Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojans, Malware and Sirefef [Solved]


  • This topic is locked This topic is locked

#1
Surandil

Surandil

    New Member

  • Member
  • Pip
  • 4 posts
Got a bunch of stuff to report.

I admit, I've been remiss. I've been running my computer without an antivirus for a long while now, and upon deciding to install one and scan my system, it yielded the following:

Posted Image

My PC is kind of sluggish, but other than that, there are no symptoms. I'd just like to be rid of a needless worry. MBAM is not yet installed.

I used Avast to detect these; so far I've not taken any steps out of fear of damaging my PC. I considered moving them to the "chest," but I'm not really sure.

My OTL log follows:

OTL logfile created on: 6/23/2012 5:55:37 PM - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = D:\
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 48.65% Memory free
8.00 Gb Paging File | 5.92 Gb Available in Paging File | 73.98% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29.20 Gb Total Space | 0.70 Gb Free Space | 2.41% Space Free | Partition Type: NTFS
Drive D: | 436.37 Gb Total Space | 86.66 Gb Free Space | 19.86% Space Free | Partition Type: NTFS
Drive F: | 4.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: THEBEASTOFFABY | User Name: Faby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/23 17:55:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2012/06/17 10:37:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/13 11:06:56 | 003,481,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012/01/03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/22 02:18:08 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/17 10:37:40 | 002,042,848 | ---- | M] () -- D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/05 20:39:03 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011/08/22 02:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/08/22 02:18:06 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
MOD - [2009/07/14 04:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/14 04:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/12 17:37:04 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/17 10:37:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/12 19:49:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012/05/05 20:39:03 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/26 12:17:16 | 009,665,536 | ---- | M] () [On_Demand | Stopped] -- d:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/09/26 12:06:54 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- d:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/06/12 18:59:38 | 010,492,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/12 17:39:04 | 000,089,600 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/06/12 16:39:04 | 000,408,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/06 18:37:22 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012/05/06 18:37:22 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012/03/07 02:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/07 02:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/07 02:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/07 02:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/07 02:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/02/10 09:32:52 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/09 09:06:36 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/03/11 09:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 09:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/02/18 20:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 04:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 23:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/19 17:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/19 17:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/19 17:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/01/25 23:04:30 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Quintessential Media Player\cdrpdacc.sys -- (CDRPDACC) Quinnware CDDA Driver (by InfinaDyne)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B E7 07 FE 2B EF CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Faby\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Faby\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 10:37:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/19 10:30:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faby\AppData\Roaming\Mozilla\Extensions
[2012/05/02 23:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faby\AppData\Roaming\Mozilla\Firefox\Profiles\xt1s9mdp.default\extensions
[2012/02/10 09:21:04 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Faby\AppData\Roaming\Mozilla\Firefox\Profiles\xt1s9mdp.default\extensions\[email protected]
[2012/02/19 10:32:43 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Faby\AppData\Roaming\Mozilla\Firefox\Profiles\xt1s9mdp.default\extensions\[email protected]
[2012/02/19 10:32:43 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\FABY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XT1S9MDP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Faby\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Faby\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Faby\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Faby\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Faby\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Faby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Faby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Faby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/22 00:45:35 | 000,613,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16306 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [LG LinkAir] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEDD4986-1859-4746-929A-F94429331EEC}: NameServer = 193.231.252.221 213.154.124.221
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/14 16:43:20 | 000,112,134 | ---- | M] () - D:\Autodesk.3ds.Max.2009.32bit.64bit.4135837.TPB.torrent -- [ NTFS ]
O32 - AutoRun File - [2012/04/21 14:00:09 | 001,786,606 | ---- | M] () - D:\Automagic_Bags-22414-4-03.7z -- [ NTFS ]
O32 - AutoRun File - [2011/10/27 20:15:26 | 000,000,000 | ---D | M] - D:\autopatcher_0001 -- [ NTFS ]
O32 - AutoRun File - [2011/10/27 20:15:20 | 000,066,266 | ---- | M] () - D:\autopatcher_0001.zip -- [ NTFS ]
O32 - AutoRun File - [2012/06/22 15:35:47 | 000,000,000 | ---D | M] - D:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2012/06/22 15:35:41 | 000,535,170 | ---- | M] () - D:\Autoruns.zip -- [ NTFS ]
O32 - AutoRun File - [2005/11/21 20:26:21 | 000,000,057 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009/07/17 01:13:07 | 001,246,440 | R--- | M] (BioWare) - G:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/04/14 06:17:18 | 000,000,058 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{18cc0797-6152-11e1-99d1-0025229912c9}\Shell - "" = AutoRun
O33 - MountPoints2\{18cc0797-6152-11e1-99d1-0025229912c9}\Shell\AutoRun\command - "" = H:\LGAutoRun.exe
O33 - MountPoints2\{f4b7f1e8-53ad-11e1-821b-0025229912c9}\Shell - "" = AutoRun
O33 - MountPoints2\{f4b7f1e8-53ad-11e1-821b-0025229912c9}\Shell\AutoRun\command - "" = F:\OblivionLauncher.exe -- [2006/02/27 17:15:50 | 001,662,976 | R--- | M] (Bethesda Softworks)
O33 - MountPoints2\{f4b7f1ec-53ad-11e1-821b-0025229912c9}\Shell - "" = AutoRun
O33 - MountPoints2\{f4b7f1ec-53ad-11e1-821b-0025229912c9}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2009/07/17 01:13:07 | 001,246,440 | R--- | M] (BioWare)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 15:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/23 15:04:56 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/23 15:04:56 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/23 15:04:55 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/06/23 15:04:55 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/06/23 15:04:54 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/23 15:04:54 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/23 15:04:36 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/06/23 15:04:36 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/23 15:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/22 15:31:58 | 000,231,936 | ---- | C] (Ufasoft) -- C:\Windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\L\[email protected]
[2012/06/22 15:28:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 15:28:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/22 15:28:55 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/20 20:14:03 | 000,000,000 | ---D | C] -- C:\Users\Faby\AppData\Local\Turbine
[2012/06/20 20:13:55 | 000,000,000 | ---D | C] -- D:\mydocs\The Lord of the Rings Online
[2012/06/20 20:13:55 | 000,000,000 | ---D | C] -- C:\Users\Faby\AppData\Local\The Lord of the Rings Online
[2012/06/20 18:50:01 | 000,000,000 | ---D | C] -- C:\Users\Faby\AppData\Local\ApplicationHistory
[2012/06/20 18:48:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012/06/20 18:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
[2012/06/20 16:31:54 | 000,000,000 | ---D | C] -- C:\Users\Faby\AppData\Local\PMB Files
[2012/06/20 16:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/06/20 16:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/06/18 17:11:53 | 000,000,000 | ---D | C] -- C:\Users\Faby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012/06/18 11:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Origins
[2012/06/17 20:48:57 | 000,000,000 | ---D | C] -- C:\Users\Faby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/06/17 20:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/06/17 20:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/06/17 20:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/06/17 20:38:02 | 000,070,144 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_9.00.dll
[2012/06/17 20:37:59 | 000,532,992 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/06/17 20:37:59 | 000,239,616 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/06/17 20:37:59 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/06/17 20:37:58 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/06/17 17:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2012/06/17 17:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2012/06/17 17:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2012/06/07 09:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/07 09:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/02 16:57:48 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2012/06/02 16:57:29 | 000,000,000 | ---D | C] -- C:\Users\Faby\AppData\Roaming\IObit
[2012/06/02 16:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2012/05/30 19:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7capture
[2012/05/29 19:42:26 | 000,000,000 | ---D | C] -- C:\Users\Faby\AppData\Roaming\atitray
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/23 17:41:37 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 17:41:37 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 17:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/23 17:23:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-395785932-3785786316-1977508548-1000UA.job
[2012/06/23 15:04:57 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/23 15:04:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/23 13:46:56 | 000,791,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/23 13:46:56 | 000,668,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/23 13:46:56 | 000,124,534 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/23 13:42:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/23 12:23:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-395785932-3785786316-1977508548-1000Core.job
[2012/06/20 20:14:06 | 000,000,092 | ---- | M] () -- C:\Users\Faby\AppData\Local\fusioncache.dat
[2012/06/20 18:49:41 | 000,807,198 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/20 18:48:21 | 000,000,588 | ---- | M] () -- C:\Users\Faby\Desktop\The Lord of the Rings Online.lnk
[2012/06/18 17:11:53 | 000,000,765 | ---- | M] () -- C:\Users\Faby\Desktop\MSI Afterburner.lnk
[2012/06/18 11:23:57 | 000,000,581 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Age Origins.lnk
[2012/06/12 20:40:56 | 000,221,696 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
[2012/06/12 17:46:16 | 000,291,744 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/06/12 17:46:16 | 000,291,744 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/06/12 17:37:50 | 000,532,992 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/06/12 17:37:04 | 000,239,616 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/06/12 17:35:42 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/06/12 17:35:28 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/06/12 17:25:56 | 000,070,144 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_9.00.dll
[2012/06/12 17:15:58 | 000,053,248 | ---- | M] () -- C:\Windows\SysNative\amdverag.dll
[2012/06/12 16:48:16 | 002,981,504 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/06/12 16:48:16 | 000,026,936 | ---- | M] () -- C:\Windows\SysWow64\ativvsnl.dat
[2012/06/12 16:48:16 | 000,026,936 | ---- | M] () -- C:\Windows\SysNative\ativvsnl.dat
[2012/06/12 16:48:16 | 000,000,025 | ---- | M] () -- C:\Windows\SysWow64\ativvsny.dat
[2012/06/12 16:48:16 | 000,000,025 | ---- | M] () -- C:\Windows\SysNative\ativvsny.dat
[2012/06/12 16:41:28 | 003,016,640 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/06/12 10:24:26 | 000,002,354 | ---- | M] () -- C:\Users\Faby\Desktop\Google Chrome.lnk
[2012/06/07 13:44:11 | 000,328,995 | ---- | M] () -- D:\mydocs\Untitled.png
[2012/05/30 22:16:12 | 000,032,600 | ---- | M] () -- D:\mydocs\robberry.rtf
[2012/05/30 21:57:26 | 000,034,779 | ---- | M] () -- D:\mydocs\badandgoodpoints.rtf
[2012/05/29 09:28:31 | 004,994,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/23 15:04:57 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/23 15:04:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/22 15:30:16 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\U\[email protected]
[2012/06/22 15:30:13 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\U\[email protected]
[2012/06/22 15:30:12 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\U\[email protected]
[2012/06/22 15:30:06 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\U\[email protected]
[2012/06/22 15:30:06 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\U\[email protected]
[2012/06/22 15:30:06 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\U\[email protected]
[2012/06/22 15:30:06 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\L\[email protected]
[2012/06/20 20:14:06 | 000,000,092 | ---- | C] () -- C:\Users\Faby\AppData\Local\fusioncache.dat
[2012/06/20 18:48:21 | 000,000,588 | ---- | C] () -- C:\Users\Faby\Desktop\The Lord of the Rings Online.lnk
[2012/06/18 17:11:53 | 000,000,765 | ---- | C] () -- C:\Users\Faby\Desktop\MSI Afterburner.lnk
[2012/06/18 11:23:57 | 000,000,581 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Age Origins.lnk
[2012/06/17 20:43:30 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switchable Graphics.lnk
[2012/06/17 20:38:02 | 000,053,248 | ---- | C] () -- C:\Windows\SysNative\amdverag.dll
[2012/06/17 20:37:58 | 000,632,252 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2012/06/17 20:37:58 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2012/06/17 20:37:58 | 000,026,936 | ---- | C] () -- C:\Windows\SysNative\ativvsnl.dat
[2012/06/17 20:37:58 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2012/06/17 20:37:58 | 000,000,025 | ---- | C] () -- C:\Windows\SysNative\ativvsny.dat
[2012/06/17 20:37:55 | 003,016,640 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/06/17 20:37:55 | 002,981,504 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/06/17 20:37:55 | 000,291,744 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/06/17 20:37:55 | 000,291,744 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/06/17 20:37:55 | 000,038,177 | ---- | C] () -- C:\Windows\atiogl.xml
[2012/06/12 20:40:56 | 000,221,696 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2012/06/07 13:44:08 | 000,328,995 | ---- | C] () -- D:\mydocs\Untitled.png
[2012/06/02 16:57:29 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2012/05/30 22:16:10 | 000,032,600 | ---- | C] () -- D:\mydocs\robberry.rtf
[2012/05/30 21:57:24 | 000,034,779 | ---- | C] () -- D:\mydocs\badandgoodpoints.rtf
[2012/04/28 12:13:34 | 000,003,584 | ---- | C] () -- C:\Users\Faby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/27 11:04:03 | 000,000,132 | ---- | C] () -- C:\Users\Faby\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/04/23 22:51:02 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/04/23 22:50:56 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012/04/23 22:50:56 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012/04/13 11:09:41 | 000,807,198 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/08 16:39:36 | 000,000,000 | ---- | C] () -- C:\Windows\zSpy.INI
[2012/04/08 16:00:24 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/03/09 07:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 07:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/19 20:24:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/19 16:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/09/13 02:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/05 02:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys

========== LOP Check ==========

[2012/04/16 19:08:20 | 000,000,000 | ---D | M] -- C:\Users\Faby\AppData\Roaming\Auslogics
[2012/06/17 17:25:30 | 000,000,000 | ---D | M] -- C:\Users\Faby\AppData\Roaming\DAEMON Tools Lite
[2012/06/02 16:57:29 | 000,000,000 | ---D | M] -- C:\Users\Faby\AppData\Roaming\IObit
[2012/03/12 18:55:54 | 000,000,000 | ---D | M] -- C:\Users\Faby\AppData\Roaming\JAM Software
[2012/02/19 11:52:50 | 000,000,000 | ---D | M] -- C:\Users\Faby\AppData\Roaming\OpenOffice.org
[2012/06/17 17:41:19 | 000,000,000 | ---D | M] -- C:\Users\Faby\AppData\Roaming\uTorrent
[2012/03/26 22:25:18 | 000,000,000 | ---D | M] -- C:\Users\Faby\AppData\Roaming\Youtube Downloader HD
[2012/04/28 10:20:43 | 000,000,000 | ---D | M] -- C:\Users\Faby\AppData\Roaming\Youtube to MP3 Converter
[2012/05/07 13:53:28 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\«??2:????»Beta?????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\《崛起2:黑暗水域》Beta破解硬盘版

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there once both of these fixes have run can you let me know how the computer is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

    :Files
    ipconfig /flushdns /c
    C:\Windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
Surandil

Surandil

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Unfortunately, I forgot to save the OTL log the program had generated before ComboFix came in and did its job. Should I rescan my PC with OTL now that I've used ComboFix?

My computer's running fine.

At any rate, here's the ComboFix log:

ComboFix 12-06-23.05 - Faby 06/23/2012 21:05:35.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2497 [GMT 3:00]
Running from: c:\users\Faby\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\@
c:\windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\L\[email protected]
c:\windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\L\[email protected]
c:\windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\U\[email protected]
c:\windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\U\[email protected]
c:\windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\U\[email protected]
c:\windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\U\8000000[email protected]
c:\windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\U\[email protected]
c:\windows\Installer\{078c57e9-43d4-28ac-e062-60dc7727fc29}\U\[email protected]
D:\g2mdk-2.6_small.exe
D:\g2mdk-2.6a(1).exe
D:\g2mdk-2.6a.exe
D:\gothic_patch_108k.exe
D:\gothic2_fix-2.6.0.0-rev2.exe
D:\install.exe
D:\setup.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 18:09 . 2012-06-23 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 17:54 . 2012-06-23 17:54 -------- d-----w- c:\users\Faby\AppData\Local\Macromedia
2012-06-23 17:41 . 2012-06-23 17:41 -------- d-----w- c:\users\Faby\AppData\Roaming\Malwarebytes
2012-06-23 17:41 . 2012-06-23 17:41 -------- d-----w- c:\programdata\Malwarebytes
2012-06-23 17:41 . 2012-04-04 12:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 14:41 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{25B9763C-DC6E-42CD-8A71-C7631C08B6E6}\mpengine.dll
2012-06-23 12:04 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-23 12:04 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-23 12:04 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-23 12:04 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-23 12:04 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-23 12:04 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-23 12:04 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-23 12:04 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-06-23 12:04 . 2012-06-23 12:04 -------- d-----w- c:\programdata\AVAST Software
2012-06-20 17:14 . 2012-06-20 17:14 -------- d-----w- c:\users\Faby\AppData\Local\Turbine
2012-06-20 17:13 . 2012-06-20 17:13 -------- d-----w- c:\users\Faby\AppData\Local\The Lord of the Rings Online
2012-06-20 15:50 . 2012-06-20 17:14 -------- d-----w- c:\users\Faby\AppData\Local\ApplicationHistory
2012-06-20 15:48 . 2012-06-20 15:48 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-06-20 13:31 . 2012-06-20 16:24 -------- d-----w- c:\users\Faby\AppData\Local\PMB Files
2012-06-20 13:31 . 2012-06-20 13:33 -------- d-----w- c:\programdata\PMB Files
2012-06-20 13:31 . 2012-06-20 13:31 -------- d-----w- c:\program files (x86)\Pando Networks
2012-06-17 17:48 . 2012-06-17 17:48 -------- d-----w- c:\programdata\ATI
2012-06-17 17:43 . 2012-06-17 17:43 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-17 17:38 . 2012-06-12 14:37 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-06-17 17:38 . 2012-06-12 14:25 70144 ----a-w- c:\windows\system32\coinst_9.00.dll
2012-06-17 17:38 . 2012-06-12 14:15 53248 ----a-w- c:\windows\system32\amdverag.dll
2012-06-17 17:38 . 2012-06-12 15:59 10492928 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-17 17:38 . 2012-06-12 14:39 89600 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-06-17 17:38 . 2012-06-12 13:39 408064 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-17 14:48 . 2012-06-18 08:35 -------- d-----w- c:\programdata\BioWare
2012-06-17 14:36 . 2012-06-17 14:36 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2012-06-17 14:36 . 2012-06-18 08:24 -------- d-----w- c:\programdata\Media Center Programs
2012-06-17 14:27 . 2012-06-18 08:23 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-06-12 17:40 . 2012-06-12 17:40 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-06-12 17:40 . 2012-06-12 17:40 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-12 17:40 . 2012-06-12 17:40 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-12 17:40 . 2012-06-12 17:40 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-12 17:40 . 2012-06-12 17:40 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-12 17:40 . 2012-06-12 17:40 32934400 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-12 17:35 . 2012-06-12 17:35 27676160 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-07 06:09 . 2012-06-17 13:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-02 13:57 . 2012-05-08 15:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-06-02 13:57 . 2012-06-02 13:57 -------- d-----w- c:\users\Faby\AppData\Roaming\IObit
2012-06-02 13:57 . 2010-11-26 15:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-05-29 16:42 . 2012-05-29 16:42 -------- d-----w- c:\users\Faby\AppData\Roaming\atitray
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 17:39 . 2012-04-02 05:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 17:39 . 2012-02-19 07:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-12 14:42 . 2012-04-06 02:21 924672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-12 14:41 . 2011-12-06 03:16 1101824 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-12 14:17 . 2011-12-06 02:51 7026176 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-12 13:59 . 2012-04-06 01:34 5529600 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-12 13:50 . 2011-12-06 02:24 6673920 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-12 13:49 . 2011-12-06 02:39 3092480 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-12 13:42 . 2012-04-06 01:22 2670592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-12 13:39 . 2011-12-06 02:13 573952 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-12 13:38 . 2011-12-06 02:11 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-12 13:37 . 2012-04-06 01:09 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-12 13:37 . 2011-12-06 02:11 102912 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-12 13:37 . 2012-04-06 01:09 82432 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-05-06 15:37 . 2012-02-10 08:15 35328 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-05-06 15:37 . 2012-02-10 08:15 303616 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-04-23 19:50 . 2012-04-23 19:51 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
2012-04-23 19:50 . 2012-04-23 19:50 61440 ----a-w- c:\windows\SysWow64\nvPhotoshopUtil.dll
2012-04-23 19:50 . 2012-04-23 19:50 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
2012-04-06 02:16 . 2011-12-06 03:12 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-03-15 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2012-03-15 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-12 642728]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;d:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-12 361984]
S2 AODDriver4.2;AODDriver4.2;d:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4b7f1e8-53ad-11e1-821b-0025229912c9}]
\shell\AutoRun\command - F:\OblivionLauncher.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4b7f1ec-53ad-11e1-821b-0025229912c9}]
\shell\AutoRun\command - G:\autorun.exe -auto
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:39]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-395785932-3785786316-1977508548-1000Core.job
- c:\users\Faby\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 20:13]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-395785932-3785786316-1977508548-1000UA.job
- c:\users\Faby\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 20:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- d:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{EEDD4986-1859-4746-929A-F94429331EEC}: NameServer = 193.231.252.221 213.154.124.221
FF - ProfilePath - c:\users\Faby\AppData\Roaming\Mozilla\Firefox\Profiles\xt1s9mdp.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-LG LinkAir - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-395785932-3785786316-1977508548-1000\Software\SecuROM\License information*]
"datasecu"=hex:dc,39,22,1e,94,1e,2e,27,c2,1c,36,50,33,69,f3,dd,fd,8b,b7,c3,fa,
37,5f,db,9e,da,94,70,1e,0a,ce,7a,cf,45,52,39,98,f5,8e,a7,2d,34,cc,4f,3f,5d,\
"rkeysecu"=hex:10,6e,b2,bd,49,0d,3d,26,2e,3d,48,71,4b,32,ca,07
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-06-23 21:14:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 18:14
.
Pre-Run: 1,883,312,128 bytes free
Post-Run: 1,672,749,056 bytes free
.
- - End Of File - - E304A8FB4EB88819BA104DF0956BAE2D

Edited by Surandil, 23 June 2012 - 12:20 PM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like we are nearly done .. How is the computer behaving ?

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll|c:\windows\system32\user32.dll
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll|c:\windows\SysWOW64\user32.dll

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0

#5
Surandil

Surandil

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Computer's running quite well.

ComboFix 12-06-23.05 - Faby 06/23/2012 22:05:29.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2955 [GMT 3:00]
Running from: c:\users\Faby\Desktop\ComboFix.exe
Command switches used :: c:\users\Faby\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --> c:\windows\system32\user32.dll
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWOW64\user32.dll
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 19:08 . 2012-06-23 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 17:54 . 2012-06-23 17:54 -------- d-----w- c:\users\Faby\AppData\Local\Macromedia
2012-06-23 17:41 . 2012-06-23 17:41 -------- d-----w- c:\users\Faby\AppData\Roaming\Malwarebytes
2012-06-23 17:41 . 2012-06-23 17:41 -------- d-----w- c:\programdata\Malwarebytes
2012-06-23 17:41 . 2012-04-04 12:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 14:41 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{25B9763C-DC6E-42CD-8A71-C7631C08B6E6}\mpengine.dll
2012-06-23 12:04 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-23 12:04 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-23 12:04 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-23 12:04 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-23 12:04 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-23 12:04 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-23 12:04 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-23 12:04 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-06-23 12:04 . 2012-06-23 12:04 -------- d-----w- c:\programdata\AVAST Software
2012-06-20 17:14 . 2012-06-20 17:14 -------- d-----w- c:\users\Faby\AppData\Local\Turbine
2012-06-20 17:13 . 2012-06-20 17:13 -------- d-----w- c:\users\Faby\AppData\Local\The Lord of the Rings Online
2012-06-20 15:50 . 2012-06-20 17:14 -------- d-----w- c:\users\Faby\AppData\Local\ApplicationHistory
2012-06-20 15:48 . 2012-06-20 15:48 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-06-20 13:31 . 2012-06-20 16:24 -------- d-----w- c:\users\Faby\AppData\Local\PMB Files
2012-06-20 13:31 . 2012-06-20 13:33 -------- d-----w- c:\programdata\PMB Files
2012-06-20 13:31 . 2012-06-20 13:31 -------- d-----w- c:\program files (x86)\Pando Networks
2012-06-17 17:48 . 2012-06-17 17:48 -------- d-----w- c:\programdata\ATI
2012-06-17 17:43 . 2012-06-17 17:43 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-17 17:38 . 2012-06-12 14:37 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-06-17 17:38 . 2012-06-12 14:25 70144 ----a-w- c:\windows\system32\coinst_9.00.dll
2012-06-17 17:38 . 2012-06-12 14:15 53248 ----a-w- c:\windows\system32\amdverag.dll
2012-06-17 17:38 . 2012-06-12 15:59 10492928 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-17 17:38 . 2012-06-12 14:39 89600 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-06-17 17:38 . 2012-06-12 13:39 408064 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-17 14:48 . 2012-06-18 08:35 -------- d-----w- c:\programdata\BioWare
2012-06-17 14:36 . 2012-06-17 14:36 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2012-06-17 14:36 . 2012-06-18 08:24 -------- d-----w- c:\programdata\Media Center Programs
2012-06-17 14:27 . 2012-06-18 08:23 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-06-12 17:40 . 2012-06-12 17:40 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-06-12 17:40 . 2012-06-12 17:40 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-12 17:40 . 2012-06-12 17:40 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-12 17:40 . 2012-06-12 17:40 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-12 17:40 . 2012-06-12 17:40 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-12 17:40 . 2012-06-12 17:40 32934400 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-12 17:35 . 2012-06-12 17:35 27676160 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-07 06:09 . 2012-06-17 13:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-02 13:57 . 2012-05-08 15:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-06-02 13:57 . 2012-06-02 13:57 -------- d-----w- c:\users\Faby\AppData\Roaming\IObit
2012-06-02 13:57 . 2010-11-26 15:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-05-29 16:42 . 2012-05-29 16:42 -------- d-----w- c:\users\Faby\AppData\Roaming\atitray
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 17:39 . 2012-04-02 05:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 17:39 . 2012-02-19 07:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-12 14:42 . 2012-04-06 02:21 924672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-12 14:41 . 2011-12-06 03:16 1101824 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-12 14:17 . 2011-12-06 02:51 7026176 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-12 13:59 . 2012-04-06 01:34 5529600 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-12 13:50 . 2011-12-06 02:24 6673920 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-12 13:49 . 2011-12-06 02:39 3092480 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-12 13:42 . 2012-04-06 01:22 2670592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-12 13:39 . 2011-12-06 02:13 573952 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-12 13:38 . 2011-12-06 02:11 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-12 13:37 . 2012-04-06 01:09 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-12 13:37 . 2011-12-06 02:11 102912 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-12 13:37 . 2012-04-06 01:09 82432 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-05-06 15:37 . 2012-02-10 08:15 35328 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-05-06 15:37 . 2012-02-10 08:15 303616 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-04-23 19:50 . 2012-04-23 19:51 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
2012-04-23 19:50 . 2012-04-23 19:50 61440 ----a-w- c:\windows\SysWow64\nvPhotoshopUtil.dll
2012-04-23 19:50 . 2012-04-23 19:50 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
2012-04-06 02:16 . 2011-12-06 03:12 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
.
.
((((((((((((((((((((((((((((( [email protected]_18.10.36 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-23 17:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-23 18:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-23 17:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-23 18:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-23 18:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-23 17:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-10 06:25 . 2012-06-23 18:12 28910 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-23 18:12 29038 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-19 08:30 . 2012-06-23 18:12 8786 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-395785932-3785786316-1977508548-1000_UserData.bin
- 2009-07-14 02:36 . 2012-06-23 17:56 668348 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-23 18:15 668348 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-23 17:56 124534 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-23 18:15 124534 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-12 642728]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;d:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-12 361984]
S2 AODDriver4.2;AODDriver4.2;d:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:39]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-395785932-3785786316-1977508548-1000Core.job
- c:\users\Faby\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 20:13]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-395785932-3785786316-1977508548-1000UA.job
- c:\users\Faby\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 20:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- d:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{EEDD4986-1859-4746-929A-F94429331EEC}: NameServer = 193.231.252.221 213.154.124.221
FF - ProfilePath - c:\users\Faby\AppData\Roaming\Mozilla\Firefox\Profiles\xt1s9mdp.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-395785932-3785786316-1977508548-1000\Software\SecuROM\License information*]
"datasecu"=hex:dc,39,22,1e,94,1e,2e,27,c2,1c,36,50,33,69,f3,dd,fd,8b,b7,c3,fa,
37,5f,db,9e,da,94,70,1e,0a,ce,7a,cf,45,52,39,98,f5,8e,a7,2d,34,cc,4f,3f,5d,\
"rkeysecu"=hex:10,6e,b2,bd,49,0d,3d,26,2e,3d,48,71,4b,32,ca,07
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-23 22:12:04
ComboFix-quarantined-files.txt 2012-06-23 19:12
ComboFix2.txt 2012-06-23 18:14
.
Pre-Run: 1,500,532,736 bytes free
Post-Run: 1,452,421,120 bytes free
.
- - End Of File - - FBB716FDEA8EFF0380122DEEA39F5E88
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That now looks good, I would recommend that you keep an antivirus on your system at all times

A final sweep for orphans I feel

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
Surandil

Surandil

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Okay :D Thanks a great big bunch for all the help you've given me.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.23.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Faby :: THEBEASTOFFABY [administrator]

6/23/2012 10:47:57 PM
mbam-log-2012-06-23 (22-47-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 209247
Time elapsed: 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP