.txt"


aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-04 14:14:20
-----------------------------
14:14:20.433 OS Version: Windows x64 6.1.7600
14:14:20.433 Number of processors: 6 586 0xA00
14:14:20.434 ComputerName: ENRIQUE-PC UserName: Enrique
14:14:21.836 Initialize success
14:14:21.871 AVAST engine defs: 12010401
14:15:08.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:15:08.877 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
14:15:08.903 Disk 0 MBR read successfully
14:15:08.905 Disk 0 MBR scan
14:15:08.907 Disk 0 unknown MBR code
14:15:08.913 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 19024 MB offset 2048
14:15:08.925 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 934843 MB offset 38963200
14:15:08.928 Service scanning
14:15:10.599 Modules scanning
14:15:10.602 Disk 0 trace - called modules:
14:15:10.620 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:15:10.623 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079fc060]
14:15:10.626 3 CLASSPNP.SYS[fffff88000dc243f] -> nt!IofCallDriver -> [0xfffffa80079189b0]
14:15:10.957 5 ACPI.sys[fffff88000f01781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079f1060]
14:15:13.369 AVAST engine scan C:\Windows
14:15:15.592 AVAST engine scan C:\Windows\system32
14:15:55.785 File: C:\Windows\system32\trz2C47.tmp **INFECTED** Win32:Sirefef-HO [Rtk]
14:15:55.818 File: C:\Windows\system32\trz3FCD.tmp **INFECTED** Win32:Sirefef-HO [Rtk]
14:16:04.906 AVAST engine scan C:\Windows\system32\drivers
14:16:11.390 AVAST engine scan C:\Users\Enrique
14:22:27.164 Disk 0 MBR has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\MBR.dat"
14:22:27.170 The log file has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\aswMBR.txt"
14:37:24.905 File: C:\Users\Enrique\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\730b441-5bb6b95d **INFECTED** Win32:MalOb-IS [Cryp]
14:41:05.064 File: C:\Users\Enrique\Documents\IVuhGfrr.exe **INFECTED** Win32:MalOb-IS [Cryp]
14:41:05.568 File: C:\Users\Enrique\Documents\sP4O1Dk5G.exe **INFECTED** Win32:MalOb-GR [Cryp]
14:41:26.652 File: C:\Users\Enrique\Documents\xAScn16P.exe **INFECTED** Win32:MalOb-GR [Cryp]
14:42:42.826 AVAST engine scan C:\ProgramData
14:43:37.988 Scan finished successfully
15:51:23.714 Disk 0 MBR has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\MBR.dat"
15:51:23.719 The log file has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\aswMBR.txt"


aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-04 14:14:20
-----------------------------
14:14:20.433 OS Version: Windows x64 6.1.7600
14:14:20.433 Number of processors: 6 586 0xA00
14:14:20.434 ComputerName: ENRIQUE-PC UserName: Enrique
14:14:21.836 Initialize success
14:14:21.871 AVAST engine defs: 12010401
14:15:08.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:15:08.877 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
14:15:08.903 Disk 0 MBR read successfully
14:15:08.905 Disk 0 MBR scan
14:15:08.907 Disk 0 unknown MBR code
14:15:08.913 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 19024 MB offset 2048
14:15:08.925 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 934843 MB offset 38963200
14:15:08.928 Service scanning
14:15:10.599 Modules scanning
14:15:10.602 Disk 0 trace - called modules:
14:15:10.620 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:15:10.623 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079fc060]
14:15:10.626 3 CLASSPNP.SYS[fffff88000dc243f] -> nt!IofCallDriver -> [0xfffffa80079189b0]
14:15:10.957 5 ACPI.sys[fffff88000f01781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079f1060]
14:15:13.369 AVAST engine scan C:\Windows
14:15:15.592 AVAST engine scan C:\Windows\system32
14:15:55.785 File: C:\Windows\system32\trz2C47.tmp **INFECTED** Win32:Sirefef-HO [Rtk]
14:15:55.818 File: C:\Windows\system32\trz3FCD.tmp **INFECTED** Win32:Sirefef-HO [Rtk]
14:16:04.906 AVAST engine scan C:\Windows\system32\drivers
14:16:11.390 AVAST engine scan C:\Users\Enrique
14:22:27.164 Disk 0 MBR has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\MBR.dat"
14:22:27.170 The log file has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\aswMBR.txt"
14:37:24.905 File: C:\Users\Enrique\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\730b441-5bb6b95d **INFECTED** Win32:MalOb-IS [Cryp]
14:41:05.064 File: C:\Users\Enrique\Documents\IVuhGfrr.exe **INFECTED** Win32:MalOb-IS [Cryp]
14:41:05.568 File: C:\Users\Enrique\Documents\sP4O1Dk5G.exe **INFECTED** Win32:MalOb-GR [Cryp]
14:41:26.652 File: C:\Users\Enrique\Documents\xAScn16P.exe **INFECTED** Win32:MalOb-GR [Cryp]
14:42:42.826 AVAST engine scan C:\ProgramData
14:43:37.988 Scan finished successfully
15:51:23.714 Disk 0 MBR has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\MBR.dat"
15:51:23.719 The log file has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\aswMBR.txt"
15:53:40.994 Disk 0 MBR has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\MBR.dat"
15:53:41.000 The log file has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\aswMBR.txt"


but still no .dat ile appears
  • 0

Advertisements

#86
om20
Posted 04 January 2012 - 06:04 PM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
oh, i found the file. i attatched it
  • 0

#87
om20
Posted 04 January 2012 - 06:06 PM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
here

Attached Files

  • Attached File  MBR.zip   590bytes   81 downloads

  • 0

#88
Render
Posted 05 January 2012 - 10:13 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please delete old Combofix.exe.

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#89
om20
Posted 05 January 2012 - 06:02 PM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
still cant dissable microsft esssentials though.


i tried everything

------------------------

ComboFix 12-01-05.02 - Enrique 01/05/2012 15:49:50.4.6 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.5678 [GMT -8:00]
Running from: c:\users\Enrique\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\k6imghcjia483ald
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-05 23:55 . 2012-01-05 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-31 07:49 . 2011-12-31 07:49 -------- d-----w- c:\program files\iPod
2011-12-31 07:49 . 2011-12-31 07:49 -------- d-----w- c:\program files\iTunes
2011-12-31 07:49 . 2011-12-31 07:49 -------- d-----w- c:\program files (x86)\iTunes
2011-12-31 07:48 . 2011-12-31 07:48 -------- d-----w- c:\program files\Bonjour
2011-12-31 07:45 . 2011-12-31 07:45 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-12-28 21:08 . 2009-07-14 01:39 54272 ----a-w- c:\windows\system32\trz3FCD.tmp
2011-12-26 03:10 . 2009-07-14 01:39 54272 ----a-w- c:\windows\system32\trz2C47.tmp
2011-12-17 18:31 . 2011-12-17 18:31 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-12-17 18:31 . 2011-12-17 18:31 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-12-16 04:45 . 2012-01-05 23:38 946 ----a-w- C:\FixitRegBackup.reg
2011-12-14 17:20 . 2011-12-14 17:20 -------- d-----w- C:\_OTL
2011-12-12 01:43 . 2011-12-12 01:43 -------- d-----w- c:\programdata\Kaspersky Lab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 23:24 . 2011-05-30 06:58 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-26 13:24 . 2011-09-28 01:24 44 ---h--w- c:\program files (x86)\d11a7636.tmp
2009-05-15 06:15 . 2009-05-15 06:15 5719400 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-05-15 06:15 . 2009-05-15 06:15 4397928 ----a-w- c:\program files\Common Files\adlmint.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-15_17.35.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-31 07:05 . 2011-08-31 07:05 50536 c:\windows\SysWOW64\jdns_sd.dll
+ 2011-08-31 07:05 . 2011-08-31 07:05 73064 c:\windows\SysWOW64\dnssd.dll
+ 2011-08-31 07:05 . 2011-08-31 07:05 83816 c:\windows\SysWOW64\dns-sd.exe
+ 2009-07-14 04:54 . 2012-01-05 23:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-15 17:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-05 23:57 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-15 17:35 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-05 23:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-15 17:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-05 18:23 . 2012-01-05 18:25 65980 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-05 18:25 42546 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-14 19:54 . 2012-01-05 18:25 11764 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3354869186-130629379-3507963822-1001_UserData.bin
+ 2011-08-31 07:05 . 2011-08-31 07:05 61288 c:\windows\system32\jdns_sd.dll
+ 2009-07-14 05:30 . 2011-12-31 07:48 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-12-05 06:03 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-08-03 01:38 . 2011-08-03 01:38 51712 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_f9d62789100b9e9b\usbaapl64.sys
+ 2011-08-03 01:38 . 2011-08-03 01:38 22528 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_dc2cbd989eec1514\netaapl64.sys
- 2010-12-15 02:51 . 2010-12-15 02:51 51712 c:\windows\system32\drivers\usbaapl64.sys
+ 2011-08-03 01:38 . 2011-08-03 01:38 51712 c:\windows\system32\drivers\usbaapl64.sys
+ 2011-08-31 07:05 . 2011-08-31 07:05 85864 c:\windows\system32\dnssd.dll
+ 2011-08-31 07:05 . 2011-08-31 07:05 96104 c:\windows\system32\dns-sd.exe
- 2010-12-14 21:35 . 2011-12-15 16:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-14 21:35 . 2011-12-27 23:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-15 07:06 . 2011-12-15 16:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-27 23:16 . 2011-12-27 23:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-27 23:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-15 16:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-14 19:56 . 2011-12-15 17:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-14 19:56 . 2012-01-05 23:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-01-04 21:13 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-12-14 19:56 . 2012-01-05 23:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-14 19:56 . 2011-12-15 17:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-14 19:56 . 2011-12-15 17:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-14 19:56 . 2012-01-05 23:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-14 19:56 . 2012-01-05 23:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-14 19:56 . 2011-12-15 17:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-14 19:56 . 2011-12-15 17:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-14 19:56 . 2012-01-05 23:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-31 07:45 . 2011-12-31 07:45 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
- 2011-12-15 17:34 . 2011-12-15 17:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-05 23:56 . 2012-01-05 23:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-15 17:34 . 2011-12-15 17:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-05 23:56 . 2012-01-05 23:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-31 07:05 . 2011-08-31 07:05 178536 c:\windows\SysWOW64\dnssdX.dll
- 2009-07-14 02:36 . 2011-12-05 05:58 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-05 07:08 623940 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-05 05:58 106316 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-05 07:08 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2011-12-05 06:03 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-12-31 07:48 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-12-31 07:48 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-12-05 06:03 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-08-31 07:05 . 2011-08-31 07:05 212840 c:\windows\system32\dnssdX.dll
+ 2009-07-14 05:12 . 2011-12-19 00:38 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-06-29 17:06 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-12-15 17:33 534672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-05 23:55 534672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-31 07:49 . 2011-12-31 07:49 380928 c:\windows\Installer\{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}\iTunesIco.exe
+ 2011-12-19 21:48 . 2011-12-19 21:48 295606 c:\windows\Installer\{AC76BA86-7AD7-5760-0000-900000000003}\ARPPRODUCTICON.exe
+ 2011-09-14 12:54 . 2011-09-14 12:54 236904 c:\windows\Installer\$PatchCache$\Managed\638401577CACE4443AE9F3455191245F\4.0.0\OutlookChangeNotifierAddIn_x64.dll
+ 2011-09-14 12:54 . 2011-09-14 12:54 227176 c:\windows\Installer\$PatchCache$\Managed\638401577CACE4443AE9F3455191245F\4.0.0\OutlookChangeNotifierAddIn.dll
+ 2011-08-03 01:38 . 2011-08-03 01:38 4517664 c:\windows\system32\usbaaplrc.dll
+ 2011-08-03 01:38 . 2011-08-03 01:38 4517664 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_f9d62789100b9e9b\usbaaplrc.dll
+ 2010-04-20 03:29 . 2010-04-20 03:29 1721576 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_dc2cbd989eec1514\wdfcoinstaller01009.dll
+ 2011-09-20 08:30 . 2011-12-20 00:33 4693816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3354869186-130629379-3507963822-1001-12288.dat
+ 2011-12-31 07:46 . 2011-12-31 07:46 2682368 c:\windows\Installer\25179fa.msi
+ 2011-12-31 07:45 . 2011-12-31 07:45 2323456 c:\windows\Installer\2517864.msi
+ 2009-07-14 02:34 . 2012-01-05 20:49 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-12-15 17:07 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-01-04 01:57 . 2012-01-05 23:55 48215312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3354869186-130629379-3507963822-1001-8192.dat
+ 2011-12-31 07:48 . 2011-12-31 07:48 44934656 c:\windows\Installer\251834e.msi
+ 2011-12-31 07:46 . 2011-12-31 07:46 11081728 c:\windows\Installer\2517a58.msi
+ 2011-12-31 07:46 . 2011-12-31 07:46 20304896 c:\windows\Installer\251798c.msi
+ 2011-11-08 06:49 . 2011-11-08 06:49 10486272 c:\windows\Installer\111de.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-04 14944136]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"Facebook Update"="c:\users\Enrique\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-05 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-16 2245120]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-18 98304]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2011-02-08 63360]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"AddressBookReminderApp"="c:\program files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe" [2009-08-31 144672]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-25 981680]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 136176]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-25 1315592]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-08 517632]
S2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2010-07-27 315392]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001Core.job
- c:\users\Enrique\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 18:47]
.
2012-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001UA.job
- c:\users\Enrique\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 18:47]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 19:57]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 19:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1424896]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:71,03,ea,f7,a1,12,49,52,79,36,dd,41,c5,09,43,4d,d6,e8,a2,fe,f4,
50,52,6b,8f,1b,fd,b3,2e,89,7f,f2,a9,dd,da,06,8f,8a,c7,91,39,e6,b7,d7,82,3c,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SysWOW64\runonce.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2012-01-05 16:00:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-06 00:00
ComboFix2.txt 2011-12-18 22:42
ComboFix3.txt 2011-12-15 17:39
ComboFix4.txt 2011-12-15 06:06
.
Pre-Run: 836,530,749,440 bytes free
Post-Run: 836,294,041,600 bytes free
.
- - End Of File - - 9A2E7EB89DCE902303AFDD6B59679E8D
  • 0

#90
Render
Posted 06 January 2012 - 08:43 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\trz3FCD.tmp
c:\windows\system32\trz2C47.tmp
C:\Users\Enrique\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\730b441-5bb6b95d
C:\Users\Enrique\Documents\IVuhGfrr.exe
C:\Users\Enrique\Documents\sP4O1Dk5G.exe
C:\Users\Enrique\Documents\xAScn16P.exe

Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP